Warning: Permanently added '10.128.0.4' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program syzkaller login: [ 47.665793][ T7] [ 47.668152][ T7] ===================================================== [ 47.675158][ T7] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 47.682676][ T7] 5.15.153-syzkaller #0 Not tainted [ 47.687850][ T7] ----------------------------------------------------- [ 47.694757][ T7] kworker/0:0/7 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire: [ 47.702197][ T7] ffff888073b8a820 (&htab->buckets[i].lock){+...}-{2:2}, at: sock_hash_delete_elem+0xac/0x2f0 [ 47.712466][ T7] [ 47.712466][ T7] and this task is already holding: [ 47.719907][ T7] ffff8880b9a28098 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x120/0x260 [ 47.728847][ T7] which would create a new lock dependency: [ 47.734719][ T7] (&base->lock){-.-.}-{2:2} -> (&htab->buckets[i].lock){+...}-{2:2} [ 47.742965][ T7] [ 47.742965][ T7] but this new dependency connects a HARDIRQ-irq-safe lock: [ 47.752391][ T7] (&base->lock){-.-.}-{2:2} [ 47.752411][ T7] [ 47.752411][ T7] ... which became HARDIRQ-irq-safe at: [ 47.764933][ T7] lock_acquire+0x1db/0x4f0 [ 47.769510][ T7] _raw_spin_lock_irqsave+0xd1/0x120 [ 47.774882][ T7] lock_timer_base+0x120/0x260 [ 47.779728][ T7] add_timer_on+0x1eb/0x580 [ 47.784303][ T7] handle_irq_event+0x124/0x2b0 [ 47.789234][ T7] handle_edge_irq+0x245/0xbf0 [ 47.794066][ T7] __common_interrupt+0xd7/0x1f0 [ 47.799156][ T7] common_interrupt+0x9f/0xc0 [ 47.803903][ T7] asm_common_interrupt+0x22/0x40 [ 47.809007][ T7] console_unlock+0xe53/0x12b0 [ 47.813867][ T7] vprintk_emit+0xbf/0x150 [ 47.818360][ T7] _printk+0xd1/0x111 [ 47.822415][ T7] cpu_select_mitigations+0x38/0x8f [ 47.827728][ T7] arch_cpu_finalize_init+0xf/0x81 [ 47.832912][ T7] start_kernel+0x419/0x535 [ 47.837488][ T7] secondary_startup_64_no_verify+0xb1/0xbb [ 47.843538][ T7] [ 47.843538][ T7] to a HARDIRQ-irq-unsafe lock: [ 47.850532][ T7] (&htab->buckets[i].lock){+...}-{2:2} [ 47.850553][ T7] [ 47.850553][ T7] ... which became HARDIRQ-irq-unsafe at: [ 47.863937][ T7] ... [ 47.863942][ T7] lock_acquire+0x1db/0x4f0 [ 47.871278][ T7] _raw_spin_lock_bh+0x31/0x40 [ 47.876113][ T7] sock_hash_free+0x14c/0x780 [ 47.880859][ T7] process_one_work+0x8a1/0x10c0 [ 47.885867][ T7] worker_thread+0xaca/0x1280 [ 47.890613][ T7] kthread+0x3f6/0x4f0 [ 47.894761][ T7] ret_from_fork+0x1f/0x30 [ 47.899335][ T7] [ 47.899335][ T7] other info that might help us debug this: [ 47.899335][ T7] [ 47.909544][ T7] Possible interrupt unsafe locking scenario: [ 47.909544][ T7] [ 47.917843][ T7] CPU0 CPU1 [ 47.923194][ T7] ---- ---- [ 47.928537][ T7] lock(&htab->buckets[i].lock); [ 47.933546][ T7] local_irq_disable(); [ 47.940300][ T7] lock(&base->lock); [ 47.946878][ T7] lock(&htab->buckets[i].lock); [ 47.954402][ T7] [ 47.957842][ T7] lock(&base->lock); [ 47.962413][ T7] [ 47.962413][ T7] *** DEADLOCK *** [ 47.962413][ T7] [ 47.970745][ T7] 4 locks held by kworker/0:0/7: [ 47.975661][ T7] #0: ffff888011c72138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 47.986091][ T7] #1: ffffc90000cc7d20 ((work_completion)(&rew.rew_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 47.997553][ T7] #2: ffff8880b9a28098 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x120/0x260 [ 48.006937][ T7] #3: ffffffff8c91f720 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 48.016228][ T7] [ 48.016228][ T7] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 48.026639][ T7] -> (&base->lock){-.-.}-{2:2} { [ 48.031573][ T7] IN-HARDIRQ-W at: [ 48.035533][ T7] lock_acquire+0x1db/0x4f0 [ 48.041671][ T7] _raw_spin_lock_irqsave+0xd1/0x120 [ 48.048610][ T7] lock_timer_base+0x120/0x260 [ 48.055010][ T7] add_timer_on+0x1eb/0x580 [ 48.061145][ T7] handle_irq_event+0x124/0x2b0 [ 48.067637][ T7] handle_edge_irq+0x245/0xbf0 [ 48.074300][ T7] __common_interrupt+0xd7/0x1f0 [ 48.080870][ T7] common_interrupt+0x9f/0xc0 [ 48.087181][ T7] asm_common_interrupt+0x22/0x40 [ 48.093842][ T7] console_unlock+0xe53/0x12b0 [ 48.100241][ T7] vprintk_emit+0xbf/0x150 [ 48.106296][ T7] _printk+0xd1/0x111 [ 48.112004][ T7] cpu_select_mitigations+0x38/0x8f [ 48.118842][ T7] arch_cpu_finalize_init+0xf/0x81 [ 48.125687][ T7] start_kernel+0x419/0x535 [ 48.131824][ T7] secondary_startup_64_no_verify+0xb1/0xbb [ 48.139438][ T7] IN-SOFTIRQ-W at: [ 48.143575][ T7] lock_acquire+0x1db/0x4f0 [ 48.149709][ T7] _raw_spin_lock_irq+0xcf/0x110 [ 48.156310][ T7] __run_timers+0x111/0x890 [ 48.162531][ T7] run_timer_softirq+0x63/0xf0 [ 48.168923][ T7] __do_softirq+0x3b3/0x93a [ 48.175055][ T7] __irq_exit_rcu+0x155/0x240 [ 48.181362][ T7] irq_exit_rcu+0x5/0x20 [ 48.187233][ T7] common_interrupt+0xa4/0xc0 [ 48.193542][ T7] asm_common_interrupt+0x22/0x40 [ 48.200197][ T7] console_unlock+0xe53/0x12b0 [ 48.206594][ T7] vprintk_emit+0xbf/0x150 [ 48.212653][ T7] _printk+0xd1/0x111 [ 48.218286][ T7] cpu_select_mitigations+0x56/0x8f [ 48.225125][ T7] arch_cpu_finalize_init+0xf/0x81 [ 48.231871][ T7] start_kernel+0x419/0x535 [ 48.238106][ T7] secondary_startup_64_no_verify+0xb1/0xbb [ 48.245807][ T7] INITIAL USE at: [ 48.249681][ T7] lock_acquire+0x1db/0x4f0 [ 48.255935][ T7] _raw_spin_lock_irqsave+0xd1/0x120 [ 48.262870][ T7] lock_timer_base+0x120/0x260 [ 48.269388][ T7] add_timer_on+0x1eb/0x580 [ 48.275554][ T7] handle_irq_event+0x124/0x2b0 [ 48.282062][ T7] handle_edge_irq+0x245/0xbf0 [ 48.288377][ T7] __common_interrupt+0xd7/0x1f0 [ 48.294864][ T7] common_interrupt+0x9f/0xc0 [ 48.301431][ T7] asm_common_interrupt+0x22/0x40 [ 48.308000][ T7] console_unlock+0xe53/0x12b0 [ 48.314409][ T7] vprintk_emit+0xbf/0x150 [ 48.320457][ T7] _printk+0xd1/0x111 [ 48.326009][ T7] cpu_select_mitigations+0x38/0x8f [ 48.332770][ T7] arch_cpu_finalize_init+0xf/0x81 [ 48.339454][ T7] start_kernel+0x419/0x535 [ 48.345647][ T7] secondary_startup_64_no_verify+0xb1/0xbb [ 48.353100][ T7] } [ 48.355597][ T7] ... key at: [] init_timer_cpu.__key+0x0/0x20 [ 48.363827][ T7] [ 48.363827][ T7] the dependencies between the lock to be acquired [ 48.363838][ T7] and HARDIRQ-irq-unsafe lock: [ 48.377691][ T7] -> (&htab->buckets[i].lock){+...}-{2:2} { [ 48.383637][ T7] HARDIRQ-ON-W at: [ 48.387617][ T7] lock_acquire+0x1db/0x4f0 [ 48.393757][ T7] _raw_spin_lock_bh+0x31/0x40 [ 48.400153][ T7] sock_hash_free+0x14c/0x780 [ 48.406484][ T7] process_one_work+0x8a1/0x10c0 [ 48.413158][ T7] worker_thread+0xaca/0x1280 [ 48.419462][ T7] kthread+0x3f6/0x4f0 [ 48.425280][ T7] ret_from_fork+0x1f/0x30 [ 48.431331][ T7] INITIAL USE at: [ 48.435205][ T7] lock_acquire+0x1db/0x4f0 [ 48.441279][ T7] _raw_spin_lock_bh+0x31/0x40 [ 48.447590][ T7] sock_hash_free+0x14c/0x780 [ 48.453811][ T7] process_one_work+0x8a1/0x10c0 [ 48.460386][ T7] worker_thread+0xaca/0x1280 [ 48.466782][ T7] kthread+0x3f6/0x4f0 [ 48.472394][ T7] ret_from_fork+0x1f/0x30 [ 48.478355][ T7] } [ 48.480832][ T7] ... key at: [] sock_hash_alloc.__key+0x0/0x20 [ 48.489324][ T7] ... acquired at: [ 48.493113][ T7] lock_acquire+0x1db/0x4f0 [ 48.497948][ T7] _raw_spin_lock_bh+0x31/0x40 [ 48.502868][ T7] sock_hash_delete_elem+0xac/0x2f0 [ 48.508222][ T7] bpf_prog_2c29ac5cdc6b1842+0x3a/0x784 [ 48.513961][ T7] bpf_trace_run3+0x1d1/0x380 [ 48.518803][ T7] enqueue_timer+0x3ae/0x540 [ 48.523551][ T7] __mod_timer+0xa60/0xeb0 [ 48.528122][ T7] schedule_timeout+0x1b4/0x300 [ 48.533125][ T7] rcu_exp_sel_wait_wake+0x7cb/0x1c00 [ 48.538654][ T7] process_one_work+0x8a1/0x10c0 [ 48.543746][ T7] worker_thread+0xaca/0x1280 [ 48.548577][ T7] kthread+0x3f6/0x4f0 [ 48.552809][ T7] ret_from_fork+0x1f/0x30 [ 48.557377][ T7] [ 48.559679][ T7] [ 48.559679][ T7] stack backtrace: [ 48.565547][ T7] CPU: 0 PID: 7 Comm: kworker/0:0 Not tainted 5.15.153-syzkaller #0 [ 48.573506][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 48.583542][ T7] Workqueue: rcu_gp wait_rcu_exp_gp [ 48.588819][ T7] Call Trace: [ 48.592102][ T7] [ 48.595033][ T7] dump_stack_lvl+0x1e3/0x2cb [ 48.599712][ T7] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 48.605415][ T7] ? panic+0x84d/0x84d [ 48.609904][ T7] ? print_shortest_lock_dependencies+0xee/0x150 [ 48.616217][ T7] validate_chain+0x4d01/0x5930 [ 48.621066][ T7] ? reacquire_held_locks+0x660/0x660 [ 48.626422][ T7] ? register_lock_class+0x100/0x9a0 [ 48.631690][ T7] ? validate_chain+0x112/0x5930 [ 48.636609][ T7] ? is_dynamic_key+0x1f0/0x1f0 [ 48.641527][ T7] ? mark_lock+0x98/0x340 [ 48.645840][ T7] __lock_acquire+0x1295/0x1ff0 [ 48.650676][ T7] lock_acquire+0x1db/0x4f0 [ 48.655168][ T7] ? sock_hash_delete_elem+0xac/0x2f0 [ 48.660527][ T7] ? lockdep_softirqs_on+0x590/0x590 [ 48.665850][ T7] ? read_lock_is_recursive+0x10/0x10 [ 48.671229][ T7] ? sock_hash_delete_elem+0xac/0x2f0 [ 48.676641][ T7] ? __bpf_trace_softirq+0x10/0x10 [ 48.681764][ T7] ? sock_hash_delete_elem+0xac/0x2f0 [ 48.687139][ T7] _raw_spin_lock_bh+0x31/0x40 [ 48.692520][ T7] ? sock_hash_delete_elem+0xac/0x2f0 [ 48.697905][ T7] sock_hash_delete_elem+0xac/0x2f0 [ 48.703253][ T7] bpf_prog_2c29ac5cdc6b1842+0x3a/0x784 [ 48.708888][ T7] bpf_trace_run3+0x1d1/0x380 [ 48.713567][ T7] ? bpf_trace_run2+0x340/0x340 [ 48.718685][ T7] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 48.724568][ T7] ? _raw_spin_lock_irqsave+0xdd/0x120 [ 48.730015][ T7] ? _raw_spin_lock+0x40/0x40 [ 48.734788][ T7] ? __debug_object_init+0x258/0xd30 [ 48.740077][ T7] enqueue_timer+0x3ae/0x540 [ 48.744698][ T7] __mod_timer+0xa60/0xeb0 [ 48.749104][ T7] ? mod_timer_pending+0x20/0x20 [ 48.754025][ T7] ? lockdep_softirqs_off+0x420/0x420 [ 48.759558][ T7] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 48.765613][ T7] ? print_irqtrace_events+0x210/0x210 [ 48.771071][ T7] schedule_timeout+0x1b4/0x300 [ 48.775910][ T7] ? console_conditional_schedule+0x40/0x40 [ 48.781793][ T7] ? update_process_times+0x200/0x200 [ 48.787163][ T7] rcu_exp_sel_wait_wake+0x7cb/0x1c00 [ 48.792744][ T7] ? rcu_check_gp_start_stall+0x450/0x450 [ 48.798544][ T7] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 48.804615][ T7] ? do_raw_spin_unlock+0x137/0x8b0 [ 48.809812][ T7] process_one_work+0x8a1/0x10c0 [ 48.814836][ T7] ? worker_detach_from_pool+0x260/0x260 [ 48.820575][ T7] ? _raw_spin_lock_irqsave+0x120/0x120 [ 48.826124][ T7] ? kthread_data+0x4e/0xc0 [ 48.830786][ T7] ? wq_worker_running+0x97/0x170 [ 48.835887][ T7] worker_thread+0xaca/0x1280 [ 48.840561][ T7] kthread+0x3f6/0x4f0 [ 48.844612][ T7] ? rcu_lock_release+0x20/0x20 [ 48.849448][ T7] ? kthread_blkcg+0xd0/0xd0 [ 48.854018][ T7] ret_from_fork+0x1f/0x30 [ 48.858430][ T7]