DUID 00:04:89:05:98:7d:bd:cb:ea:8e:b7:3c:a9:5c:45:de:a2:b6 forked to background, child pid 3174 [ 27.792991][ T3175] 8021q: adding VLAN 0 to HW filter on device bond0 [ 27.810384][ T3175] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.202' (ED25519) to the list of known hosts. executing program syzkaller login: [ 50.679466][ T3499] [ 50.682100][ T3499] ====================================================== [ 50.689413][ T3499] WARNING: possible circular locking dependency detected [ 50.696933][ T3499] 5.15.153-syzkaller #0 Not tainted [ 50.702488][ T3499] ------------------------------------------------------ [ 50.709599][ T3499] syz-executor171/3499 is trying to acquire lock: [ 50.716120][ T3499] ffff8880b9a27e78 (krc.lock){....}-{2:2}, at: kvfree_call_rcu+0x1b5/0x8a0 [ 50.725230][ T3499] [ 50.725230][ T3499] but task is already holding lock: [ 50.732964][ T3499] ffff88807d9e6db8 (&trie->lock){-...}-{2:2}, at: trie_update_elem+0xc5/0xc00 [ 50.742863][ T3499] [ 50.742863][ T3499] which lock already depends on the new lock. [ 50.742863][ T3499] [ 50.753613][ T3499] [ 50.753613][ T3499] the existing dependency chain (in reverse order) is: [ 50.762788][ T3499] [ 50.762788][ T3499] -> #2 (&trie->lock){-...}-{2:2}: [ 50.770072][ T3499] lock_acquire+0x1db/0x4f0 [ 50.775099][ T3499] _raw_spin_lock_irqsave+0xd1/0x120 [ 50.781197][ T3499] trie_delete_elem+0x90/0x690 [ 50.786995][ T3499] bpf_prog_2c29ac5cdc6b1842+0x3a/0x3b8 [ 50.795116][ T3499] bpf_trace_run2+0x19e/0x340 [ 50.801112][ T3499] enqueue_hrtimer+0x324/0x390 [ 50.807275][ T3499] __hrtimer_run_queues+0x6b6/0xcf0 [ 50.814085][ T3499] hrtimer_interrupt+0x392/0x980 [ 50.820115][ T3499] __sysvec_apic_timer_interrupt+0x139/0x470 [ 50.827411][ T3499] sysvec_apic_timer_interrupt+0x8c/0xb0 [ 50.834077][ T3499] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 50.841667][ T3499] acpi_idle_do_entry+0x10f/0x340 [ 50.848583][ T3499] acpi_idle_enter+0x352/0x4f0 [ 50.854106][ T3499] cpuidle_enter_state+0x521/0xef0 [ 50.860140][ T3499] cpuidle_enter+0x59/0x90 [ 50.865708][ T3499] do_idle+0x3e4/0x670 [ 50.871732][ T3499] cpu_startup_entry+0x14/0x20 [ 50.877153][ T3499] start_secondary+0x371/0x500 [ 50.882998][ T3499] secondary_startup_64_no_verify+0xb1/0xbb [ 50.889751][ T3499] [ 50.889751][ T3499] -> #1 (hrtimer_bases.lock){-.-.}-{2:2}: [ 50.897658][ T3499] lock_acquire+0x1db/0x4f0 [ 50.902687][ T3499] _raw_spin_lock_irqsave+0xd1/0x120 [ 50.908651][ T3499] hrtimer_start_range_ns+0xd8/0xc50 [ 50.914537][ T3499] kvfree_call_rcu+0x6a0/0x8a0 [ 50.919930][ T3499] rtnl_register_internal+0x443/0x530 [ 50.925817][ T3499] rtnl_register+0x32/0x70 [ 50.930894][ T3499] ip_rt_init+0x2e6/0x390 [ 50.936430][ T3499] ip_init+0xa/0x14 [ 50.940852][ T3499] inet_init+0x27c/0x38e [ 50.945635][ T3499] do_one_initcall+0x22b/0x7a0 [ 50.951025][ T3499] do_initcall_level+0x157/0x207 [ 50.956866][ T3499] do_initcalls+0x49/0x86 [ 50.962079][ T3499] kernel_init_freeable+0x425/0x5b5 [ 50.967941][ T3499] kernel_init+0x19/0x290 [ 50.972974][ T3499] ret_from_fork+0x1f/0x30 [ 50.978130][ T3499] [ 50.978130][ T3499] -> #0 (krc.lock){....}-{2:2}: [ 50.985403][ T3499] validate_chain+0x1649/0x5930 [ 50.990787][ T3499] __lock_acquire+0x1295/0x1ff0 [ 50.996237][ T3499] lock_acquire+0x1db/0x4f0 [ 51.001283][ T3499] _raw_spin_lock+0x2a/0x40 [ 51.006616][ T3499] kvfree_call_rcu+0x1b5/0x8a0 [ 51.011995][ T3499] trie_update_elem+0x808/0xc00 [ 51.017619][ T3499] bpf_map_update_value+0x5d7/0x6c0 [ 51.023815][ T3499] generic_map_update_batch+0x54d/0x8b0 [ 51.030098][ T3499] bpf_map_do_batch+0x4d0/0x620 [ 51.036002][ T3499] __sys_bpf+0x55c/0x670 [ 51.041152][ T3499] __x64_sys_bpf+0x78/0x90 [ 51.046683][ T3499] do_syscall_64+0x3d/0xb0 [ 51.053793][ T3499] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 51.062137][ T3499] [ 51.062137][ T3499] other info that might help us debug this: [ 51.062137][ T3499] [ 51.075759][ T3499] Chain exists of: [ 51.075759][ T3499] krc.lock --> hrtimer_bases.lock --> &trie->lock [ 51.075759][ T3499] [ 51.088433][ T3499] Possible unsafe locking scenario: [ 51.088433][ T3499] [ 51.096053][ T3499] CPU0 CPU1 [ 51.101566][ T3499] ---- ---- [ 51.106919][ T3499] lock(&trie->lock); [ 51.110970][ T3499] lock(hrtimer_bases.lock); [ 51.118174][ T3499] lock(&trie->lock); [ 51.125287][ T3499] lock(krc.lock); [ 51.129274][ T3499] [ 51.129274][ T3499] *** DEADLOCK *** [ 51.129274][ T3499] [ 51.137573][ T3499] 2 locks held by syz-executor171/3499: [ 51.143977][ T3499] #0: ffffffff8c91f720 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 51.154164][ T3499] #1: ffff88807d9e6db8 (&trie->lock){-...}-{2:2}, at: trie_update_elem+0xc5/0xc00 [ 51.164005][ T3499] [ 51.164005][ T3499] stack backtrace: [ 51.170188][ T3499] CPU: 0 PID: 3499 Comm: syz-executor171 Not tainted 5.15.153-syzkaller #0 [ 51.179310][ T3499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 51.189707][ T3499] Call Trace: [ 51.193165][ T3499] [ 51.196193][ T3499] dump_stack_lvl+0x1e3/0x2cb [ 51.200969][ T3499] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 51.206848][ T3499] ? print_circular_bug+0x12b/0x1a0 [ 51.212138][ T3499] check_noncircular+0x2f8/0x3b0 [ 51.217305][ T3499] ? add_chain_block+0x850/0x850 [ 51.223793][ T3499] ? lockdep_lock+0x11f/0x2a0 [ 51.228801][ T3499] ? __lock_acquire+0x1295/0x1ff0 [ 51.234111][ T3499] validate_chain+0x1649/0x5930 [ 51.239545][ T3499] ? read_lock_is_recursive+0x10/0x10 [ 51.244947][ T3499] ? stack_depot_save+0x3db/0x440 [ 51.250070][ T3499] ? do_raw_spin_lock+0x14a/0x370 [ 51.255184][ T3499] ? reacquire_held_locks+0x660/0x660 [ 51.260951][ T3499] ? do_raw_spin_unlock+0x137/0x8b0 [ 51.266971][ T3499] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 51.273346][ T3499] ? _raw_spin_unlock+0x40/0x40 [ 51.278612][ T3499] ? stack_trace_save+0x113/0x1c0 [ 51.284506][ T3499] ? stack_trace_snprint+0xe0/0xe0 [ 51.289938][ T3499] ? mark_lock+0x98/0x340 [ 51.294775][ T3499] __lock_acquire+0x1295/0x1ff0 [ 51.300195][ T3499] lock_acquire+0x1db/0x4f0 [ 51.305417][ T3499] ? kvfree_call_rcu+0x1b5/0x8a0 [ 51.310471][ T3499] ? read_lock_is_recursive+0x10/0x10 [ 51.316079][ T3499] _raw_spin_lock+0x2a/0x40 [ 51.320774][ T3499] ? kvfree_call_rcu+0x1b5/0x8a0 [ 51.326108][ T3499] kvfree_call_rcu+0x1b5/0x8a0 [ 51.332427][ T3499] ? call_rcu+0xa70/0xa70 [ 51.337414][ T3499] ? __kmalloc_node+0x199/0x390 [ 51.343346][ T3499] ? bpf_map_kmalloc_node+0xdb/0x160 [ 51.348938][ T3499] ? _raw_spin_lock+0x40/0x40 [ 51.353879][ T3499] ? longest_prefix_match+0x2db/0x640 [ 51.359845][ T3499] trie_update_elem+0x808/0xc00 [ 51.365207][ T3499] bpf_map_update_value+0x5d7/0x6c0 [ 51.370811][ T3499] generic_map_update_batch+0x54d/0x8b0 [ 51.377668][ T3499] ? rcu_read_unlock+0x90/0x90 [ 51.382697][ T3499] ? __fdget+0x158/0x220 [ 51.387077][ T3499] ? rcu_read_unlock+0x90/0x90 [ 51.391855][ T3499] bpf_map_do_batch+0x4d0/0x620 [ 51.396777][ T3499] __sys_bpf+0x55c/0x670 [ 51.401188][ T3499] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 51.406903][ T3499] ? syscall_enter_from_user_mode+0x2e/0x230 [ 51.413469][ T3499] ? lockdep_hardirqs_on+0x94/0x130 [ 51.419143][ T3499] __x64_sys_bpf+0x78/0x90 [ 51.423866][ T3499] do_syscall_64+0x3d/0xb0 [ 51.429066][ T3499] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 51.437713][ T3499] RIP: 0033:0x7faf97976929 [ 51.443061][ T3499] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 51.469394][ T3499] RSP: 002b:00007ffc775a8978 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 51.479617][ T3499] RAX: ffffffffffffffda RBX: 00007ffc775a8b48 RCX: 00007faf97976929 [ 51.489283][ T3499] RDX: 0000000000000038 RSI: 0000000020000000 RDI: 000000000000001a [ 51.499117][ T3499] RBP: 00007faf979e9610 R08: 00007ffc775a8b48 R09: 00007ffc775a8b48 [ 51.509320][ T3499] R10: 00007ffc775a8b48 R11: 0000000000000246 R12: 0000000000000001 [ 51.522407][ T3499] R13: 00007ffc775a8b38 R14: 0000000000000001 R15: 0000000000000001 [ 51.533836][ T3499] [ 51.545273][ T3499] ODEBUG: Out of memory. ODEBUG disabled