====================================================== WARNING: possible circular locking dependency detected 6.9.0-rc6-syzkaller-00234-g7367539ad4b0 #0 Not tainted ------------------------------------------------------ udevd/4516 is trying to acquire lock: ffff888077fd7aa0 (&htab->lockdep_key#11){....}-{2:2}, at: htab_lock_bucket+0x1a0/0x360 kernel/bpf/hashtab.c:167 but task is already holding lock: ffff888077fd73a0 (&htab->lockdep_key#9){....}-{2:2}, at: htab_lock_bucket+0x1a0/0x360 kernel/bpf/hashtab.c:167 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&htab->lockdep_key#9){....}-{2:2}: __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154 htab_lock_bucket+0x1a0/0x360 kernel/bpf/hashtab.c:167 htab_map_delete_elem+0x1db/0x6b0 kernel/bpf/hashtab.c:1423 bpf_prog_2c29ac5cdc6b1842+0x3a/0x3e bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:650 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x36d/0x420 kernel/trace/bpf_trace.c:2420 __traceiter_contention_end+0x77/0xb0 include/trace/events/lock.h:122 trace_contention_end+0x10a/0x130 include/trace/events/lock.h:122 __pv_queued_spin_lock_slowpath+0x935/0xc50 kernel/locking/qspinlock.c:560 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:584 [inline] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline] queued_spin_lock include/asm-generic/qspinlock.h:114 [inline] do_raw_spin_lock+0x298/0x3a0 kernel/locking/spinlock_debug.c:116 htab_lock_bucket+0x1a0/0x360 kernel/bpf/hashtab.c:167 htab_map_delete_elem+0x1db/0x6b0 kernel/bpf/hashtab.c:1423 bpf_prog_2c29ac5cdc6b1842+0x3a/0x3e bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:650 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x36d/0x420 kernel/trace/bpf_trace.c:2420 __traceiter_contention_end+0x77/0xb0 include/trace/events/lock.h:122 trace_contention_end+0xeb/0x110 include/trace/events/lock.h:122 __mutex_lock_common kernel/locking/mutex.c:617 [inline] __mutex_lock+0x2e1/0xd60 kernel/locking/mutex.c:752 futex_cleanup_begin kernel/futex/core.c:1091 [inline] futex_exit_release+0x30/0x1e0 kernel/futex/core.c:1143 exit_mm_release+0x16/0x30 kernel/fork.c:1653 exit_mm+0xac/0x300 kernel/exit.c:542 do_exit+0x99a/0x27c0 kernel/exit.c:865 do_group_exit+0x203/0x2b0 kernel/exit.c:1027 __do_sys_exit_group kernel/exit.c:1038 [inline] __se_sys_exit_group kernel/exit.c:1036 [inline] __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1036 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x84/0x190 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x76/0x7e -> #0 (&htab->lockdep_key#11){....}-{2:2}: check_prev_add kernel/locking/lockdep.c:3134 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline] validate_chain kernel/locking/lockdep.c:3869 [inline] __lock_acquire+0x3a1f/0x7fa0 kernel/locking/lockdep.c:5137 lock_acquire+0x1e9/0x540 kernel/locking/lockdep.c:5754 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154 htab_lock_bucket+0x1a0/0x360 kernel/bpf/hashtab.c:167 htab_map_delete_elem+0x1db/0x6b0 kernel/bpf/hashtab.c:1423 bpf_prog_2c29ac5cdc6b1842+0x3a/0x3e bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:650 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x36d/0x420 kernel/trace/bpf_trace.c:2420 __traceiter_contention_end+0x77/0xb0 include/trace/events/lock.h:122 trace_contention_end+0x10a/0x130 include/trace/events/lock.h:122 __pv_queued_spin_lock_slowpath+0x935/0xc50 kernel/locking/qspinlock.c:560 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:584 [inline] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline] queued_spin_lock include/asm-generic/qspinlock.h:114 [inline] do_raw_spin_lock+0x298/0x3a0 kernel/locking/spinlock_debug.c:116 htab_lock_bucket+0x1a0/0x360 kernel/bpf/hashtab.c:167 htab_map_delete_elem+0x1db/0x6b0 kernel/bpf/hashtab.c:1423 bpf_prog_2c29ac5cdc6b1842+0x3a/0x3e bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:650 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x36d/0x420 kernel/trace/bpf_trace.c:2420 __traceiter_contention_end+0x77/0xb0 include/trace/events/lock.h:122 trace_contention_end+0xeb/0x110 include/trace/events/lock.h:122 __mutex_lock_common kernel/locking/mutex.c:617 [inline] __mutex_lock+0x2e1/0xd60 kernel/locking/mutex.c:752 __fdget_pos+0x255/0x320 fs/file.c:1191 fdget_pos include/linux/file.h:76 [inline] __do_sys_getdents64 fs/readdir.c:405 [inline] __se_sys_getdents64+0x1d8/0x4f0 fs/readdir.c:394 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x84/0x190 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x76/0x7e other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&htab->lockdep_key#9); lock(&htab->lockdep_key#11); lock(&htab->lockdep_key#9); lock(&htab->lockdep_key#11); *** DEADLOCK *** 4 locks held by udevd/4516: #0: ffff888029aa8ac8 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x255/0x320 fs/file.c:1191 #1: ffffffff8dd321a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline] #1: ffffffff8dd321a0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline] #1: ffffffff8dd321a0 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2380 [inline] #1: ffffffff8dd321a0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x110/0x420 kernel/trace/bpf_trace.c:2420 #2: ffff888077fd73a0 (&htab->lockdep_key#9){....}-{2:2}, at: htab_lock_bucket+0x1a0/0x360 kernel/bpf/hashtab.c:167 #3: ffffffff8dd321a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline] #3: ffffffff8dd321a0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline] #3: ffffffff8dd321a0 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2380 [inline] #3: ffffffff8dd321a0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x110/0x420 kernel/trace/bpf_trace.c:2420 stack backtrace: CPU: 1 PID: 4516 Comm: udevd Not tainted 6.9.0-rc6-syzkaller-00234-g7367539ad4b0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x23d/0x360 lib/dump_stack.c:114 check_noncircular+0x375/0x4a0 kernel/locking/lockdep.c:2187 check_prev_add kernel/locking/lockdep.c:3134 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline] validate_chain kernel/locking/lockdep.c:3869 [inline] __lock_acquire+0x3a1f/0x7fa0 kernel/locking/lockdep.c:5137 lock_acquire+0x1e9/0x540 kernel/locking/lockdep.c:5754 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154 htab_lock_bucket+0x1a0/0x360 kernel/bpf/hashtab.c:167 htab_map_delete_elem+0x1db/0x6b0 kernel/bpf/hashtab.c:1423 bpf_prog_2c29ac5cdc6b1842+0x3a/0x3e bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:650 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x36d/0x420 kernel/trace/bpf_trace.c:2420 __traceiter_contention_end+0x77/0xb0 include/trace/events/lock.h:122 trace_contention_end+0x10a/0x130 include/trace/events/lock.h:122 __pv_queued_spin_lock_slowpath+0x935/0xc50 kernel/locking/qspinlock.c:560 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:584 [inline] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline] queued_spin_lock include/asm-generic/qspinlock.h:114 [inline] do_raw_spin_lock+0x298/0x3a0 kernel/locking/spinlock_debug.c:116 htab_lock_bucket+0x1a0/0x360 kernel/bpf/hashtab.c:167 htab_map_delete_elem+0x1db/0x6b0 kernel/bpf/hashtab.c:1423 bpf_prog_2c29ac5cdc6b1842+0x3a/0x3e bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:650 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x36d/0x420 kernel/trace/bpf_trace.c:2420 __traceiter_contention_end+0x77/0xb0 include/trace/events/lock.h:122 trace_contention_end+0xeb/0x110 include/trace/events/lock.h:122 __mutex_lock_common kernel/locking/mutex.c:617 [inline] __mutex_lock+0x2e1/0xd60 kernel/locking/mutex.c:752 __fdget_pos+0x255/0x320 fs/file.c:1191 fdget_pos include/linux/file.h:76 [inline] __do_sys_getdents64 fs/readdir.c:405 [inline] __se_sys_getdents64+0x1d8/0x4f0 fs/readdir.c:394 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x84/0x190 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7fbc66af9910 Code: 87 43 04 ff c8 7e 08 48 89 ef e8 4d 0e fc ff 4c 89 e0 5b 5d 41 5c c3 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 10 48 8b 15 e9 74 0f 00 f7 d8 64 89 02 48 83 RSP: 002b:00007fff0f3e0028 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 RAX: ffffffffffffffda RBX: 0000557c1e282290 RCX: 00007fbc66af9910 RDX: 0000000000008000 RSI: 0000557c1e2822c0 RDI: 000000000000000d RBP: 0000557c1e282294 R08: 0000557c1e282290 R09: 0000000001000000 R10: 0000000000000812 R11: 0000000000000293 R12: 0000557c1e224ee0 R13: fffffffffffffe60 R14: 0000000000000002 R15: 0000557c1e2822c0