Warning: Permanently added '10.128.0.98' (ED25519) to the list of known hosts. executing program syzkaller login: [ 49.183665][ T3497] [ 49.188804][ T3497] ====================================================== [ 49.196100][ T3497] WARNING: possible circular locking dependency detected [ 49.203253][ T3497] 5.15.152-syzkaller #0 Not tainted [ 49.208733][ T3497] ------------------------------------------------------ [ 49.215764][ T3497] sshd/3497 is trying to acquire lock: [ 49.221215][ T3497] ffff888079b71db8 (&trie->lock){....}-{2:2}, at: trie_delete_elem+0x90/0x690 [ 49.230112][ T3497] [ 49.230112][ T3497] but task is already holding lock: [ 49.237470][ T3497] ffff8880b9b28098 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x120/0x260 [ 49.246866][ T3497] [ 49.246866][ T3497] which lock already depends on the new lock. [ 49.246866][ T3497] [ 49.257258][ T3497] [ 49.257258][ T3497] the existing dependency chain (in reverse order) is: [ 49.266348][ T3497] [ 49.266348][ T3497] -> #2 (&base->lock){-.-.}-{2:2}: [ 49.273639][ T3497] lock_acquire+0x1db/0x4f0 [ 49.278660][ T3497] _raw_spin_lock_irqsave+0xd1/0x120 [ 49.284463][ T3497] lock_timer_base+0x120/0x260 [ 49.289746][ T3497] __mod_timer+0x1d6/0xeb0 [ 49.294679][ T3497] queue_delayed_work_on+0x156/0x250 [ 49.300493][ T3497] kvfree_call_rcu+0x50e/0x8a0 [ 49.305775][ T3497] rtnl_register_internal+0x443/0x530 [ 49.311660][ T3497] rtnl_register+0x32/0x70 [ 49.316590][ T3497] ip_rt_init+0x2e6/0x390 [ 49.321437][ T3497] ip_init+0xa/0x14 [ 49.326106][ T3497] inet_init+0x27c/0x38e [ 49.330866][ T3497] do_one_initcall+0x22b/0x7a0 [ 49.336148][ T3497] do_initcall_level+0x157/0x207 [ 49.342460][ T3497] do_initcalls+0x49/0x86 [ 49.347326][ T3497] kernel_init_freeable+0x425/0x5b5 [ 49.353043][ T3497] kernel_init+0x19/0x290 [ 49.357903][ T3497] ret_from_fork+0x1f/0x30 [ 49.362859][ T3497] [ 49.362859][ T3497] -> #1 (krc.lock){....}-{2:2}: [ 49.369898][ T3497] lock_acquire+0x1db/0x4f0 [ 49.374916][ T3497] _raw_spin_lock+0x2a/0x40 [ 49.379937][ T3497] kvfree_call_rcu+0x1b5/0x8a0 [ 49.385320][ T3497] trie_update_elem+0x808/0xc00 [ 49.390691][ T3497] bpf_map_update_value+0x5d7/0x6c0 [ 49.396411][ T3497] generic_map_update_batch+0x54d/0x8b0 [ 49.402475][ T3497] bpf_map_do_batch+0x4d0/0x620 [ 49.407855][ T3497] __sys_bpf+0x55c/0x670 [ 49.412721][ T3497] __x64_sys_bpf+0x78/0x90 [ 49.417679][ T3497] do_syscall_64+0x3d/0xb0 [ 49.422632][ T3497] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 49.429075][ T3497] [ 49.429075][ T3497] -> #0 (&trie->lock){....}-{2:2}: [ 49.436381][ T3497] validate_chain+0x1649/0x5930 [ 49.441763][ T3497] __lock_acquire+0x1295/0x1ff0 [ 49.447137][ T3497] lock_acquire+0x1db/0x4f0 [ 49.452155][ T3497] _raw_spin_lock_irqsave+0xd1/0x120 [ 49.457957][ T3497] trie_delete_elem+0x90/0x690 [ 49.463240][ T3497] bpf_prog_2c29ac5cdc6b1842+0x3a/0xa9c [ 49.469323][ T3497] bpf_trace_run3+0x1d1/0x380 [ 49.474990][ T3497] enqueue_timer+0x3ae/0x540 [ 49.480302][ T3497] __mod_timer+0x9ca/0xeb0 [ 49.485267][ T3497] sk_reset_timer+0x1f/0xb0 [ 49.490471][ T3497] tcp_event_new_data_sent+0x203/0x360 [ 49.496512][ T3497] tcp_write_xmit+0x1a0b/0x65f0 [ 49.501994][ T3497] __tcp_push_pending_frames+0x90/0x250 [ 49.508079][ T3497] tcp_sendmsg_locked+0x315c/0x3a90 [ 49.513978][ T3497] tcp_sendmsg+0x2c/0x40 [ 49.518734][ T3497] sock_write_iter+0x39b/0x530 [ 49.524015][ T3497] vfs_write+0xacf/0xe50 [ 49.528771][ T3497] ksys_write+0x1a2/0x2c0 [ 49.533616][ T3497] do_syscall_64+0x3d/0xb0 [ 49.538552][ T3497] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 49.544979][ T3497] [ 49.544979][ T3497] other info that might help us debug this: [ 49.544979][ T3497] [ 49.555483][ T3497] Chain exists of: [ 49.555483][ T3497] &trie->lock --> krc.lock --> &base->lock [ 49.555483][ T3497] [ 49.567219][ T3497] Possible unsafe locking scenario: [ 49.567219][ T3497] [ 49.574667][ T3497] CPU0 CPU1 [ 49.580020][ T3497] ---- ---- [ 49.585425][ T3497] lock(&base->lock); [ 49.589510][ T3497] lock(krc.lock); [ 49.596019][ T3497] lock(&base->lock); [ 49.603562][ T3497] lock(&trie->lock); [ 49.607890][ T3497] [ 49.607890][ T3497] *** DEADLOCK *** [ 49.607890][ T3497] [ 49.616063][ T3497] 3 locks held by sshd/3497: [ 49.620644][ T3497] #0: ffff88801e7b8d20 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_sendmsg+0x1e/0x40 [ 49.629794][ T3497] #1: ffff8880b9b28098 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x120/0x260 [ 49.639104][ T3497] #2: ffffffff8c91f720 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 49.648497][ T3497] [ 49.648497][ T3497] stack backtrace: [ 49.654380][ T3497] CPU: 1 PID: 3497 Comm: sshd Not tainted 5.15.152-syzkaller #0 [ 49.664878][ T3497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 49.675962][ T3497] Call Trace: [ 49.679246][ T3497] [ 49.682175][ T3497] dump_stack_lvl+0x1e3/0x2cb [ 49.686852][ T3497] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 49.692497][ T3497] ? print_circular_bug+0x12b/0x1a0 [ 49.697703][ T3497] check_noncircular+0x2f8/0x3b0 [ 49.702725][ T3497] ? add_chain_block+0x850/0x850 [ 49.708446][ T3497] ? queued_spin_lock_slowpath+0x42/0x50 [ 49.714279][ T3497] ? lockdep_lock+0x1a7/0x2a0 [ 49.720179][ T3497] ? virtqueue_add+0x4630/0x4630 [ 49.725217][ T3497] validate_chain+0x1649/0x5930 [ 49.730082][ T3497] ? virtqueue_kick_prepare+0x2c7/0x4d0 [ 49.735629][ T3497] ? start_xmit+0xe05/0x1580 [ 49.740232][ T3497] ? mark_lock+0x98/0x340 [ 49.744567][ T3497] ? reacquire_held_locks+0x660/0x660 [ 49.749954][ T3497] ? validate_chain+0x112/0x5930 [ 49.754904][ T3497] ? print_irqtrace_events+0x210/0x210 [ 49.760366][ T3497] ? look_up_lock_class+0x77/0x120 [ 49.765480][ T3497] ? register_lock_class+0x100/0x9a0 [ 49.770959][ T3497] ? is_dynamic_key+0x1f0/0x1f0 [ 49.775850][ T3497] ? mark_lock+0x98/0x340 [ 49.780194][ T3497] __lock_acquire+0x1295/0x1ff0 [ 49.785149][ T3497] lock_acquire+0x1db/0x4f0 [ 49.789672][ T3497] ? trie_delete_elem+0x90/0x690 [ 49.794628][ T3497] ? mark_lock+0x98/0x340 [ 49.798975][ T3497] ? read_lock_is_recursive+0x10/0x10 [ 49.804351][ T3497] ? __lock_acquire+0x1295/0x1ff0 [ 49.809384][ T3497] _raw_spin_lock_irqsave+0xd1/0x120 [ 49.814672][ T3497] ? trie_delete_elem+0x90/0x690 [ 49.819876][ T3497] ? _raw_spin_lock+0x40/0x40 [ 49.827764][ T3497] ? read_lock_is_recursive+0x10/0x10 [ 49.833140][ T3497] trie_delete_elem+0x90/0x690 [ 49.841203][ T3497] ? __cant_sleep+0x270/0x270 [ 49.845892][ T3497] ? do_raw_spin_lock+0x14a/0x370 [ 49.850913][ T3497] ? __lock_acquire+0x1ff0/0x1ff0 [ 49.855937][ T3497] bpf_prog_2c29ac5cdc6b1842+0x3a/0xa9c [ 49.861490][ T3497] bpf_trace_run3+0x1d1/0x380 [ 49.866181][ T3497] ? bpf_trace_run2+0x340/0x340 [ 49.871038][ T3497] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 49.876940][ T3497] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 49.882833][ T3497] ? _raw_spin_unlock+0x40/0x40 [ 49.890907][ T3497] enqueue_timer+0x3ae/0x540 [ 49.898822][ T3497] __mod_timer+0x9ca/0xeb0 [ 49.903255][ T3497] ? mod_timer_pending+0x20/0x20 [ 49.908190][ T3497] ? ktime_get+0x7f/0x270 [ 49.912518][ T3497] ? seqcount_lockdep_reader_access+0x153/0x220 [ 49.918767][ T3497] ? lockdep_hardirqs_on+0x94/0x130 [ 49.923996][ T3497] ? seqcount_lockdep_reader_access+0x1d3/0x220 [ 49.930256][ T3497] ? memset+0x1f/0x40 [ 49.934270][ T3497] sk_reset_timer+0x1f/0xb0 [ 49.941482][ T3497] tcp_event_new_data_sent+0x203/0x360 [ 49.946964][ T3497] tcp_write_xmit+0x1a0b/0x65f0 [ 49.951880][ T3497] __tcp_push_pending_frames+0x90/0x250 [ 49.957618][ T3497] tcp_sendmsg_locked+0x315c/0x3a90 [ 49.962834][ T3497] ? tcp_free_fastopen_req+0x70/0x70 [ 49.968225][ T3497] ? __local_bh_enable_ip+0x164/0x1f0 [ 49.973595][ T3497] ? do_raw_spin_unlock+0x137/0x8b0 [ 49.978793][ T3497] tcp_sendmsg+0x2c/0x40 [ 49.983032][ T3497] ? inet_send_prepare+0x250/0x250 [ 49.988136][ T3497] sock_write_iter+0x39b/0x530 [ 49.992915][ T3497] ? sock_read_iter+0x480/0x480 [ 49.997786][ T3497] ? common_file_perm+0x17d/0x1d0 [ 50.002815][ T3497] ? fsnotify_perm+0x67/0x5a0 [ 50.007491][ T3497] ? iov_iter_init+0x4a/0x170 [ 50.012162][ T3497] vfs_write+0xacf/0xe50 [ 50.016405][ T3497] ? file_end_write+0x250/0x250 [ 50.021262][ T3497] ? read_lock_is_recursive+0x10/0x10 [ 50.026632][ T3497] ? __fdget_pos+0x1e9/0x380 [ 50.031220][ T3497] ksys_write+0x1a2/0x2c0 [ 50.035545][ T3497] ? print_irqtrace_events+0x210/0x210 [ 50.041006][ T3497] ? __ia32_sys_read+0x80/0x80 [ 50.045766][ T3497] ? syscall_enter_from_user_mode+0x2e/0x230 [ 50.051741][ T3497] ? lockdep_hardirqs_on+0x94/0x130 [ 50.056984][ T3497] ? syscall_enter_from_user_mode+0x2e/0x230 [ 50.062984][ T3497] do_syscall_64+0x3d/0xb0 [ 50.067423][ T3497] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 50.073318][ T3497] RIP: 0033:0x7f4c66afabf2 [ 50.077737][ T3497] Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83 [ 50.098570][ T3497] RSP: 002b:00007ffecdd66308 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 50.106993][ T3497] RAX: ffffffffffffffda RBX: 0000000000000034 RCX: 00007f4c66afabf2 [ 50.114962][ T3497] RDX: 0000000000000034 RSI: 000055c8e7485960 RDI: 0000000000000004 [ 50.122927][ T3497] RBP: 000055c8e7493220 R08: 0000000000000000 R09: 0000000000000000 [ 50.130889][ T3497] R10: 0000000000000000 R11: 0000000000000246 R12: 000055c8e6be6