Warning: Permanently added '10.128.0.4' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program [ 51.652775][ T56] [ 51.655174][ T56] ===================================================== [ 51.662122][ T56] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 51.669579][ T56] 6.1.83-syzkaller #0 Not tainted [ 51.674596][ T56] ----------------------------------------------------- [ 51.681528][ T56] kworker/u4:4/56 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire: [ 51.689164][ T56] ffffc90003fb93e0 (&htab->buckets[i].lock){+...}-{2:2}, at: sock_hash_delete_elem+0xac/0x2f0 [ 51.699455][ T56] [ 51.699455][ T56] and this task is already holding: [ 51.706821][ T56] ffff8880b993a258 (&pool->lock){-.-.}-{2:2}, at: __queue_work+0x58c/0xf90 [ 51.715449][ T56] which would create a new lock dependency: [ 51.721367][ T56] (&pool->lock){-.-.}-{2:2} -> (&htab->buckets[i].lock){+...}-{2:2} [ 51.729489][ T56] [ 51.729489][ T56] but this new dependency connects a HARDIRQ-irq-safe lock: [ 51.738952][ T56] (&pool->lock){-.-.}-{2:2} [ 51.738980][ T56] [ 51.738980][ T56] ... which became HARDIRQ-irq-safe at: [ 51.751271][ T56] lock_acquire+0x1f8/0x5a0 [ 51.755888][ T56] _raw_spin_lock+0x2a/0x40 [ 51.760508][ T56] __queue_work+0x58c/0xf90 [ 51.765125][ T56] queue_work_on+0x14b/0x250 [ 51.769816][ T56] hrtimer_run_queues+0x14b/0x450 [ 51.774954][ T56] update_process_times+0x7b/0x1b0 [ 51.780166][ T56] tick_periodic+0x197/0x210 [ 51.784854][ T56] tick_handle_periodic+0x46/0x150 [ 51.790088][ T56] __sysvec_apic_timer_interrupt+0x156/0x580 [ 51.796191][ T56] sysvec_apic_timer_interrupt+0x8c/0xb0 [ 51.801918][ T56] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 51.808008][ T56] __sanitizer_cov_trace_pc+0x2c/0x60 [ 51.813483][ T56] trace_event_eval_update+0x48b/0xfc0 [ 51.819055][ T56] process_one_work+0x8a9/0x11d0 [ 51.824172][ T56] worker_thread+0xa47/0x1200 [ 51.829002][ T56] kthread+0x28d/0x320 [ 51.833185][ T56] ret_from_fork+0x1f/0x30 [ 51.837715][ T56] [ 51.837715][ T56] to a HARDIRQ-irq-unsafe lock: [ 51.844850][ T56] (&htab->buckets[i].lock){+...}-{2:2} [ 51.844877][ T56] [ 51.844877][ T56] ... which became HARDIRQ-irq-unsafe at: [ 51.858322][ T56] ... [ 51.858334][ T56] lock_acquire+0x1f8/0x5a0 [ 51.865544][ T56] _raw_spin_lock_bh+0x31/0x40 [ 51.870417][ T56] sock_hash_free+0x160/0x820 [ 51.875200][ T56] process_one_work+0x8a9/0x11d0 [ 51.880365][ T56] worker_thread+0xa47/0x1200 [ 51.885348][ T56] kthread+0x28d/0x320 [ 51.891097][ T56] ret_from_fork+0x1f/0x30 [ 51.895761][ T56] [ 51.895761][ T56] other info that might help us debug this: [ 51.895761][ T56] [ 51.905999][ T56] Possible interrupt unsafe locking scenario: [ 51.905999][ T56] [ 51.914349][ T56] CPU0 CPU1 [ 51.919712][ T56] ---- ---- [ 51.925093][ T56] lock(&htab->buckets[i].lock); [ 51.930149][ T56] local_irq_disable(); [ 51.936916][ T56] lock(&pool->lock); [ 51.943522][ T56] lock(&htab->buckets[i].lock); [ 51.951104][ T56] [ 51.954587][ T56] lock(&pool->lock); [ 51.958837][ T56] [ 51.958837][ T56] *** DEADLOCK *** [ 51.958837][ T56] [ 51.966997][ T56] 6 locks held by kworker/u4:4/56: [ 51.972100][ T56] #0: ffff888012479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 51.983174][ T56] #1: ffffc90001577d20 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 51.994241][ T56] #2: ffffffff8d12ff38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x4f0/0x930 [ 52.005141][ T56] #3: ffffffff8d12a940 (rcu_read_lock){....}-{1:2}, at: __queue_work+0xe5/0xf90 [ 52.014382][ T56] #4: ffff8880b993a258 (&pool->lock){-.-.}-{2:2}, at: __queue_work+0x58c/0xf90 [ 52.023546][ T56] #5: ffffffff8d12a940 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run1+0xec/0x3d0 [ 52.032961][ T56] [ 52.032961][ T56] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 52.043373][ T56] -> (&pool->lock){-.-.}-{2:2} { [ 52.048349][ T56] IN-HARDIRQ-W at: [ 52.052328][ T56] lock_acquire+0x1f8/0x5a0 [ 52.058600][ T56] _raw_spin_lock+0x2a/0x40 [ 52.064781][ T56] __queue_work+0x58c/0xf90 [ 52.070966][ T56] queue_work_on+0x14b/0x250 [ 52.077229][ T56] hrtimer_run_queues+0x14b/0x450 [ 52.083915][ T56] update_process_times+0x7b/0x1b0 [ 52.090684][ T56] tick_periodic+0x197/0x210 [ 52.096930][ T56] tick_handle_periodic+0x46/0x150 [ 52.103700][ T56] __sysvec_apic_timer_interrupt+0x156/0x580 [ 52.111339][ T56] sysvec_apic_timer_interrupt+0x8c/0xb0 [ 52.118636][ T56] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 52.126376][ T56] __sanitizer_cov_trace_pc+0x2c/0x60 [ 52.133422][ T56] trace_event_eval_update+0x48b/0xfc0 [ 52.140559][ T56] process_one_work+0x8a9/0x11d0 [ 52.147169][ T56] worker_thread+0xa47/0x1200 [ 52.153513][ T56] kthread+0x28d/0x320 [ 52.159267][ T56] ret_from_fork+0x1f/0x30 [ 52.165359][ T56] IN-SOFTIRQ-W at: [ 52.169346][ T56] lock_acquire+0x1f8/0x5a0 [ 52.175507][ T56] _raw_spin_lock+0x2a/0x40 [ 52.181696][ T56] __queue_work+0x58c/0xf90 [ 52.189350][ T56] call_timer_fn+0x1ad/0x6b0 [ 52.195617][ T56] __run_timers+0x6a8/0x890 [ 52.201788][ T56] __do_softirq+0x2e9/0xa4c [ 52.207962][ T56] __irq_exit_rcu+0x155/0x240 [ 52.214303][ T56] irq_exit_rcu+0x5/0x20 [ 52.220200][ T56] sysvec_apic_timer_interrupt+0x91/0xb0 [ 52.227489][ T56] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 52.235140][ T56] __sanitizer_cov_trace_const_cmp1+0x30/0x80 [ 52.242874][ T56] trace_event_eval_update+0x6e7/0xfc0 [ 52.249999][ T56] process_one_work+0x8a9/0x11d0 [ 52.256589][ T56] worker_thread+0xa47/0x1200 [ 52.262924][ T56] kthread+0x28d/0x320 [ 52.268695][ T56] ret_from_fork+0x1f/0x30 [ 52.274776][ T56] INITIAL USE at: [ 52.278667][ T56] lock_acquire+0x1f8/0x5a0 [ 52.284735][ T56] _raw_spin_lock_irqsave+0xd1/0x120 [ 52.291583][ T56] pwq_adjust_max_active+0x14e/0x550 [ 52.298435][ T56] alloc_workqueue+0xbf8/0x1440 [ 52.304847][ T56] workqueue_init_early+0x71a/0x927 [ 52.311619][ T56] start_kernel+0x208/0x53f [ 52.317686][ T56] secondary_startup_64_no_verify+0xcf/0xdb [ 52.325145][ T56] } [ 52.327634][ T56] ... key at: [] init_worker_pool.__key+0x0/0x20 [ 52.336053][ T56] [ 52.336053][ T56] the dependencies between the lock to be acquired [ 52.336064][ T56] and HARDIRQ-irq-unsafe lock: [ 52.349613][ T56] -> (&htab->buckets[i].lock){+...}-{2:2} { [ 52.355524][ T56] HARDIRQ-ON-W at: [ 52.359497][ T56] lock_acquire+0x1f8/0x5a0 [ 52.365653][ T56] _raw_spin_lock_bh+0x31/0x40 [ 52.372072][ T56] sock_hash_free+0x160/0x820 [ 52.378408][ T56] process_one_work+0x8a9/0x11d0 [ 52.385009][ T56] worker_thread+0xa47/0x1200 [ 52.391346][ T56] kthread+0x28d/0x320 [ 52.397088][ T56] ret_from_fork+0x1f/0x30 [ 52.403163][ T56] INITIAL USE at: [ 52.407053][ T56] lock_acquire+0x1f8/0x5a0 [ 52.413218][ T56] _raw_spin_lock_bh+0x31/0x40 [ 52.419556][ T56] sock_hash_free+0x160/0x820 [ 52.425804][ T56] process_one_work+0x8a9/0x11d0 [ 52.432307][ T56] worker_thread+0xa47/0x1200 [ 52.438555][ T56] kthread+0x28d/0x320 [ 52.444282][ T56] ret_from_fork+0x1f/0x30 [ 52.450271][ T56] } [ 52.452761][ T56] ... key at: [] sock_hash_alloc.__key+0x0/0x20 [ 52.461099][ T56] ... acquired at: [ 52.464984][ T56] lock_acquire+0x1f8/0x5a0 [ 52.469666][ T56] _raw_spin_lock_bh+0x31/0x40 [ 52.474611][ T56] sock_hash_delete_elem+0xac/0x2f0 [ 52.479996][ T56] bpf_prog_2c29ac5cdc6b1842+0x3a/0x3e [ 52.485642][ T56] bpf_trace_run1+0x1d9/0x3d0 [ 52.490545][ T56] trace_workqueue_activate_work+0x1c0/0x250 [ 52.496703][ T56] __queue_work+0xa81/0xf90 [ 52.501392][ T56] queue_work_on+0x14b/0x250 [ 52.506166][ T56] synchronize_rcu_expedited+0x69d/0x930 [ 52.511991][ T56] synchronize_rcu+0x11c/0x3f0 [ 52.516926][ T56] sock_hash_free+0xa8/0x820 [ 52.521699][ T56] process_one_work+0x8a9/0x11d0 [ 52.526824][ T56] worker_thread+0xa47/0x1200 [ 52.531690][ T56] kthread+0x28d/0x320 [ 52.535943][ T56] ret_from_fork+0x1f/0x30 [ 52.540534][ T56] [ 52.542855][ T56] [ 52.542855][ T56] stack backtrace: [ 52.548747][ T56] CPU: 1 PID: 56 Comm: kworker/u4:4 Not tainted 6.1.83-syzkaller #0 [ 52.556813][ T56] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 52.566867][ T56] Workqueue: events_unbound bpf_map_free_deferred [ 52.573411][ T56] Call Trace: [ 52.576693][ T56] [ 52.579622][ T56] dump_stack_lvl+0x1e3/0x2cb [ 52.584312][ T56] ? nf_tcp_handle_invalid+0x642/0x642 [ 52.589772][ T56] ? panic+0x75d/0x75d [ 52.593843][ T56] ? print_shortest_lock_dependencies+0xee/0x150 [ 52.600186][ T56] validate_chain+0x4d16/0x5950 [ 52.605058][ T56] ? reacquire_held_locks+0x660/0x660 [ 52.610441][ T56] ? mark_lock+0x9a/0x340 [ 52.614779][ T56] ? validate_chain+0x112/0x5950 [ 52.619732][ T56] ? register_lock_class+0x100/0x990 [ 52.625039][ T56] ? is_dynamic_key+0x260/0x260 [ 52.629898][ T56] ? validate_chain+0x112/0x5950 [ 52.634857][ T56] ? mark_lock+0x9a/0x340 [ 52.639196][ T56] __lock_acquire+0x125b/0x1f80 [ 52.644089][ T56] lock_acquire+0x1f8/0x5a0 [ 52.648630][ T56] ? sock_hash_delete_elem+0xac/0x2f0 [ 52.654080][ T56] ? lockdep_softirqs_on+0x590/0x590 [ 52.659382][ T56] ? read_lock_is_recursive+0x10/0x10 [ 52.664761][ T56] ? sock_hash_delete_elem+0xac/0x2f0 [ 52.670311][ T56] ? __bpf_trace_softirq+0x10/0x10 [ 52.675510][ T56] ? read_lock_is_recursive+0x10/0x10 [ 52.681164][ T56] ? sock_hash_delete_elem+0xac/0x2f0 [ 52.687773][ T56] _raw_spin_lock_bh+0x31/0x40 [ 52.692718][ T56] ? sock_hash_delete_elem+0xac/0x2f0 [ 52.698172][ T56] sock_hash_delete_elem+0xac/0x2f0 [ 52.703413][ T56] bpf_prog_2c29ac5cdc6b1842+0x3a/0x3e [ 52.708878][ T56] bpf_trace_run1+0x1d9/0x3d0 [ 52.713651][ T56] ? bpf_trace_run1+0xec/0x3d0 [ 52.718425][ T56] ? do_raw_spin_lock+0x14a/0x370 [ 52.723444][ T56] ? bpf_put_raw_tracepoint+0x60/0x60 [ 52.728816][ T56] ? __rwlock_init+0x140/0x140 [ 52.733587][ T56] trace_workqueue_activate_work+0x1c0/0x250 [ 52.739757][ T56] __queue_work+0xa81/0xf90 [ 52.744362][ T56] ? __queue_work+0xe5/0xf90 [ 52.748958][ T56] queue_work_on+0x14b/0x250 [ 52.753559][ T56] ? _raw_spin_unlock_irqrestore+0x8b/0x130 [ 52.759808][ T56] ? wq_worker_last_func+0x40/0x40 [ 52.765039][ T56] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 52.771047][ T56] ? _raw_spin_unlock+0x40/0x40 [ 52.775908][ T56] synchronize_rcu_expedited+0x69d/0x930 [ 52.781582][ T56] ? synchronize_rcu+0x3f0/0x3f0 [ 52.786647][ T56] ? reacquire_held_locks+0x660/0x660 [ 52.792054][ T56] ? reacquire_held_locks+0x660/0x660 [ 52.797444][ T56] ? sync_rcu_exp_done_unlocked+0x140/0x140 [ 52.803430][ T56] ? reacquire_held_locks+0x660/0x660 [ 52.808891][ T56] ? __lock_acquire+0x125b/0x1f80 [ 52.817687][ T56] ? mark_lock+0x9a/0x340 [ 52.822032][ T56] ? look_up_lock_class+0x77/0x140 [ 52.827151][ T56] ? register_lock_class+0x100/0x990 [ 52.832456][ T56] synchronize_rcu+0x11c/0x3f0 [ 52.837233][ T56] ? schedule_delayed_monitor_work+0x160/0x160 [ 52.843652][ T56] ? __lock_acquire+0x125b/0x1f80 [ 52.848692][ T56] ? process_one_work+0x7a9/0x11d0 [ 52.853805][ T56] sock_hash_free+0xa8/0x820 [ 52.858438][ T56] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 52.864467][ T56] ? print_irqtrace_events+0x210/0x210 [ 52.869929][ T56] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 52.875913][ T56] ? sock_hash_alloc+0x500/0x500 [ 52.880856][ T56] ? bpf_map_free_deferred+0x46/0xc0 [ 52.886861][ T56] ? bpf_map_free_deferred+0x46/0xc0 [ 52.892258][ T56] ? kfree+0x30/0x190 [ 52.896284][ T56] ? process_one_work+0x7a9/0x11d0 [ 52.901573][ T56] process_one_work+0x8a9/0x11d0 [ 52.906621][ T56] ? worker_detach_from_pool+0x260/0x260 [ 52.912362][ T56] ? _raw_spin_lock_irqsave+0x120/0x120 [ 52.918025][ T56] ? kthread_data+0x4e/0xc0 [ 52.922646][ T56] ? wq_worker_running+0x97/0x190 [ 52.927676][ T56] worker_thread+0xa47/0x1200 [ 52.932363][ T56] ? _raw_spin_unlock+0x40/0x40 [ 52.937229][ T56] kthread+0x28d/0x320 [ 52.941304][ T56] ? worker_clr_flags+0x190/0x190 [ 52.946354][ T56] ? kthread_blkcg+0xd0/0xd0 [ 52.950961][ T56] ret_from_fork+0x1f/0x30 [ 52.955479][ T56]