Warning: Permanently added '10.128.0.131' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program syzkaller login: [ 56.631568][ T9] [ 56.633958][ T9] ====================================================== [ 56.640979][ T9] WARNING: possible circular locking dependency detected [ 56.648010][ T9] 6.1.90-syzkaller #0 Not tainted [ 56.653013][ T9] ------------------------------------------------------ [ 56.660014][ T9] kworker/u4:0/9 is trying to acquire lock: [ 56.665886][ T9] ffff88807d6800f8 (&htab->buckets[i].lock){+.-.}-{2:2}, at: sock_hash_delete_elem+0x177/0x400 [ 56.676258][ T9] [ 56.676258][ T9] but task is already holding lock: [ 56.683625][ T9] ffff88807e819290 (&psock->link_lock){+...}-{2:2}, at: sock_map_unref+0xcc/0x5d0 [ 56.692841][ T9] [ 56.692841][ T9] which lock already depends on the new lock. [ 56.692841][ T9] [ 56.703229][ T9] [ 56.703229][ T9] the existing dependency chain (in reverse order) is: [ 56.712238][ T9] [ 56.712238][ T9] -> #1 (&psock->link_lock){+...}-{2:2}: [ 56.720933][ T9] lock_acquire+0x1f8/0x5a0 [ 56.725946][ T9] _raw_spin_lock_bh+0x31/0x40 [ 56.731263][ T9] sock_hash_update_common+0x620/0xa30 [ 56.737501][ T9] sock_map_update_elem_sys+0x5a0/0x910 [ 56.743739][ T9] map_update_elem+0x503/0x680 [ 56.749013][ T9] __sys_bpf+0x337/0x6c0 [ 56.753765][ T9] __x64_sys_bpf+0x78/0x90 [ 56.758693][ T9] do_syscall_64+0x3b/0xb0 [ 56.763620][ T9] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 56.770020][ T9] [ 56.770020][ T9] -> #0 (&htab->buckets[i].lock){+.-.}-{2:2}: [ 56.778261][ T9] validate_chain+0x1661/0x5950 [ 56.783632][ T9] __lock_acquire+0x125b/0x1f80 [ 56.788999][ T9] lock_acquire+0x1f8/0x5a0 [ 56.794010][ T9] _raw_spin_lock_bh+0x31/0x40 [ 56.799280][ T9] sock_hash_delete_elem+0x177/0x400 [ 56.805179][ T9] bpf_prog_c688579455f058d4+0x4e/0x52 [ 56.811144][ T9] bpf_trace_run2+0x1fd/0x410 [ 56.816332][ T9] __bpf_trace_kfree+0x6e/0x90 [ 56.821602][ T9] __traceiter_kfree+0x26/0x40 [ 56.826871][ T9] kfree+0xf6/0x190 [ 56.831186][ T9] sock_map_unref+0x3ac/0x5d0 [ 56.836376][ T9] sock_hash_free+0x57c/0x820 [ 56.841564][ T9] process_one_work+0x8a9/0x11d0 [ 56.847009][ T9] worker_thread+0xa47/0x1200 [ 56.852199][ T9] kthread+0x28d/0x320 [ 56.856869][ T9] ret_from_fork+0x1f/0x30 [ 56.861797][ T9] [ 56.861797][ T9] other info that might help us debug this: [ 56.861797][ T9] [ 56.872023][ T9] Possible unsafe locking scenario: [ 56.872023][ T9] [ 56.879484][ T9] CPU0 CPU1 [ 56.884840][ T9] ---- ---- [ 56.890210][ T9] lock(&psock->link_lock); [ 56.894798][ T9] lock(&htab->buckets[i].lock); [ 56.902326][ T9] lock(&psock->link_lock); [ 56.909419][ T9] lock(&htab->buckets[i].lock); [ 56.915214][ T9] [ 56.915214][ T9] *** DEADLOCK *** [ 56.915214][ T9] [ 56.923341][ T9] 6 locks held by kworker/u4:0/9: [ 56.928433][ T9] #0: ffff888012479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 56.939473][ T9] #1: ffffc900000e7d20 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 56.950504][ T9] #2: ffff8880743b5130 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: sock_hash_free+0x4af/0x820 [ 56.960063][ T9] #3: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: sock_hash_free+0x4bb/0x820 [ 56.969449][ T9] #4: ffff88807e819290 (&psock->link_lock){+...}-{2:2}, at: sock_map_unref+0xcc/0x5d0 [ 56.979100][ T9] #5: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x110/0x410 [ 56.988485][ T9] [ 56.988485][ T9] stack backtrace: [ 56.994357][ T9] CPU: 1 PID: 9 Comm: kworker/u4:0 Not tainted 6.1.90-syzkaller #0 [ 57.002231][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 57.012291][ T9] Workqueue: events_unbound bpf_map_free_deferred [ 57.018720][ T9] Call Trace: [ 57.022084][ T9] [ 57.025005][ T9] dump_stack_lvl+0x1e3/0x2cb [ 57.029678][ T9] ? nf_tcp_handle_invalid+0x642/0x642 [ 57.035133][ T9] ? print_circular_bug+0x12b/0x1a0 [ 57.040317][ T9] check_noncircular+0x2fa/0x3b0 [ 57.045241][ T9] ? deref_stack_reg+0x17c/0x210 [ 57.050164][ T9] ? reacquire_held_locks+0x660/0x660 [ 57.055527][ T9] ? add_chain_block+0x850/0x850 [ 57.060457][ T9] ? lockdep_lock+0x11f/0x2a0 [ 57.065144][ T9] ? unwind_next_frame+0x111a/0x2220 [ 57.070443][ T9] ? _find_first_zero_bit+0xd0/0x100 [ 57.075730][ T9] validate_chain+0x1661/0x5950 [ 57.080603][ T9] ? check_path+0x40/0x40 [ 57.084936][ T9] ? check_path+0x21/0x40 [ 57.089250][ T9] ? check_noncircular+0x1e3/0x3b0 [ 57.094347][ T9] ? reacquire_held_locks+0x660/0x660 [ 57.099715][ T9] ? add_chain_block+0x850/0x850 [ 57.104653][ T9] ? lockdep_unlock+0x165/0x300 [ 57.109494][ T9] ? lockdep_lock+0x2a0/0x2a0 [ 57.114162][ T9] ? lockdep_unlock+0x165/0x300 [ 57.119029][ T9] ? validate_chain+0x13ce/0x5950 [ 57.124062][ T9] ? reacquire_held_locks+0x660/0x660 [ 57.129434][ T9] ? mark_lock+0x9a/0x340 [ 57.133773][ T9] __lock_acquire+0x125b/0x1f80 [ 57.138652][ T9] lock_acquire+0x1f8/0x5a0 [ 57.143245][ T9] ? sock_hash_delete_elem+0x177/0x400 [ 57.148708][ T9] ? read_lock_is_recursive+0x10/0x10 [ 57.154079][ T9] ? sock_hash_delete_elem+0x177/0x400 [ 57.159532][ T9] ? __bpf_trace_softirq+0x10/0x10 [ 57.164645][ T9] ? sock_hash_delete_elem+0x177/0x400 [ 57.170095][ T9] _raw_spin_lock_bh+0x31/0x40 [ 57.174850][ T9] ? sock_hash_delete_elem+0x177/0x400 [ 57.180304][ T9] sock_hash_delete_elem+0x177/0x400 [ 57.185584][ T9] ? sock_hash_lookup+0x660/0x660 [ 57.190603][ T9] bpf_prog_c688579455f058d4+0x4e/0x52 [ 57.196051][ T9] bpf_trace_run2+0x1fd/0x410 [ 57.200719][ T9] ? bpf_trace_run2+0x110/0x410 [ 57.205554][ T9] ? bpf_trace_run1+0x3d0/0x3d0 [ 57.210393][ T9] ? do_raw_spin_lock+0x14a/0x370 [ 57.215427][ T9] ? sock_map_unref+0x3ac/0x5d0 [ 57.220289][ T9] ? __bpf_trace_softirq+0x10/0x10 [ 57.225419][ T9] ? sock_map_unref+0x3ac/0x5d0 [ 57.230280][ T9] __bpf_trace_kfree+0x6e/0x90 [ 57.235068][ T9] ? sock_map_unref+0x3ac/0x5d0 [ 57.239936][ T9] __traceiter_kfree+0x26/0x40 [ 57.244691][ T9] ? sock_map_unref+0x3ac/0x5d0 [ 57.249537][ T9] kfree+0xf6/0x190 [ 57.253335][ T9] sock_map_unref+0x3ac/0x5d0 [ 57.258005][ T9] ? sock_hash_free+0x4bb/0x820 [ 57.262851][ T9] sock_hash_free+0x57c/0x820 [ 57.267523][ T9] ? sock_hash_alloc+0x500/0x500 [ 57.272458][ T9] ? bpf_map_free_deferred+0x46/0xc0 [ 57.277737][ T9] ? bpf_map_free_deferred+0x46/0xc0 [ 57.283038][ T9] ? kfree+0x30/0x190 [ 57.287044][ T9] ? process_one_work+0x7a9/0x11d0 [ 57.292168][ T9] process_one_work+0x8a9/0x11d0 [ 57.297111][ T9] ? worker_detach_from_pool+0x260/0x260 [ 57.302734][ T9] ? _raw_spin_lock_irqsave+0x120/0x120 [ 57.308273][ T9] ? kthread_data+0x4e/0xc0 [ 57.312769][ T9] ? wq_worker_running+0x97/0x190 [ 57.317787][ T9] worker_thread+0xa47/0x1200 [ 57.322457][ T9] ? __sched_text_start+0x8/0x8 [ 57.327305][ T9] kthread+0x28d/0x320 executing program [ 57.331359][ T9] ? worker_clr_flags+0x190/0x190 [ 57.336368][ T9] ? kthread_blkcg+0xd0/0xd0 [ 57.340941][ T9] ret_from_fork+0x1f/0x30 [ 57.345359][ T9] executing program executing program executing program executing program executing program executing program executing program executing program executing program