====================================================== WARNING: possible circular locking dependency detected 5.6.0-rc2-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.0/16080 is trying to acquire lock: ffff8880919edf60 (&htab->buckets[i].lock){....}, at: htab_lru_map_delete_node+0x9c/0x290 kernel/bpf/hashtab.c:593 but task is already holding lock: ffffe8ffffdbaf98 (&l->lock){....}, at: bpf_percpu_lru_pop_free kernel/bpf/bpf_lru_list.c:410 [inline] ffffe8ffffdbaf98 (&l->lock){....}, at: bpf_lru_pop_free+0xbe/0x1c90 kernel/bpf/bpf_lru_list.c:497 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&l->lock){....}: lock_acquire+0x154/0x250 kernel/locking/lockdep.c:4484 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2d/0x40 kernel/locking/spinlock.c:151 bpf_lru_list_pop_free_to_local kernel/bpf/bpf_lru_list.c:325 [inline] bpf_common_lru_pop_free kernel/bpf/bpf_lru_list.c:447 [inline] bpf_lru_pop_free+0x369/0x1c90 kernel/bpf/bpf_lru_list.c:499 prealloc_lru_pop kernel/bpf/hashtab.c:132 [inline] htab_lru_map_update_elem+0x121/0x700 kernel/bpf/hashtab.c:950 bpf_map_update_value+0x4ac/0x720 kernel/bpf/syscall.c:206 map_update_elem kernel/bpf/syscall.c:1089 [inline] __do_sys_bpf+0x4c64/0xc160 kernel/bpf/syscall.c:3384 __se_sys_bpf kernel/bpf/syscall.c:3355 [inline] __x64_sys_bpf+0x7a/0x90 kernel/bpf/syscall.c:3355 do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #1 (&loc_l->lock){....}: lock_acquire+0x154/0x250 kernel/locking/lockdep.c:4484 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa1/0xc0 kernel/locking/spinlock.c:159 bpf_common_lru_push_free kernel/bpf/bpf_lru_list.c:516 [inline] bpf_lru_push_free+0x46f/0xab0 kernel/bpf/bpf_lru_list.c:555 __htab_map_lookup_and_delete_batch+0xd87/0x1880 kernel/bpf/hashtab.c:1374 htab_lru_map_lookup_and_delete_batch+0x33/0x40 kernel/bpf/hashtab.c:1491 bpf_map_do_batch+0x3df/0x500 kernel/bpf/syscall.c:3348 __do_sys_bpf+0x947/0xc160 kernel/bpf/syscall.c:3460 __se_sys_bpf kernel/bpf/syscall.c:3355 [inline] __x64_sys_bpf+0x7a/0x90 kernel/bpf/syscall.c:3355 do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&htab->buckets[i].lock){....}: check_prev_add kernel/locking/lockdep.c:2475 [inline] check_prevs_add kernel/locking/lockdep.c:2580 [inline] validate_chain+0x1507/0x7be0 kernel/locking/lockdep.c:2970 __lock_acquire+0xc5a/0x1bc0 kernel/locking/lockdep.c:3954 lock_acquire+0x154/0x250 kernel/locking/lockdep.c:4484 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa1/0xc0 kernel/locking/spinlock.c:159 htab_lru_map_delete_node+0x9c/0x290 kernel/bpf/hashtab.c:593 __bpf_lru_list_shrink_inactive kernel/bpf/bpf_lru_list.c:220 [inline] __bpf_lru_list_shrink+0x1ee/0xc80 kernel/bpf/bpf_lru_list.c:266 bpf_percpu_lru_pop_free kernel/bpf/bpf_lru_list.c:416 [inline] bpf_lru_pop_free+0x338/0x1c90 kernel/bpf/bpf_lru_list.c:497 prealloc_lru_pop kernel/bpf/hashtab.c:132 [inline] __htab_lru_percpu_map_update_elem+0x14c/0x10d0 kernel/bpf/hashtab.c:1069 bpf_percpu_hash_update+0xe0/0x1a0 kernel/bpf/hashtab.c:1585 bpf_map_update_value+0x257/0x720 kernel/bpf/syscall.c:181 map_update_elem kernel/bpf/syscall.c:1089 [inline] __do_sys_bpf+0x4c64/0xc160 kernel/bpf/syscall.c:3384 __se_sys_bpf kernel/bpf/syscall.c:3355 [inline] __x64_sys_bpf+0x7a/0x90 kernel/bpf/syscall.c:3355 do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Chain exists of: &htab->buckets[i].lock --> &loc_l->lock --> &l->lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&l->lock); lock(&loc_l->lock); lock(&l->lock); lock(&htab->buckets[i].lock); *** DEADLOCK *** 2 locks held by syz-executor.0/16080: #0: ffffffff892d9908 (rcu_read_lock){....}, at: rcu_lock_acquire+0x9/0x40 include/linux/rcupdate.h:207 #1: ffffe8ffffdbaf98 (&l->lock){....}, at: bpf_percpu_lru_pop_free kernel/bpf/bpf_lru_list.c:410 [inline] #1: ffffe8ffffdbaf98 (&l->lock){....}, at: bpf_lru_pop_free+0xbe/0x1c90 kernel/bpf/bpf_lru_list.c:497 stack backtrace: CPU: 1 PID: 16080 Comm: syz-executor.0 Not tainted 5.6.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fb/0x318 lib/dump_stack.c:118 print_circular_bug+0xc3f/0xe70 kernel/locking/lockdep.c:1684 check_noncircular+0x206/0x3a0 kernel/locking/lockdep.c:1808 check_prev_add kernel/locking/lockdep.c:2475 [inline] check_prevs_add kernel/locking/lockdep.c:2580 [inline] validate_chain+0x1507/0x7be0 kernel/locking/lockdep.c:2970 __lock_acquire+0xc5a/0x1bc0 kernel/locking/lockdep.c:3954 lock_acquire+0x154/0x250 kernel/locking/lockdep.c:4484 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa1/0xc0 kernel/locking/spinlock.c:159 htab_lru_map_delete_node+0x9c/0x290 kernel/bpf/hashtab.c:593 __bpf_lru_list_shrink_inactive kernel/bpf/bpf_lru_list.c:220 [inline] __bpf_lru_list_shrink+0x1ee/0xc80 kernel/bpf/bpf_lru_list.c:266 bpf_percpu_lru_pop_free kernel/bpf/bpf_lru_list.c:416 [inline] bpf_lru_pop_free+0x338/0x1c90 kernel/bpf/bpf_lru_list.c:497 prealloc_lru_pop kernel/bpf/hashtab.c:132 [inline] __htab_lru_percpu_map_update_elem+0x14c/0x10d0 kernel/bpf/hashtab.c:1069 bpf_percpu_hash_update+0xe0/0x1a0 kernel/bpf/hashtab.c:1585 bpf_map_update_value+0x257/0x720 kernel/bpf/syscall.c:181 map_update_elem kernel/bpf/syscall.c:1089 [inline] __do_sys_bpf+0x4c64/0xc160 kernel/bpf/syscall.c:3384 __se_sys_bpf kernel/bpf/syscall.c:3355 [inline] __x64_sys_bpf+0x7a/0x90 kernel/bpf/syscall.c:3355 do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45c449 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ff193531c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007ff1935326d4 RCX: 000000000045c449 RDX: 0000000000000020 RSI: 0000000020000000 RDI: 0000000000000002 RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000063 R14: 00000000004c2c26 R15: 000000000076bfcc