============================================
WARNING: possible recursive locking detected
5.15.158-syzkaller #0 Not tainted
--------------------------------------------
swapper/1/0 is trying to acquire lock:
ffff8880229d89c0 (&stab->lock){+.-.}-{2:2}, at: __sock_map_delete net/core/sock_map.c:419 [inline]
ffff8880229d89c0 (&stab->lock){+.-.}-{2:2}, at: sock_map_delete_elem+0x161/0x230 net/core/sock_map.c:451
but task is already holding lock:
ffff8880229d89c0 (&stab->lock){+.-.}-{2:2}, at: __sock_map_delete net/core/sock_map.c:419 [inline]
ffff8880229d89c0 (&stab->lock){+.-.}-{2:2}, at: sock_map_delete_elem+0x161/0x230 net/core/sock_map.c:451
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&stab->lock);
lock(&stab->lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
5 locks held by swapper/1/0:
#0: ffffffff8c91fba0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire+0x0/0x20
#1: ffffffff8c91fae0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311
#2: ffff8880229d89c0 (&stab->lock){+.-.}-{2:2}, at: __sock_map_delete net/core/sock_map.c:419 [inline]
#2: ffff8880229d89c0 (&stab->lock){+.-.}-{2:2}, at: sock_map_delete_elem+0x161/0x230 net/core/sock_map.c:451
#3: ffff88807886c290 (&psock->link_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:368 [inline]
#3: ffff88807886c290 (&psock->link_lock){+.-.}-{2:2}, at: sock_map_del_link net/core/sock_map.c:147 [inline]
#3: ffff88807886c290 (&psock->link_lock){+.-.}-{2:2}, at: sock_map_unref+0xcc/0x5d0 net/core/sock_map.c:182
#4: ffffffff8c91fae0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311
stack backtrace:
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.15.158-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2d0 lib/dump_stack.c:106
print_deadlock_bug kernel/locking/lockdep.c:2946 [inline]
check_deadlock kernel/locking/lockdep.c:2989 [inline]
validate_chain+0x46d2/0x5930 kernel/locking/lockdep.c:3775
__lock_acquire+0x1295/0x1ff0 kernel/locking/lockdep.c:5012
lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
_raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:178
__sock_map_delete net/core/sock_map.c:419 [inline]
sock_map_delete_elem+0x161/0x230 net/core/sock_map.c:451
bpf_prog_8a405b5ced52e191+0x42/0xc78
bpf_dispatcher_nop_func include/linux/bpf.h:790 [inline]
__bpf_prog_run include/linux/filter.h:628 [inline]
bpf_prog_run include/linux/filter.h:635 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:1880 [inline]
bpf_trace_run2+0x19e/0x340 kernel/trace/bpf_trace.c:1917
__bpf_trace_kfree+0x6e/0x90 include/trace/events/kmem.h:118
trace_kfree include/trace/events/kmem.h:118 [inline]
kfree+0x22f/0x270 mm/slub.c:4549
sk_psock_free_link include/linux/skmsg.h:422 [inline]
sock_map_del_link net/core/sock_map.c:160 [inline]
sock_map_unref+0x3ac/0x5d0 net/core/sock_map.c:182
__sock_map_delete net/core/sock_map.c:425 [inline]
sock_map_delete_elem+0x191/0x230 net/core/sock_map.c:451
bpf_prog_8a405b5ced52e191+0x42/0xc78
bpf_dispatcher_nop_func include/linux/bpf.h:790 [inline]
__bpf_prog_run include/linux/filter.h:628 [inline]
bpf_prog_run include/linux/filter.h:635 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:1880 [inline]
bpf_trace_run2+0x19e/0x340 kernel/trace/bpf_trace.c:1917
__bpf_trace_kfree+0x6e/0x90 include/trace/events/kmem.h:118
trace_kfree include/trace/events/kmem.h:118 [inline]
kfree+0x22f/0x270 mm/slub.c:4549
security_task_free+0x96/0xc0 security/security.c:1691
__put_task_struct+0xf4/0x2b0 kernel/fork.c:756
rcu_do_batch kernel/rcu/tree.c:2523 [inline]
rcu_core+0xa15/0x1650 kernel/rcu/tree.c:2763
__do_softirq+0x3b3/0x93a kernel/softirq.c:558
invoke_softirq kernel/softirq.c:432 [inline]
__irq_exit_rcu+0x155/0x240 kernel/softirq.c:637
irq_exit_rcu+0x5/0x20 kernel/softirq.c:649
sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1096
asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:native_save_fl arch/x86/include/asm/irqflags.h:22 [inline]
RIP: 0010:arch_local_save_flags arch/x86/include/asm/irqflags.h:70 [inline]
RIP: 0010:arch_irqs_disabled arch/x86/include/asm/irqflags.h:132 [inline]
RIP: 0010:acpi_safe_halt drivers/acpi/processor_idle.c:110 [inline]
RIP: 0010:acpi_idle_do_entry+0x10f/0x340 drivers/acpi/processor_idle.c:570
Code: 1d 59 f7 48 83 e3 08 0f 85 0a 01 00 00 4c 8d 74 24 20 e8 24 99 5f f7 0f 1f 44 00 00 e8 1a 19 59 f7 0f 00 2d b3 d9 bb 00 fb f4 <4c> 89 f3 48 c1 eb 03 42 80 3c 3b 00 74 08 4c 89 f7 e8 9b f1 a2 f7
RSP: 0018:ffffc90000d67b00 EFLAGS: 000002d3
RAX: ffffffff8a2743a6 RBX: 0000000000000000 RCX: ffff88813fe68000
RDX: 0000000000000000 RSI: ffffffff8a8b2980 RDI: ffffffff8ad8f600
RBP: ffffc90000d67b90 R08: ffffffff8186dcf0 R09: ffffed1027fcd001
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff920001acf60
R13: ffff888146063004 R14: ffffc90000d67b20 R15: dffffc0000000000
acpi_idle_enter+0x352/0x4f0 drivers/acpi/processor_idle.c:705
cpuidle_enter_state+0x521/0xef0 drivers/cpuidle/cpuidle.c:237
cpuidle_enter+0x59/0x90 drivers/cpuidle/cpuidle.c:351
call_cpuidle kernel/sched/idle.c:158 [inline]
cpuidle_idle_call kernel/sched/idle.c:239 [inline]
do_idle+0x3e4/0x670 kernel/sched/idle.c:306
cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:403
start_secondary+0x371/0x500 arch/x86/kernel/smpboot.c:281
secondary_startup_64_no_verify+0xb1/0xbb
----------------
Code disassembly (best guess):
0: 1d 59 f7 48 83 sbb $0x8348f759,%eax
5: e3 08 jrcxz 0xf
7: 0f 85 0a 01 00 00 jne 0x117
d: 4c 8d 74 24 20 lea 0x20(%rsp),%r14
12: e8 24 99 5f f7 call 0xf75f993b
17: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
1c: e8 1a 19 59 f7 call 0xf759193b
21: 0f 00 2d b3 d9 bb 00 verw 0xbbd9b3(%rip) # 0xbbd9db
28: fb sti
29: f4 hlt
* 2a: 4c 89 f3 mov %r14,%rbx <-- trapping instruction
2d: 48 c1 eb 03 shr $0x3,%rbx
31: 42 80 3c 3b 00 cmpb $0x0,(%rbx,%r15,1)
36: 74 08 je 0x40
38: 4c 89 f7 mov %r14,%rdi
3b: e8 9b f1 a2 f7 call 0xf7a2f1db