Warning: Permanently added '10.128.0.77' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program executing program [ 52.656127][ T3497] [ 52.658522][ T3497] ====================================================== [ 52.665532][ T3497] WARNING: possible circular locking dependency detected [ 52.672549][ T3497] 5.15.156-syzkaller #0 Not tainted [ 52.677737][ T3497] ------------------------------------------------------ [ 52.684744][ T3497] sshd/3497 is trying to acquire lock: [ 52.690188][ T3497] ffff8880b9b35bb8 (lock#8){+.+.}-{2:2}, at: local_lock_acquire+0xd/0x170 [ 52.698856][ T3497] [ 52.698856][ T3497] but task is already holding lock: [ 52.706226][ T3497] ffff8880b9b3a358 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140 [ 52.715706][ T3497] [ 52.715706][ T3497] which lock already depends on the new lock. [ 52.715706][ T3497] [ 52.726213][ T3497] [ 52.726213][ T3497] the existing dependency chain (in reverse order) is: [ 52.735232][ T3497] [ 52.735232][ T3497] -> #3 (&rq->__lock){-.-.}-{2:2}: [ 52.742522][ T3497] lock_acquire+0x1db/0x4f0 [ 52.747541][ T3497] _raw_spin_lock_nested+0x2d/0x40 [ 52.753194][ T3497] raw_spin_rq_lock_nested+0x26/0x140 [ 52.759080][ T3497] task_fork_fair+0x5d/0x350 [ 52.764182][ T3497] sched_cgroup_fork+0x2d3/0x330 [ 52.769633][ T3497] copy_process+0x224a/0x3ef0 [ 52.774825][ T3497] kernel_clone+0x210/0x960 [ 52.779865][ T3497] kernel_thread+0x168/0x1e0 [ 52.784989][ T3497] rest_init+0x21/0x330 [ 52.789665][ T3497] start_kernel+0x48c/0x540 [ 52.794698][ T3497] secondary_startup_64_no_verify+0xb1/0xbb [ 52.801111][ T3497] [ 52.801111][ T3497] -> #2 (&p->pi_lock){-.-.}-{2:2}: [ 52.808578][ T3497] lock_acquire+0x1db/0x4f0 [ 52.813592][ T3497] _raw_spin_lock_irqsave+0xd1/0x120 [ 52.819391][ T3497] try_to_wake_up+0xae/0x1300 [ 52.824602][ T3497] complete_signal+0x5a0/0x9a0 [ 52.829883][ T3497] __send_signal+0xaaf/0xd40 [ 52.834987][ T3497] do_notify_parent+0xc1e/0xf00 [ 52.840370][ T3497] do_exit+0x1464/0x2480 [ 52.845218][ T3497] do_group_exit+0x144/0x310 [ 52.850329][ T3497] __x64_sys_exit_group+0x3b/0x40 [ 52.855872][ T3497] do_syscall_64+0x3b/0xb0 [ 52.860803][ T3497] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 52.867213][ T3497] [ 52.867213][ T3497] -> #1 (&sighand->siglock){....}-{2:2}: [ 52.875030][ T3497] lock_acquire+0x1db/0x4f0 [ 52.880048][ T3497] _raw_spin_lock_irqsave+0xd1/0x120 [ 52.885849][ T3497] __lock_task_sighand+0x11a/0x290 [ 52.891498][ T3497] group_send_sig_info+0x23f/0x2d0 [ 52.897130][ T3497] bpf_send_signal_common+0x2d8/0x420 [ 52.903022][ T3497] bpf_send_signal+0x15/0x20 [ 52.908129][ T3497] bpf_prog_9fbc3d1d47c9b36c+0x302/0x514 [ 52.914279][ T3497] bpf_trace_run4+0x1ea/0x390 [ 52.919490][ T3497] __mmap_lock_do_trace_acquire_returned+0x2d6/0x340 [ 52.926767][ T3497] exc_page_fault+0x59c/0x740 [ 52.931960][ T3497] asm_exc_page_fault+0x22/0x30 [ 52.937322][ T3497] strncpy_from_user+0x170/0x370 [ 52.942771][ T3497] bpf_prog_load+0x185/0x1b60 [ 52.947979][ T3497] __sys_bpf+0x343/0x670 [ 52.952752][ T3497] __x64_sys_bpf+0x78/0x90 [ 52.957706][ T3497] do_syscall_64+0x3b/0xb0 [ 52.962656][ T3497] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 52.969087][ T3497] [ 52.969087][ T3497] -> #0 (lock#8){+.+.}-{2:2}: [ 52.975946][ T3497] validate_chain+0x1649/0x5930 [ 52.981328][ T3497] __lock_acquire+0x1295/0x1ff0 [ 52.986807][ T3497] lock_acquire+0x1db/0x4f0 [ 52.991830][ T3497] local_lock_acquire+0x29/0x170 [ 52.997287][ T3497] __mmap_lock_do_trace_acquire_returned+0x7c/0x340 [ 53.004414][ T3497] stack_map_get_build_id_offset+0x612/0x930 [ 53.010910][ T3497] __bpf_get_stack+0x495/0x570 [ 53.016184][ T3497] bpf_get_stack_raw_tp+0x1b2/0x220 [ 53.021914][ T3497] bpf_prog_e6cf5f9c69743609+0x3a/0xe2c [ 53.027971][ T3497] bpf_trace_run3+0x1d1/0x380 [ 53.033163][ T3497] __traceiter_sched_switch+0x7d/0xb0 [ 53.039070][ T3497] __schedule+0x1e8d/0x45b0 [ 53.044089][ T3497] schedule+0x11b/0x1f0 [ 53.048761][ T3497] schedule_hrtimeout_range_clock+0x2b3/0x4a0 [ 53.055434][ T3497] poll_schedule_timeout+0x10c/0x150 [ 53.061236][ T3497] do_sys_poll+0xd61/0x11f0 [ 53.066254][ T3497] __se_sys_ppoll+0x29c/0x330 [ 53.071482][ T3497] do_syscall_64+0x3b/0xb0 [ 53.076414][ T3497] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 53.082824][ T3497] [ 53.082824][ T3497] other info that might help us debug this: [ 53.082824][ T3497] [ 53.093040][ T3497] Chain exists of: [ 53.093040][ T3497] lock#8 --> &p->pi_lock --> &rq->__lock [ 53.093040][ T3497] [ 53.105198][ T3497] Possible unsafe locking scenario: [ 53.105198][ T3497] [ 53.112656][ T3497] CPU0 CPU1 [ 53.118006][ T3497] ---- ---- [ 53.123356][ T3497] lock(&rq->__lock); [ 53.127415][ T3497] lock(&p->pi_lock); [ 53.134080][ T3497] lock(&rq->__lock); [ 53.140669][ T3497] lock(lock#8); [ 53.144305][ T3497] [ 53.144305][ T3497] *** DEADLOCK *** [ 53.144305][ T3497] [ 53.152441][ T3497] 3 locks held by sshd/3497: [ 53.157021][ T3497] #0: ffff8880b9b3a358 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140 [ 53.166941][ T3497] #1: ffffffff8c91fb20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 53.176241][ T3497] #2: ffff8880244a1628 (&mm->mmap_lock){++++}-{3:3}, at: stack_map_get_build_id_offset+0x23e/0x930 [ 53.187112][ T3497] [ 53.187112][ T3497] stack backtrace: [ 53.192991][ T3497] CPU: 1 PID: 3497 Comm: sshd Not tainted 5.15.156-syzkaller #0 [ 53.200614][ T3497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 53.210664][ T3497] Call Trace: [ 53.213938][ T3497] [ 53.216865][ T3497] dump_stack_lvl+0x1e3/0x2d0 [ 53.221563][ T3497] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 53.227207][ T3497] ? print_circular_bug+0x12b/0x1a0 [ 53.232405][ T3497] check_noncircular+0x2f8/0x3b0 [ 53.237348][ T3497] ? add_chain_block+0x850/0x850 [ 53.242305][ T3497] ? lockdep_lock+0x11f/0x2a0 [ 53.246987][ T3497] ? __lock_acquire+0x1ff0/0x1ff0 [ 53.252030][ T3497] validate_chain+0x1649/0x5930 [ 53.256889][ T3497] ? virtqueue_add+0x4630/0x4630 [ 53.261823][ T3497] ? reacquire_held_locks+0x660/0x660 [ 53.267213][ T3497] ? start_xmit+0xe05/0x1580 [ 53.271812][ T3497] ? mark_lock+0x98/0x340 [ 53.276139][ T3497] __lock_acquire+0x1295/0x1ff0 [ 53.280990][ T3497] lock_acquire+0x1db/0x4f0 [ 53.285489][ T3497] ? local_lock_acquire+0xd/0x170 [ 53.290511][ T3497] ? reacquire_held_locks+0x660/0x660 [ 53.295880][ T3497] ? read_lock_is_recursive+0x10/0x10 [ 53.301252][ T3497] ? down_read_trylock+0x24a/0x3b0 [ 53.306423][ T3497] ? stack_map_get_build_id_offset+0x23e/0x930 [ 53.312593][ T3497] local_lock_acquire+0x29/0x170 [ 53.317529][ T3497] ? local_lock_acquire+0xd/0x170 [ 53.322551][ T3497] __mmap_lock_do_trace_acquire_returned+0x7c/0x340 [ 53.329137][ T3497] ? stack_map_get_build_id_offset+0x601/0x930 [ 53.335393][ T3497] stack_map_get_build_id_offset+0x612/0x930 [ 53.341373][ T3497] ? __bpf_get_stackid+0x910/0x910 [ 53.346489][ T3497] __bpf_get_stack+0x495/0x570 [ 53.351265][ T3497] ? stack_map_get_build_id_offset+0x930/0x930 [ 53.357429][ T3497] ? __cant_sleep+0x270/0x270 [ 53.362119][ T3497] bpf_get_stack_raw_tp+0x1b2/0x220 [ 53.367316][ T3497] bpf_prog_e6cf5f9c69743609+0x3a/0xe2c [ 53.372852][ T3497] bpf_trace_run3+0x1d1/0x380 [ 53.377528][ T3497] ? bpf_trace_run2+0x340/0x340 [ 53.382396][ T3497] ? psi_task_switch+0x53d/0x810 [ 53.387348][ T3497] ? __bpf_trace_sched_wakeup_template+0x10/0x10 [ 53.393680][ T3497] __traceiter_sched_switch+0x7d/0xb0 [ 53.399059][ T3497] __schedule+0x1e8d/0x45b0 [ 53.403568][ T3497] ? print_irqtrace_events+0x210/0x210 [ 53.409022][ T3497] ? release_firmware_map_entry+0x190/0x190 [ 53.414921][ T3497] ? lockdep_hardirqs_on+0x94/0x130 [ 53.420135][ T3497] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 53.426039][ T3497] ? _raw_spin_unlock+0x40/0x40 [ 53.430925][ T3497] schedule+0x11b/0x1f0 [ 53.435075][ T3497] schedule_hrtimeout_range_clock+0x2b3/0x4a0 [ 53.441139][ T3497] ? hrtimer_nanosleep_restart+0x420/0x420 [ 53.446941][ T3497] ? __remove_hrtimer+0x4b0/0x4b0 [ 53.451957][ T3497] ? _raw_spin_unlock+0x40/0x40 [ 53.456805][ T3497] poll_schedule_timeout+0x10c/0x150 [ 53.462104][ T3497] do_sys_poll+0xd61/0x11f0 [ 53.466622][ T3497] ? poll_select_finish+0x7b0/0x7b0 [ 53.471820][ T3497] ? __x64_compat_sys_ppoll_time64+0xc0/0xc0 [ 53.477796][ T3497] ? __x64_compat_sys_ppoll_time64+0xc0/0xc0 [ 53.483772][ T3497] ? __x64_compat_sys_ppoll_time64+0xc0/0xc0 [ 53.489759][ T3497] ? __x64_compat_sys_ppoll_time64+0xc0/0xc0 [ 53.495756][ T3497] ? do_raw_spin_unlock+0x137/0x8b0 [ 53.501084][ T3497] ? _raw_spin_unlock_irq+0x1f/0x40 [ 53.506311][ T3497] ? lockdep_hardirqs_on+0x94/0x130 [ 53.511504][ T3497] ? _raw_spin_unlock_irq+0x2a/0x40 [ 53.516717][ T3497] ? sigprocmask+0x280/0x280 [ 53.521307][ T3497] ? __lock_acquire+0x1ff0/0x1ff0 [ 53.526330][ T3497] __se_sys_ppoll+0x29c/0x330 [ 53.531002][ T3497] ? __x64_sys_ppoll+0xc0/0xc0 [ 53.535763][ T3497] ? syscall_enter_from_user_mode+0x2e/0x240 [ 53.541745][ T3497] ? lockdep_hardirqs_on+0x94/0x130 [ 53.546954][ T3497] ? __x64_sys_ppoll+0x1c/0xc0 [ 53.551749][ T3497] do_syscall_64+0x3b/0xb0 [ 53.556211][ T3497] ? clear_bhb_loop+0x15/0x70 [ 53.560910][ T3497] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 53.566823][ T3497] RIP: 0033:0x7fe14d92aad5 [ 53.571269][ T3497] Code: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83 [ 53.590891][ T3497] RSP: 002b:00007fffb864af60 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 53.599318][ T3497] RAX: ffffffffffffffda RBX: 00000000000668a0 RCX: 00007fe14d92aad5 executing program executing program executing program executing program [ 53.607299][ T3497] RDX: 00007fffb864af80 RSI: 0000000000000004 RDI: 000056401c5a5a80 [ 53.615371][ T3497] RBP: 000056401c5a6240 R08: 0000000000000008 R09: 0000000000000000 [ 53.623353][ T3497] R10: 00007fffb864b068 R11: 0000000000000246 R12: 000056401bfe0aa4 [ 53.631319][ T3497] R13: 0000000000000001 R14: 000056401bfe13e8 R15: 00007fffb864afe8 [ 53.639307][ T3497] executing program executing program executing program executing program executing program executing program executing program Connection to 10.128.0.77 closed by remote host.