Warning: Permanently added '10.128.1.168' (ED25519) to the list of known hosts. executing program [ 60.842841][ C1] [ 60.845318][ C1] ====================================================== [ 60.852458][ C1] WARNING: possible circular locking dependency detected [ 60.859474][ C1] 5.15.179-syzkaller #0 Not tainted [ 60.864656][ C1] ------------------------------------------------------ [ 60.871660][ C1] udevd/3544 is trying to acquire lock: [ 60.877189][ C1] ffff8880b8f27e78 (krc.lock){..-.}-{2:2}, at: kvfree_call_rcu+0x1b5/0x8a0 [ 60.885817][ C1] [ 60.885817][ C1] but task is already holding lock: [ 60.893171][ C1] ffff888020c965b8 (&trie->lock){..-.}-{2:2}, at: trie_delete_elem+0x90/0x690 [ 60.902047][ C1] [ 60.902047][ C1] which lock already depends on the new lock. [ 60.902047][ C1] [ 60.912441][ C1] [ 60.912441][ C1] the existing dependency chain (in reverse order) is: [ 60.921444][ C1] [ 60.921444][ C1] -> #2 (&trie->lock){..-.}-{2:2}: [ 60.928749][ C1] lock_acquire+0x1db/0x4f0 [ 60.933784][ C1] _raw_spin_lock_irqsave+0xd1/0x120 [ 60.939597][ C1] trie_delete_elem+0x90/0x690 [ 60.944884][ C1] bpf_prog_1db1603a7cfa36fb+0x3d/0xaf0 [ 60.950940][ C1] bpf_trace_run3+0x1d1/0x380 [ 60.956140][ C1] enqueue_timer+0x3ae/0x540 [ 60.961245][ C1] __mod_timer+0xa60/0xeb0 [ 60.966175][ C1] dsp_cmx_send+0x21bb/0x2240 [ 60.971361][ C1] call_timer_fn+0x16d/0x560 [ 60.976461][ C1] __run_timers+0x67c/0x890 [ 60.981475][ C1] run_timer_softirq+0x63/0xf0 [ 60.986753][ C1] handle_softirqs+0x3a7/0x930 [ 60.992054][ C1] __irq_exit_rcu+0x157/0x240 [ 60.997385][ C1] irq_exit_rcu+0x5/0x20 [ 61.002159][ C1] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 61.008325][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 61.014827][ C1] _raw_spin_unlock_irqrestore+0xd4/0x130 [ 61.021061][ C1] debug_check_no_obj_freed+0x455/0x4e0 [ 61.027122][ C1] slab_free_freelist_hook+0x86/0x160 [ 61.033011][ C1] kfree+0xf1/0x270 [ 61.037334][ C1] tomoyo_check_open_permission+0x373/0x490 [ 61.043738][ C1] security_file_open+0x5f/0xa0 [ 61.049106][ C1] do_dentry_open+0x315/0xfb0 [ 61.054291][ C1] path_openat+0x2705/0x2f20 [ 61.059390][ C1] do_filp_open+0x21c/0x460 [ 61.064404][ C1] do_sys_openat2+0x13b/0x4f0 [ 61.069600][ C1] __x64_sys_openat+0x243/0x290 [ 61.074962][ C1] do_syscall_64+0x3b/0xb0 [ 61.079896][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 61.086304][ C1] [ 61.086304][ C1] -> #1 (&base->lock){-.-.}-{2:2}: [ 61.093596][ C1] lock_acquire+0x1db/0x4f0 [ 61.098610][ C1] _raw_spin_lock_irqsave+0xd1/0x120 [ 61.104405][ C1] lock_timer_base+0x120/0x260 [ 61.109682][ C1] __mod_timer+0x1d6/0xeb0 [ 61.114611][ C1] queue_delayed_work_on+0x156/0x250 [ 61.120404][ C1] kvfree_call_rcu+0x50e/0x8a0 [ 61.125697][ C1] rtnl_register_internal+0x443/0x530 [ 61.131583][ C1] rtnl_register+0x32/0x70 [ 61.136511][ C1] ip_rt_init+0x2e6/0x3a0 [ 61.141349][ C1] ip_init+0xa/0x20 [ 61.145665][ C1] inet_init+0x27c/0x390 [ 61.150416][ C1] do_one_initcall+0x22b/0x7a0 [ 61.155692][ C1] do_initcall_level+0x157/0x210 [ 61.161146][ C1] do_initcalls+0x49/0x90 [ 61.165987][ C1] kernel_init_freeable+0x425/0x5c0 [ 61.171694][ C1] kernel_init+0x19/0x290 [ 61.176542][ C1] ret_from_fork+0x1f/0x30 [ 61.181471][ C1] [ 61.181471][ C1] -> #0 (krc.lock){..-.}-{2:2}: [ 61.188496][ C1] validate_chain+0x1649/0x5930 [ 61.193863][ C1] __lock_acquire+0x1295/0x1ff0 [ 61.199227][ C1] lock_acquire+0x1db/0x4f0 [ 61.204240][ C1] _raw_spin_lock+0x2a/0x40 [ 61.209255][ C1] kvfree_call_rcu+0x1b5/0x8a0 [ 61.214530][ C1] trie_delete_elem+0x520/0x690 [ 61.219898][ C1] bpf_prog_1db1603a7cfa36fb+0x3d/0xaf0 [ 61.225967][ C1] bpf_trace_run3+0x1d1/0x380 [ 61.231160][ C1] enqueue_timer+0x3ae/0x540 [ 61.236259][ C1] __mod_timer+0xa60/0xeb0 [ 61.241205][ C1] dsp_cmx_send+0x21bb/0x2240 [ 61.246395][ C1] call_timer_fn+0x16d/0x560 [ 61.251497][ C1] __run_timers+0x67c/0x890 [ 61.256510][ C1] run_timer_softirq+0x63/0xf0 [ 61.261788][ C1] handle_softirqs+0x3a7/0x930 [ 61.267066][ C1] __irq_exit_rcu+0x157/0x240 [ 61.272253][ C1] irq_exit_rcu+0x5/0x20 [ 61.277007][ C1] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 61.283155][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 61.289663][ C1] _raw_spin_unlock_irqrestore+0xd4/0x130 [ 61.295894][ C1] debug_check_no_obj_freed+0x455/0x4e0 [ 61.301955][ C1] slab_free_freelist_hook+0x86/0x160 [ 61.307840][ C1] kfree+0xf1/0x270 [ 61.312162][ C1] tomoyo_check_open_permission+0x373/0x490 [ 61.318568][ C1] security_file_open+0x5f/0xa0 [ 61.323931][ C1] do_dentry_open+0x315/0xfb0 [ 61.329122][ C1] path_openat+0x2705/0x2f20 [ 61.334221][ C1] do_filp_open+0x21c/0x460 [ 61.339231][ C1] do_sys_openat2+0x13b/0x4f0 [ 61.344422][ C1] __x64_sys_openat+0x243/0x290 [ 61.349785][ C1] do_syscall_64+0x3b/0xb0 [ 61.354714][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 61.361120][ C1] [ 61.361120][ C1] other info that might help us debug this: [ 61.361120][ C1] [ 61.371335][ C1] Chain exists of: [ 61.371335][ C1] krc.lock --> &base->lock --> &trie->lock [ 61.371335][ C1] [ 61.383055][ C1] Possible unsafe locking scenario: [ 61.383055][ C1] [ 61.390503][ C1] CPU0 CPU1 [ 61.395856][ C1] ---- ---- [ 61.401208][ C1] lock(&trie->lock); [ 61.405264][ C1] lock(&base->lock); [ 61.411842][ C1] lock(&trie->lock); [ 61.418418][ C1] lock(krc.lock); [ 61.422213][ C1] [ 61.422213][ C1] *** DEADLOCK *** [ 61.422213][ C1] [ 61.430341][ C1] 6 locks held by udevd/3544: [ 61.435005][ C1] #0: ffffffff8d0ba318 (tomoyo_ss){....}-{0:0}, at: rcu_lock_acquire+0x5/0x30 [ 61.443979][ C1] #1: ffffc90000dd0be0 ((&dsp_spl_tl)){+.-.}-{0:0}, at: call_timer_fn+0xbe/0x560 [ 61.453194][ C1] #2: ffffffff8d9f1f38 (dsp_lock){..-.}-{2:2}, at: dsp_cmx_send+0x22/0x2240 [ 61.461973][ C1] #3: ffff8880b8f28098 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x120/0x260 [ 61.471280][ C1] #4: ffffffff8cb1f4e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 61.480583][ C1] #5: ffff888020c965b8 (&trie->lock){..-.}-{2:2}, at: trie_delete_elem+0x90/0x690 [ 61.489894][ C1] [ 61.489894][ C1] stack backtrace: [ 61.495784][ C1] CPU: 1 PID: 3544 Comm: udevd Not tainted 5.15.179-syzkaller #0 [ 61.503490][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 61.513542][ C1] Call Trace: [ 61.516812][ C1] [ 61.519645][ C1] dump_stack_lvl+0x1e3/0x2d0 [ 61.524336][ C1] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 61.529965][ C1] ? print_circular_bug+0x12b/0x1a0 [ 61.535156][ C1] check_noncircular+0x2f8/0x3b0 [ 61.540096][ C1] ? add_chain_block+0x850/0x850 [ 61.545037][ C1] ? lockdep_lock+0x11f/0x2a0 [ 61.549713][ C1] validate_chain+0x1649/0x5930 [ 61.554560][ C1] ? unwind_get_return_address+0x49/0x80 [ 61.560190][ C1] ? reacquire_held_locks+0x660/0x660 [ 61.565556][ C1] ? lockdep_lock+0x11f/0x2a0 [ 61.570241][ C1] ? lockdep_unlock+0x166/0x300 [ 61.575083][ C1] ? lockdep_lock+0x2a0/0x2a0 [ 61.579751][ C1] ? stack_trace_save+0x113/0x1c0 [ 61.584771][ C1] ? mark_lock+0x98/0x340 [ 61.589093][ C1] __lock_acquire+0x1295/0x1ff0 [ 61.593941][ C1] lock_acquire+0x1db/0x4f0 [ 61.598432][ C1] ? kvfree_call_rcu+0x1b5/0x8a0 [ 61.603360][ C1] ? path_openat+0x2705/0x2f20 [ 61.608112][ C1] ? do_filp_open+0x21c/0x460 [ 61.612788][ C1] ? do_sys_openat2+0x13b/0x4f0 [ 61.617632][ C1] ? read_lock_is_recursive+0x10/0x10 [ 61.623005][ C1] _raw_spin_lock+0x2a/0x40 [ 61.627499][ C1] ? kvfree_call_rcu+0x1b5/0x8a0 [ 61.632430][ C1] kvfree_call_rcu+0x1b5/0x8a0 [ 61.637185][ C1] ? call_rcu+0xa70/0xa70 [ 61.641508][ C1] ? _raw_spin_lock_irqsave+0xdd/0x120 [ 61.646958][ C1] ? _raw_spin_lock+0x40/0x40 [ 61.651623][ C1] ? read_lock_is_recursive+0x10/0x10 [ 61.656989][ C1] ? longest_prefix_match+0x4a5/0x640 [ 61.662356][ C1] trie_delete_elem+0x520/0x690 [ 61.667203][ C1] bpf_prog_1db1603a7cfa36fb+0x3d/0xaf0 [ 61.672741][ C1] bpf_trace_run3+0x1d1/0x380 [ 61.677409][ C1] ? bpf_trace_run2+0x340/0x340 [ 61.682249][ C1] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 61.688133][ C1] ? _raw_spin_lock_irqsave+0xdd/0x120 [ 61.693581][ C1] ? _raw_spin_lock+0x40/0x40 [ 61.698251][ C1] enqueue_timer+0x3ae/0x540 [ 61.702852][ C1] __mod_timer+0xa60/0xeb0 [ 61.707264][ C1] ? seqcount_lockdep_reader_access+0x1bd/0x220 [ 61.713498][ C1] ? mod_timer_pending+0x20/0x20 [ 61.718433][ C1] ? _raw_read_unlock_irqrestore+0xd9/0x130 [ 61.724323][ C1] ? _raw_read_unlock+0x40/0x40 [ 61.729165][ C1] ? _raw_spin_lock_irqsave+0xdd/0x120 [ 61.734614][ C1] ? _raw_spin_lock+0x40/0x40 [ 61.739399][ C1] ? ktime_get+0x242/0x270 [ 61.743813][ C1] dsp_cmx_send+0x21bb/0x2240 [ 61.748485][ C1] ? read_lock_is_recursive+0x10/0x10 [ 61.753852][ C1] ? detach_timer+0x24/0x2f0 [ 61.758439][ C1] call_timer_fn+0x16d/0x560 [ 61.763020][ C1] ? dsp_cmx_receive+0x1370/0x1370 [ 61.768215][ C1] ? __run_timers+0x890/0x890 [ 61.772883][ C1] ? do_raw_spin_unlock+0x137/0x8b0 [ 61.778090][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 61.783281][ C1] ? dsp_cmx_receive+0x1370/0x1370 [ 61.788388][ C1] ? lockdep_hardirqs_on+0x94/0x130 [ 61.793692][ C1] ? dsp_cmx_receive+0x1370/0x1370 [ 61.798795][ C1] __run_timers+0x67c/0x890 [ 61.803298][ C1] ? detach_timer+0x2f0/0x2f0 [ 61.807968][ C1] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 61.813945][ C1] ? ktime_get_real_ts64+0x460/0x460 [ 61.819228][ C1] run_timer_softirq+0x63/0xf0 [ 61.823994][ C1] handle_softirqs+0x3a7/0x930 [ 61.828755][ C1] ? __irq_exit_rcu+0x157/0x240 [ 61.833627][ C1] ? do_softirq+0x240/0x240 [ 61.838160][ C1] ? irqtime_account_irq+0xd0/0x1e0 [ 61.843352][ C1] __irq_exit_rcu+0x157/0x240 [ 61.848022][ C1] ? irq_exit_rcu+0x20/0x20 [ 61.852525][ C1] irq_exit_rcu+0x5/0x20 [ 61.856755][ C1] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 61.862379][ C1] [ 61.865302][ C1] [ 61.868245][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 61.874220][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xd4/0x130 [ 61.880717][ C1] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 72 f0 80 f7 f6 44 24 21 02 75 4e 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 97 00 0e f7 65 8b 05 08 d1 b8 75 85 c0 74 3f 48 c7 04 24 0e 36 [ 61.900316][ C1] RSP: 0018:ffffc90002dff420 EFLAGS: 00000206 [ 61.906386][ C1] RAX: 0845a49f76902800 RBX: 1ffff920005bfe88 RCX: ffffffff96a95f03 [ 61.914385][ C1] RDX: dffffc0000000000 RSI: ffffffff8aab2a60 RDI: 0000000000000001 [ 61.922358][ C1] RBP: ffffc90002dff4a8 R08: ffffffff81871b70 R09: fffffbfff2d90867 [ 61.930322][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 61.938296][ C1] R13: 1ffff920005bfe84 R14: ffffc90002dff440 R15: 0000000000000246 [ 61.946262][ C1] ? trace_hardirqs_on+0x30/0x80 [ 61.951231][ C1] ? _raw_spin_unlock+0x40/0x40 [ 61.956080][ C1] debug_check_no_obj_freed+0x455/0x4e0 [ 61.961628][ C1] slab_free_freelist_hook+0x86/0x160 [ 61.967007][ C1] ? tomoyo_check_open_permission+0x373/0x490 [ 61.973103][ C1] kfree+0xf1/0x270 [ 61.976909][ C1] tomoyo_check_open_permission+0x373/0x490 [ 61.982803][ C1] ? tomoyo_check_path_number_acl+0x270/0x270 [ 61.988885][ C1] ? preempt_count_add+0x8f/0x180 [ 61.993905][ C1] ? tomoyo_file_open+0xe6/0x170 [ 61.998838][ C1] security_file_open+0x5f/0xa0 [ 62.003683][ C1] do_dentry_open+0x315/0xfb0 [ 62.008449][ C1] path_openat+0x2705/0x2f20 [ 62.013065][ C1] ? do_filp_open+0x460/0x460 [ 62.017744][ C1] do_filp_open+0x21c/0x460 [ 62.022261][ C1] ? vfs_tmpfile+0x2e0/0x2e0 [ 62.026869][ C1] ? _raw_spin_unlock+0x24/0x40 [ 62.031731][ C1] ? alloc_fd+0x598/0x630 [ 62.036068][ C1] do_sys_openat2+0x13b/0x4f0 [ 62.040748][ C1] ? do_sys_open+0x220/0x220 [ 62.045334][ C1] __x64_sys_openat+0x243/0x290 [ 62.050178][ C1] ? __ia32_sys_open+0x270/0x270 [ 62.055111][ C1] ? syscall_enter_from_user_mode+0x2e/0x240 [ 62.061083][ C1] ? lockdep_hardirqs_on+0x94/0x130 [ 62.066274][ C1] ? syscall_enter_from_user_mode+0x2e/0x240 [ 62.072248][ C1] do_syscall_64+0x3b/0xb0 [ 62.076661][ C1] ? clear_bhb_loop+0x15/0x70 [ 62.081334][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 62.087231][ C1] RIP: 0033:0x7ff91aedb9a4 [ 62.091642][ C1] Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83 [ 62.111245][ C1] RSP: 002b:00007ffe8697d5c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 62.119657][ C1] RAX: ffffffffffffffda RBX: 00005640d735a040 RCX: 00007ff91aedb9a4 [ 62.127624][ C1] RDX: 0000000000080141 RSI: 00005640d733d0d8 RDI: 00000000ffffff9c [ 62.135602][ C1] RBP: 00005640d733d0d8 R08: 00000000ffffffff R09: 0000000000000000 [ 62.143563][ C1] R10: 00000000000001a4 R11: 0000000000000246 R12: 0000000000080141 [ 62.151533][ C1] R13: ffffffffffffffff R14: 00000000ffffffff R15: 00000000ffffffff [ 62.159504][ C1]