====================================================== WARNING: possible circular locking dependency detected 4.17.0-rc6+ #25 Not tainted ------------------------------------------------------ syz-executor5/7927 is trying to acquire lock: 000000004241dc7e (&htab->buckets[i].lock#2){+...}, at: bpf_tcp_close+0x822/0x10b0 kernel/bpf/sockmap.c:285 but task is already holding lock: 00000000cfcaca1a (clock-AF_INET6){++..}, at: bpf_tcp_close+0x241/0x10b0 kernel/bpf/sockmap.c:260 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (clock-AF_INET6){++..}: __raw_write_lock_bh include/linux/rwlock_api_smp.h:203 [inline] _raw_write_lock_bh+0x31/0x40 kernel/locking/spinlock.c:312 sock_hash_free+0x377/0x700 kernel/bpf/sockmap.c:2089 bpf_map_free_deferred+0xba/0xf0 kernel/bpf/syscall.c:261 process_one_work+0xc1e/0x1b50 kernel/workqueue.c:2145 worker_thread+0x1cc/0x1440 kernel/workqueue.c:2279 kthread+0x345/0x410 kernel/kthread.c:240 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412 -> #0 (&htab->buckets[i].lock#2){+...}: lock_acquire+0x1dc/0x520 kernel/locking/lockdep.c:3920 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 bpf_tcp_close+0x822/0x10b0 kernel/bpf/sockmap.c:285 inet_release+0x104/0x1f0 net/ipv4/af_inet.c:427 inet6_release+0x50/0x70 net/ipv6/af_inet6.c:459 sock_release+0x96/0x1b0 net/socket.c:594 sock_close+0x16/0x20 net/socket.c:1149 __fput+0x34d/0x890 fs/file_table.c:209 ____fput+0x15/0x20 fs/file_table.c:243 task_work_run+0x1e4/0x290 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0xf89/0x2730 kernel/exit.c:865 do_group_exit+0x16f/0x430 kernel/exit.c:968 __do_sys_exit_group kernel/exit.c:979 [inline] __se_sys_exit_group kernel/exit.c:977 [inline] __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:977 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(clock-AF_INET6); lock(&htab->buckets[i].lock#2); lock(clock-AF_INET6); lock(&htab->buckets[i].lock#2); *** DEADLOCK *** 2 locks held by syz-executor5/7927: #0: 000000004a983c64 (rcu_read_lock){....}, at: bpf_tcp_close+0x0/0x10b0 kernel/bpf/sockmap.c:2106 #1: 00000000cfcaca1a (clock-AF_INET6){++..}, at: bpf_tcp_close+0x241/0x10b0 kernel/bpf/sockmap.c:260 stack backtrace: CPU: 1 PID: 7927 Comm: syz-executor5 Not tainted 4.17.0-rc6+ #25 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 print_circular_bug.isra.36.cold.54+0x1bd/0x27d kernel/locking/lockdep.c:1223 check_prev_add kernel/locking/lockdep.c:1863 [inline] check_prevs_add kernel/locking/lockdep.c:1976 [inline] validate_chain kernel/locking/lockdep.c:2417 [inline] __lock_acquire+0x343e/0x5140 kernel/locking/lockdep.c:3431 lock_acquire+0x1dc/0x520 kernel/locking/lockdep.c:3920 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 bpf_tcp_close+0x822/0x10b0 kernel/bpf/sockmap.c:285 inet_release+0x104/0x1f0 net/ipv4/af_inet.c:427 inet6_release+0x50/0x70 net/ipv6/af_inet6.c:459 sock_release+0x96/0x1b0 net/socket.c:594 sock_close+0x16/0x20 net/socket.c:1149 __fput+0x34d/0x890 fs/file_table.c:209 ____fput+0x15/0x20 fs/file_table.c:243 task_work_run+0x1e4/0x290 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0xf89/0x2730 kernel/exit.c:865 do_group_exit+0x16f/0x430 kernel/exit.c:968 __do_sys_exit_group kernel/exit.c:979 [inline] __se_sys_exit_group kernel/exit.c:977 [inline] __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:977 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x455a09 RSP: 002b:00007ffda9b2e248 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 0000000000000027 RCX: 0000000000455a09 RDX: 0000000000000000 RSI: 0000000000730be8 RDI: 0000000000000000 RBP: 0000000000000013 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000013 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000001380 NFS: bad mount option value specified: v­ NFS: bad mount option value specified: v­ overlayfs: missing 'lowerdir' overlayfs: missing 'lowerdir' FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 CPU: 1 PID: 8398 Comm: syz-executor2 Not tainted 4.17.0-rc6+ #25 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold.4+0xa/0x1a lib/fault-inject.c:149 __should_failslab+0x124/0x180 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1522 slab_pre_alloc_hook mm/slab.h:423 [inline] slab_alloc mm/slab.c:3378 [inline] __do_kmalloc mm/slab.c:3716 [inline] __kmalloc+0x2c8/0x760 mm/slab.c:3727 kmalloc include/linux/slab.h:517 [inline] sock_kmalloc+0x14e/0x1d0 net/core/sock.c:1996 ___sys_sendmsg+0x2de/0x940 net/socket.c:2084 __sys_sendmsg+0x115/0x270 net/socket.c:2155 __do_sys_sendmsg net/socket.c:2164 [inline] __se_sys_sendmsg net/socket.c:2162 [inline] __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2162 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x455a09 RSP: 002b:00007fe82b3e3c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fe82b3e46d4 RCX: 0000000000455a09 RDX: 0000000000000000 RSI: 0000000020001500 RDI: 0000000000000014 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 R13: 000000000000059c R14: 00000000006fc740 R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 8525 Comm: syz-executor4 Not tainted 4.17.0-rc6+ #25 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold.4+0xa/0x1a lib/fault-inject.c:149 __should_failslab+0x124/0x180 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1522 slab_pre_alloc_hook mm/slab.h:423 [inline] slab_alloc mm/slab.c:3378 [inline] __do_kmalloc mm/slab.c:3716 [inline] __kmalloc_track_caller+0x2c4/0x760 mm/slab.c:3733 memdup_user+0x2c/0xa0 mm/util.c:160 map_update_elem+0x24a/0xc90 kernel/bpf/syscall.c:709 __do_sys_bpf kernel/bpf/syscall.c:2346 [inline] __se_sys_bpf kernel/bpf/syscall.c:2317 [inline] __x64_sys_bpf+0x32d/0x510 kernel/bpf/syscall.c:2317 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x455a09 RSP: 002b:00007f309fc8ac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007f309fc8b6d4 RCX: 0000000000455a09 RDX: 000000000000002c RSI: 0000000020003000 RDI: 0000000000000002 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 R13: 000000000000003d R14: 00000000006f4658 R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name fail_page_alloc, interval 1, probability 0, space 0, times 1 CPU: 1 PID: 8548 Comm: syz-executor4 Not tainted 4.17.0-rc6+ #25 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold.4+0xa/0x1a lib/fault-inject.c:149 should_fail_alloc_page mm/page_alloc.c:3060 [inline] prepare_alloc_pages mm/page_alloc.c:4319 [inline] __alloc_pages_nodemask+0x34e/0xd70 mm/page_alloc.c:4358 alloc_pages_current+0x10c/0x210 mm/mempolicy.c:2093 alloc_pages include/linux/gfp.h:492 [inline] __page_cache_alloc+0x386/0x5d0 mm/filemap.c:946 __do_page_cache_readahead+0x343/0xdc0 mm/readahead.c:183 ra_submit mm/internal.h:66 [inline] do_sync_mmap_readahead mm/filemap.c:2444 [inline] filemap_fault+0xe2c/0x2200 mm/filemap.c:2520 ext4_filemap_fault+0x82/0xad fs/ext4/inode.c:6183 __do_fault+0xe6/0x430 mm/memory.c:3222 do_read_fault mm/memory.c:3632 [inline] do_fault mm/memory.c:3732 [inline] handle_pte_fault mm/memory.c:3963 [inline] __handle_mm_fault+0x2ba6/0x4310 mm/memory.c:4087 handle_mm_fault+0x53a/0xc70 mm/memory.c:4124 __do_page_fault+0x60b/0xe40 arch/x86/mm/fault.c:1399 do_page_fault+0xee/0x8a7 arch/x86/mm/fault.c:1474 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1160 RIP: 0010:copy_user_generic_unrolled+0x9e/0xc0 arch/x86/lib/copy_user_64.S:74 RSP: 0018:ffff8801a17c7c80 EFLAGS: 00010202 RAX: 0000000000000004 RBX: 0000000000000004 RCX: 0000000000000004 RDX: 0000000000000004 RSI: 000000000077fffb RDI: ffff8801d63af6c0 RBP: ffff8801a17c7cb8 R08: ffffed003ac75ed9 R09: ffffed003ac75ed8 R10: ffffed003ac75ed8 R11: 0000000000000003 R12: 000000000077ffff R13: 000000000077fffb R14: ffff8801d63af6c0 R15: 00007ffffffff000 copy_from_user include/linux/uaccess.h:147 [inline] memdup_user+0x54/0xa0 mm/util.c:164 map_update_elem+0x24a/0xc90 kernel/bpf/syscall.c:709 __do_sys_bpf kernel/bpf/syscall.c:2346 [inline] __se_sys_bpf kernel/bpf/syscall.c:2317 [inline] __x64_sys_bpf+0x32d/0x510 kernel/bpf/syscall.c:2317 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x455a09 RSP: 002b:00007f309fc8ac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007f309fc8b6d4 RCX: 0000000000455a09 RDX: 000000000000002c RSI: 0000000020003000 RDI: 0000000000000002 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 R13: 000000000000003d R14: 00000000006f4658 R15: 0000000000000001 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 8575 Comm: syz-executor4 Not tainted 4.17.0-rc6+ #25 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold.4+0xa/0x1a lib/fault-inject.c:149 __should_failslab+0x124/0x180 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1522 slab_pre_alloc_hook mm/slab.h:423 [inline] slab_alloc_node mm/slab.c:3299 [inline] kmem_cache_alloc_node_trace+0x26f/0x770 mm/slab.c:3661 kmalloc_node include/linux/slab.h:550 [inline] kzalloc_node include/linux/slab.h:712 [inline] __cpu_map_entry_alloc kernel/bpf/cpumap.c:312 [inline] cpu_map_update_elem+0x353/0x9b0 kernel/bpf/cpumap.c:458 map_update_elem+0x88a/0xc90 kernel/bpf/syscall.c:736 __do_sys_bpf kernel/bpf/syscall.c:2346 [inline] __se_sys_bpf kernel/bpf/syscall.c:2317 [inline] __x64_sys_bpf+0x32d/0x510 kernel/bpf/syscall.c:2317 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x455a09 RSP: 002b:00007f309fc8ac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007f309fc8b6d4 RCX: 0000000000455a09 RDX: 000000000000002c RSI: 0000000020003000 RDI: 0000000000000002 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 R13: 000000000000003d R14: 00000000006f4658 R15: 0000000000000002 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 8598 Comm: syz-executor4 Not tainted 4.17.0-rc6+ #25 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold.4+0xa/0x1a lib/fault-inject.c:149 __should_failslab+0x124/0x180 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1522 slab_pre_alloc_hook mm/slab.h:423 [inline] slab_alloc_node mm/slab.c:3299 [inline] kmem_cache_alloc_node_trace+0x26f/0x770 mm/slab.c:3661 kmalloc_node include/linux/slab.h:550 [inline] kzalloc_node include/linux/slab.h:712 [inline] __cpu_map_entry_alloc kernel/bpf/cpumap.c:323 [inline] cpu_map_update_elem+0x3ea/0x9b0 kernel/bpf/cpumap.c:458 map_update_elem+0x88a/0xc90 kernel/bpf/syscall.c:736 __do_sys_bpf kernel/bpf/syscall.c:2346 [inline] __se_sys_bpf kernel/bpf/syscall.c:2317 [inline] __x64_sys_bpf+0x32d/0x510 kernel/bpf/syscall.c:2317 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x455a09 RSP: 002b:00007f309fc8ac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007f309fc8b6d4 RCX: 0000000000455a09 RDX: 000000000000002c RSI: 0000000020003000 RDI: 0000000000000002 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 R13: 000000000000003d R14: 00000000006f4658 R15: 0000000000000003 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 8619 Comm: syz-executor4 Not tainted 4.17.0-rc6+ #25 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold.4+0xa/0x1a lib/fault-inject.c:149 __should_failslab+0x124/0x180 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1522 slab_pre_alloc_hook mm/slab.h:423 [inline] slab_alloc_node mm/slab.c:3299 [inline] kmem_cache_alloc_node_trace+0x26f/0x770 mm/slab.c:3661 __do_kmalloc_node mm/slab.c:3681 [inline] __kmalloc_node+0x33/0x70 mm/slab.c:3689 kmalloc_node include/linux/slab.h:554 [inline] kvmalloc_node+0x6b/0x100 mm/util.c:421 kvmalloc include/linux/mm.h:550 [inline] kvmalloc_array include/linux/mm.h:566 [inline] __ptr_ring_init_queue_alloc include/linux/ptr_ring.h:475 [inline] ptr_ring_init include/linux/ptr_ring.h:493 [inline] __cpu_map_entry_alloc kernel/bpf/cpumap.c:327 [inline] cpu_map_update_elem+0x438/0x9b0 kernel/bpf/cpumap.c:458 map_update_elem+0x88a/0xc90 kernel/bpf/syscall.c:736 __do_sys_bpf kernel/bpf/syscall.c:2346 [inline] __se_sys_bpf kernel/bpf/syscall.c:2317 [inline] __x64_sys_bpf+0x32d/0x510 kernel/bpf/syscall.c:2317 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x455a09 RSP: 002b:00007f309fc8ac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007f309fc8b6d4 RCX: 0000000000455a09 RDX: 000000000000002c RSI: 0000000020003000 RDI: 0000000000000002 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 R13: 000000000000003d R14: 00000000006f4658 R15: 0000000000000004 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 8646 Comm: syz-executor4 Not tainted 4.17.0-rc6+ #25 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold.4+0xa/0x1a lib/fault-inject.c:149 __should_failslab+0x124/0x180 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1522 slab_pre_alloc_hook mm/slab.h:423 [inline] slab_alloc mm/slab.c:3378 [inline] kmem_cache_alloc_trace+0x2cb/0x780 mm/slab.c:3618 kmalloc include/linux/slab.h:512 [inline] __kthread_create_on_node+0x127/0x4c0 kernel/kthread.c:285 kthread_create_on_node+0xa8/0xd0 kernel/kthread.c:367 __cpu_map_entry_alloc kernel/bpf/cpumap.c:336 [inline] cpu_map_update_elem+0x666/0x9b0 kernel/bpf/cpumap.c:458 map_update_elem+0x88a/0xc90 kernel/bpf/syscall.c:736 __do_sys_bpf kernel/bpf/syscall.c:2346 [inline] __se_sys_bpf kernel/bpf/syscall.c:2317 [inline] __x64_sys_bpf+0x32d/0x510 kernel/bpf/syscall.c:2317 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x455a09 RSP: 002b:00007f309fc8ac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007f309fc8b6d4 RCX: 0000000000455a09 RDX: 000000000000002c RSI: 0000000020003000 RDI: 0000000000000002 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 R13: 000000000000003d R14: 00000000006f4658 R15: 0000000000000005