Warning: Permanently added '10.128.1.31' (ED25519) to the list of known hosts. executing program [ 52.719843][ T3564] [ 52.722190][ T3564] ====================================================== [ 52.729312][ T3564] WARNING: possible circular locking dependency detected [ 52.736515][ T3564] 5.15.167-syzkaller #0 Not tainted [ 52.741703][ T3564] ------------------------------------------------------ [ 52.749230][ T3564] syz-executor320/3564 is trying to acquire lock: [ 52.755630][ T3564] ffff8880b9027e78 (krc.lock){....}-{2:2}, at: kvfree_call_rcu+0x1b5/0x8a0 [ 52.764251][ T3564] [ 52.764251][ T3564] but task is already holding lock: [ 52.771606][ T3564] ffff888024f105b8 (&trie->lock){....}-{2:2}, at: trie_update_elem+0xc5/0xc00 [ 52.780475][ T3564] [ 52.780475][ T3564] which lock already depends on the new lock. [ 52.780475][ T3564] [ 52.790888][ T3564] [ 52.790888][ T3564] the existing dependency chain (in reverse order) is: [ 52.799892][ T3564] [ 52.799892][ T3564] -> #2 (&trie->lock){....}-{2:2}: [ 52.807275][ T3564] lock_acquire+0x1db/0x4f0 [ 52.812310][ T3564] _raw_spin_lock_irqsave+0xd1/0x120 [ 52.818143][ T3564] trie_delete_elem+0x90/0x690 [ 52.823436][ T3564] bpf_prog_1db1603a7cfa36fb+0x3d/0xe70 [ 52.829708][ T3564] bpf_trace_run2+0x19e/0x340 [ 52.834940][ T3564] enqueue_hrtimer+0x324/0x390 [ 52.840226][ T3564] hrtimer_start_range_ns+0xabe/0xc80 [ 52.846193][ T3564] futex_wait_queue_me+0x1a4/0x480 [ 52.851855][ T3564] futex_wait+0x2f8/0x740 [ 52.856706][ T3564] do_futex+0x1414/0x1810 [ 52.861559][ T3564] __se_sys_futex+0x407/0x490 [ 52.866776][ T3564] do_syscall_64+0x3b/0xb0 [ 52.871734][ T3564] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 52.878183][ T3564] [ 52.878183][ T3564] -> #1 (hrtimer_bases.lock){-.-.}-{2:2}: [ 52.886192][ T3564] lock_acquire+0x1db/0x4f0 [ 52.891233][ T3564] _raw_spin_lock_irqsave+0xd1/0x120 [ 52.897233][ T3564] hrtimer_start_range_ns+0x105/0xc80 [ 52.903283][ T3564] kvfree_call_rcu+0x6a0/0x8a0 [ 52.908598][ T3564] rtnl_register_internal+0x443/0x530 [ 52.914504][ T3564] rtnl_register+0x32/0x70 [ 52.919461][ T3564] ip_rt_init+0x2e6/0x390 [ 52.924325][ T3564] ip_init+0xa/0x20 [ 52.928655][ T3564] inet_init+0x27c/0x390 [ 52.933439][ T3564] do_one_initcall+0x22b/0x7a0 [ 52.938719][ T3564] do_initcall_level+0x157/0x210 [ 52.944174][ T3564] do_initcalls+0x49/0x90 [ 52.949015][ T3564] kernel_init_freeable+0x425/0x5c0 [ 52.954725][ T3564] kernel_init+0x19/0x290 [ 52.959703][ T3564] ret_from_fork+0x1f/0x30 [ 52.964643][ T3564] [ 52.964643][ T3564] -> #0 (krc.lock){....}-{2:2}: [ 52.971676][ T3564] validate_chain+0x1649/0x5930 [ 52.977053][ T3564] __lock_acquire+0x1295/0x1ff0 [ 52.982411][ T3564] lock_acquire+0x1db/0x4f0 [ 52.987420][ T3564] _raw_spin_lock+0x2a/0x40 [ 52.992695][ T3564] kvfree_call_rcu+0x1b5/0x8a0 [ 52.997968][ T3564] trie_update_elem+0x808/0xc00 [ 53.003332][ T3564] bpf_map_update_value+0x5d7/0x6c0 [ 53.009043][ T3564] generic_map_update_batch+0x54d/0x8b0 [ 53.015104][ T3564] bpf_map_do_batch+0x4d0/0x620 [ 53.020465][ T3564] __sys_bpf+0x55c/0x670 [ 53.025254][ T3564] __x64_sys_bpf+0x78/0x90 [ 53.030446][ T3564] do_syscall_64+0x3b/0xb0 [ 53.035374][ T3564] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 53.041784][ T3564] [ 53.041784][ T3564] other info that might help us debug this: [ 53.041784][ T3564] [ 53.052172][ T3564] Chain exists of: [ 53.052172][ T3564] krc.lock --> hrtimer_bases.lock --> &trie->lock [ 53.052172][ T3564] [ 53.064506][ T3564] Possible unsafe locking scenario: [ 53.064506][ T3564] [ 53.071961][ T3564] CPU0 CPU1 [ 53.077328][ T3564] ---- ---- [ 53.082799][ T3564] lock(&trie->lock); [ 53.086976][ T3564] lock(hrtimer_bases.lock); [ 53.094182][ T3564] lock(&trie->lock); [ 53.100756][ T3564] lock(krc.lock); [ 53.104549][ T3564] [ 53.104549][ T3564] *** DEADLOCK *** [ 53.104549][ T3564] [ 53.112700][ T3564] 2 locks held by syz-executor320/3564: [ 53.118320][ T3564] #0: ffffffff8c91fc60 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 53.127624][ T3564] #1: ffff888024f105b8 (&trie->lock){....}-{2:2}, at: trie_update_elem+0xc5/0xc00 [ 53.136925][ T3564] [ 53.136925][ T3564] stack backtrace: [ 53.142805][ T3564] CPU: 0 PID: 3564 Comm: syz-executor320 Not tainted 5.15.167-syzkaller #0 [ 53.151730][ T3564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 53.161891][ T3564] Call Trace: [ 53.165163][ T3564] [ 53.168172][ T3564] dump_stack_lvl+0x1e3/0x2d0 [ 53.173015][ T3564] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 53.178639][ T3564] ? print_circular_bug+0x12b/0x1a0 [ 53.184024][ T3564] check_noncircular+0x2f8/0x3b0 [ 53.188979][ T3564] ? add_chain_block+0x850/0x850 [ 53.193905][ T3564] ? lockdep_lock+0x11f/0x2a0 [ 53.198572][ T3564] ? __lock_acquire+0x1295/0x1ff0 [ 53.203587][ T3564] validate_chain+0x1649/0x5930 [ 53.208435][ T3564] ? read_lock_is_recursive+0x10/0x10 [ 53.213830][ T3564] ? stack_depot_save+0x3db/0x440 [ 53.218846][ T3564] ? do_raw_spin_lock+0x14a/0x370 [ 53.223860][ T3564] ? reacquire_held_locks+0x660/0x660 [ 53.229223][ T3564] ? do_raw_spin_unlock+0x137/0x8b0 [ 53.234414][ T3564] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 53.240296][ T3564] ? _raw_spin_unlock+0x40/0x40 [ 53.245138][ T3564] ? stack_trace_save+0x113/0x1c0 [ 53.250152][ T3564] ? stack_trace_snprint+0xe0/0xe0 [ 53.255255][ T3564] ? mark_lock+0x98/0x340 [ 53.259930][ T3564] __lock_acquire+0x1295/0x1ff0 [ 53.264798][ T3564] lock_acquire+0x1db/0x4f0 [ 53.269298][ T3564] ? kvfree_call_rcu+0x1b5/0x8a0 [ 53.274313][ T3564] ? read_lock_is_recursive+0x10/0x10 [ 53.279694][ T3564] _raw_spin_lock+0x2a/0x40 [ 53.284185][ T3564] ? kvfree_call_rcu+0x1b5/0x8a0 [ 53.289116][ T3564] kvfree_call_rcu+0x1b5/0x8a0 [ 53.293871][ T3564] ? call_rcu+0xa70/0xa70 [ 53.298188][ T3564] ? __kmalloc_node+0x199/0x390 [ 53.303048][ T3564] ? bpf_map_kmalloc_node+0xdb/0x160 [ 53.308325][ T3564] ? _raw_spin_lock+0x40/0x40 [ 53.312995][ T3564] ? longest_prefix_match+0x318/0x640 [ 53.318364][ T3564] trie_update_elem+0x808/0xc00 [ 53.323212][ T3564] bpf_map_update_value+0x5d7/0x6c0 [ 53.328404][ T3564] generic_map_update_batch+0x54d/0x8b0 [ 53.333952][ T3564] ? rcu_read_unlock+0x90/0x90 [ 53.338714][ T3564] ? __fdget+0x191/0x220 [ 53.342977][ T3564] ? rcu_read_unlock+0x90/0x90 [ 53.347821][ T3564] bpf_map_do_batch+0x4d0/0x620 [ 53.352670][ T3564] __sys_bpf+0x55c/0x670 [ 53.356907][ T3564] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 53.362276][ T3564] ? syscall_enter_from_user_mode+0x2e/0x240 [ 53.368247][ T3564] ? lockdep_hardirqs_on+0x94/0x130 [ 53.373540][ T3564] __x64_sys_bpf+0x78/0x90 [ 53.377960][ T3564] do_syscall_64+0x3b/0xb0 [ 53.382462][ T3564] ? clear_bhb_loop+0x15/0x70 [ 53.387130][ T3564] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 53.393016][ T3564] RIP: 0033:0x7f2741ea1479 [ 53.397424][ T3564] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 53.417019][ T3564] RSP: 002b:00007f2741e63228 EFLAGS: 00000246