DUID 00:04:f1:66:da:08:a6:3b:05:18:d9:3c:3a:43:08:27:7f:45 forked to background, child pid 3174 [ 29.269364][ T3175] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.279035][ T3175] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.130' (ED25519) to the list of known hosts. executing program syzkaller login: [ 52.430390][ T3497] [ 52.432750][ T3497] ====================================================== [ 52.439755][ T3497] WARNING: possible circular locking dependency detected [ 52.446881][ T3497] 5.15.158-syzkaller #0 Not tainted [ 52.452072][ T3497] ------------------------------------------------------ [ 52.459091][ T3497] sshd/3497 is trying to acquire lock: [ 52.464538][ T3497] ffff888016d979b8 (&trie->lock){....}-{2:2}, at: trie_delete_elem+0x90/0x690 [ 52.473429][ T3497] [ 52.473429][ T3497] but task is already holding lock: [ 52.480778][ T3497] ffff8880b9a28098 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x120/0x260 [ 52.489645][ T3497] [ 52.489645][ T3497] which lock already depends on the new lock. [ 52.489645][ T3497] [ 52.500054][ T3497] [ 52.500054][ T3497] the existing dependency chain (in reverse order) is: [ 52.509062][ T3497] [ 52.509062][ T3497] -> #2 (&base->lock){-.-.}-{2:2}: [ 52.516358][ T3497] lock_acquire+0x1db/0x4f0 [ 52.521389][ T3497] _raw_spin_lock_irqsave+0xd1/0x120 [ 52.527192][ T3497] lock_timer_base+0x120/0x260 [ 52.532470][ T3497] __mod_timer+0x1d6/0xeb0 [ 52.537400][ T3497] queue_delayed_work_on+0x156/0x250 [ 52.543209][ T3497] kvfree_call_rcu+0x50e/0x8a0 [ 52.548486][ T3497] rtnl_register_internal+0x443/0x530 [ 52.554385][ T3497] rtnl_register+0x32/0x70 [ 52.559319][ T3497] ip_rt_init+0x2e6/0x390 [ 52.564163][ T3497] ip_init+0xa/0x20 [ 52.568485][ T3497] inet_init+0x27c/0x390 [ 52.573239][ T3497] do_one_initcall+0x22b/0x7a0 [ 52.578518][ T3497] do_initcall_level+0x157/0x210 [ 52.583988][ T3497] do_initcalls+0x49/0x90 [ 52.588833][ T3497] kernel_init_freeable+0x425/0x5c0 [ 52.594549][ T3497] kernel_init+0x19/0x290 [ 52.599393][ T3497] ret_from_fork+0x1f/0x30 [ 52.604327][ T3497] [ 52.604327][ T3497] -> #1 (krc.lock){....}-{2:2}: [ 52.611355][ T3497] lock_acquire+0x1db/0x4f0 [ 52.616371][ T3497] _raw_spin_lock+0x2a/0x40 [ 52.621392][ T3497] kvfree_call_rcu+0x1b5/0x8a0 [ 52.626671][ T3497] trie_update_elem+0x808/0xc00 [ 52.632123][ T3497] bpf_map_update_value+0x5d7/0x6c0 [ 52.637839][ T3497] generic_map_update_batch+0x54d/0x8b0 [ 52.643900][ T3497] bpf_map_do_batch+0x4d0/0x620 [ 52.649265][ T3497] __sys_bpf+0x55c/0x670 [ 52.654027][ T3497] __x64_sys_bpf+0x78/0x90 [ 52.658961][ T3497] do_syscall_64+0x3b/0xb0 [ 52.663891][ T3497] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 52.670300][ T3497] [ 52.670300][ T3497] -> #0 (&trie->lock){....}-{2:2}: [ 52.677599][ T3497] validate_chain+0x1649/0x5930 [ 52.682967][ T3497] __lock_acquire+0x1295/0x1ff0 [ 52.688336][ T3497] lock_acquire+0x1db/0x4f0 [ 52.693353][ T3497] _raw_spin_lock_irqsave+0xd1/0x120 [ 52.699154][ T3497] trie_delete_elem+0x90/0x690 [ 52.704431][ T3497] bpf_prog_2c29ac5cdc6b1842+0x3a/0x38c [ 52.710487][ T3497] bpf_trace_run3+0x1d1/0x380 [ 52.715676][ T3497] enqueue_timer+0x3ae/0x540 [ 52.720796][ T3497] __mod_timer+0x9ca/0xeb0 [ 52.725729][ T3497] sk_reset_timer+0x1f/0xb0 [ 52.730749][ T3497] tcp_event_new_data_sent+0x203/0x360 [ 52.736725][ T3497] tcp_write_xmit+0x1a0b/0x65f0 [ 52.742089][ T3497] __tcp_push_pending_frames+0x90/0x250 [ 52.748148][ T3497] tcp_sendmsg_locked+0x315c/0x3a90 [ 52.753866][ T3497] tcp_sendmsg+0x2c/0x40 [ 52.758649][ T3497] sock_write_iter+0x39b/0x530 [ 52.763948][ T3497] vfs_write+0xacf/0xe50 [ 52.768714][ T3497] ksys_write+0x1a2/0x2c0 [ 52.773564][ T3497] do_syscall_64+0x3b/0xb0 [ 52.778504][ T3497] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 52.784920][ T3497] [ 52.784920][ T3497] other info that might help us debug this: [ 52.784920][ T3497] [ 52.795141][ T3497] Chain exists of: [ 52.795141][ T3497] &trie->lock --> krc.lock --> &base->lock [ 52.795141][ T3497] [ 52.806866][ T3497] Possible unsafe locking scenario: [ 52.806866][ T3497] [ 52.814313][ T3497] CPU0 CPU1 [ 52.819723][ T3497] ---- ---- [ 52.825087][ T3497] lock(&base->lock); [ 52.829173][ T3497] lock(krc.lock); [ 52.835496][ T3497] lock(&base->lock); [ 52.842084][ T3497] lock(&trie->lock); [ 52.846148][ T3497] [ 52.846148][ T3497] *** DEADLOCK *** [ 52.846148][ T3497] [ 52.854277][ T3497] 3 locks held by sshd/3497: [ 52.858938][ T3497] #0: ffff8880765c8120 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_sendmsg+0x1e/0x40 [ 52.868186][ T3497] #1: ffff8880b9a28098 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x120/0x260 [ 52.877524][ T3497] #2: ffffffff8c91fae0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 52.886838][ T3497] [ 52.886838][ T3497] stack backtrace: [ 52.892719][ T3497] CPU: 0 PID: 3497 Comm: sshd Not tainted 5.15.158-syzkaller #0 [ 52.900443][ T3497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 52.910493][ T3497] Call Trace: [ 52.913768][ T3497] [ 52.916691][ T3497] dump_stack_lvl+0x1e3/0x2d0 [ 52.921372][ T3497] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 52.927004][ T3497] ? print_circular_bug+0x12b/0x1a0 [ 52.932201][ T3497] check_noncircular+0x2f8/0x3b0 [ 52.937149][ T3497] ? add_chain_block+0x850/0x850 [ 52.942094][ T3497] ? queued_spin_lock_slowpath+0x42/0x50 [ 52.947763][ T3497] ? lockdep_lock+0x1a7/0x2a0 [ 52.952461][ T3497] ? virtqueue_add+0x4630/0x4630 [ 52.957411][ T3497] validate_chain+0x1649/0x5930 [ 52.962269][ T3497] ? virtqueue_kick_prepare+0x2c7/0x4d0 [ 52.967815][ T3497] ? start_xmit+0xe05/0x1580 [ 52.972429][ T3497] ? mark_lock+0x98/0x340 [ 52.976847][ T3497] ? reacquire_held_locks+0x660/0x660 [ 52.982221][ T3497] ? validate_chain+0x112/0x5930 [ 52.987156][ T3497] ? print_irqtrace_events+0x210/0x210 [ 52.992610][ T3497] ? look_up_lock_class+0x77/0x120 [ 52.997749][ T3497] ? register_lock_class+0x100/0x9a0 [ 53.003033][ T3497] ? is_dynamic_key+0x1f0/0x1f0 [ 53.007878][ T3497] ? mark_lock+0x98/0x340 [ 53.012208][ T3497] __lock_acquire+0x1295/0x1ff0 [ 53.017058][ T3497] lock_acquire+0x1db/0x4f0 [ 53.021550][ T3497] ? trie_delete_elem+0x90/0x690 [ 53.026483][ T3497] ? mark_lock+0x98/0x340 [ 53.030804][ T3497] ? read_lock_is_recursive+0x10/0x10 [ 53.036166][ T3497] ? __lock_acquire+0x1295/0x1ff0 [ 53.041186][ T3497] _raw_spin_lock_irqsave+0xd1/0x120 [ 53.046466][ T3497] ? trie_delete_elem+0x90/0x690 [ 53.051398][ T3497] ? _raw_spin_lock+0x40/0x40 [ 53.056070][ T3497] ? read_lock_is_recursive+0x10/0x10 [ 53.061439][ T3497] trie_delete_elem+0x90/0x690 [ 53.066196][ T3497] ? __cant_sleep+0x270/0x270 [ 53.070869][ T3497] ? do_raw_spin_lock+0x14a/0x370 [ 53.075927][ T3497] ? __lock_acquire+0x1ff0/0x1ff0 [ 53.080962][ T3497] bpf_prog_2c29ac5cdc6b1842+0x3a/0x38c [ 53.086504][ T3497] bpf_trace_run3+0x1d1/0x380 [ 53.091195][ T3497] ? bpf_trace_run2+0x340/0x340 [ 53.096040][ T3497] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 53.101932][ T3497] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 53.107818][ T3497] ? _raw_spin_unlock+0x40/0x40 [ 53.112667][ T3497] enqueue_timer+0x3ae/0x540 [ 53.117254][ T3497] __mod_timer+0x9ca/0xeb0 [ 53.121667][ T3497] ? mod_timer_pending+0x20/0x20 [ 53.126601][ T3497] ? ktime_get+0x7f/0x270 [ 53.130922][ T3497] ? seqcount_lockdep_reader_access+0x153/0x220 [ 53.137156][ T3497] ? lockdep_hardirqs_on+0x94/0x130 [ 53.142526][ T3497] ? seqcount_lockdep_reader_access+0x1d3/0x220 [ 53.148765][ T3497] ? memset+0x1f/0x40 [ 53.152758][ T3497] sk_reset_timer+0x1f/0xb0 [ 53.157273][ T3497] tcp_event_new_data_sent+0x203/0x360 [ 53.162727][ T3497] tcp_write_xmit+0x1a0b/0x65f0 [ 53.167589][ T3497] __tcp_push_pending_frames+0x90/0x250 [ 53.173129][ T3497] tcp_sendmsg_locked+0x315c/0x3a90 [ 53.178339][ T3497] ? tcp_free_fastopen_req+0x70/0x70 [ 53.183620][ T3497] ? __local_bh_enable_ip+0x164/0x1f0 [ 53.189074][ T3497] ? do_raw_spin_unlock+0x137/0x8b0 [ 53.194268][ T3497] tcp_sendmsg+0x2c/0x40 [ 53.198507][ T3497] ? inet_send_prepare+0x250/0x250 [ 53.203615][ T3497] sock_write_iter+0x39b/0x530 [ 53.208411][ T3497] ? sock_read_iter+0x480/0x480 [ 53.213262][ T3497] ? common_file_perm+0x17d/0x1d0 [ 53.218282][ T3497] ? fsnotify_perm+0x67/0x5a0 [ 53.222954][ T3497] ? iov_iter_init+0x4a/0x170 [ 53.227640][ T3497] vfs_write+0xacf/0xe50 [ 53.231881][ T3497] ? file_end_write+0x250/0x250 [ 53.236735][ T3497] ? read_lock_is_recursive+0x10/0x10 [ 53.242114][ T3497] ? __fdget_pos+0x1e9/0x380 [ 53.246701][ T3497] ksys_write+0x1a2/0x2c0 [ 53.251043][ T3497] ? print_irqtrace_events+0x210/0x210 [ 53.256494][ T3497] ? __ia32_sys_read+0x80/0x80 [ 53.261254][ T3497] ? syscall_enter_from_user_mode+0x2e/0x240 [ 53.267233][ T3497] ? lockdep_hardirqs_on+0x94/0x130 [ 53.272450][ T3497] ? syscall_enter_from_user_mode+0x2e/0x240 [ 53.278430][ T3497] do_syscall_64+0x3b/0xb0 [ 53.282839][ T3497] ? clear_bhb_loop+0x15/0x70 [ 53.287510][ T3497] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 53.293399][ T3497] RIP: 0033:0x7fcf83b2dbf2 [ 53.297814][ T3497] Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83 [ 53.317426][ T3497] RSP: 002b:00007ffcb38e6f08 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 53.325832][ T3497] RAX: ffffffffffffffda RBX: 0000000000000034 RCX: 00007fcf83b2dbf2 [ 53