Warning: Permanently added '10.128.0.93' (ED25519) to the list of known hosts. executing program executing program executing program executing program [ 54.553597][ T18] [ 54.555950][ T18] ===================================================== [ 54.562866][ T18] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 54.570305][ T18] 6.8.0-syzkaller-05236-g443574b03387 #0 Not tainted [ 54.576958][ T18] ----------------------------------------------------- [ 54.583870][ T18] rcu_exp_gp_kthr/18 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire: [ 54.591745][ T18] ffff88802de7a020 (&htab->buckets[i].lock){+...}-{2:2}, at: sock_hash_delete_elem+0xb0/0x300 [ 54.602021][ T18] [ 54.602021][ T18] and this task is already holding: [ 54.609371][ T18] ffffffff8e136558 (rcu_node_0){-.-.}-{2:2}, at: sync_rcu_exp_done_unlocked+0xe/0x140 [ 54.618924][ T18] which would create a new lock dependency: [ 54.624795][ T18] (rcu_node_0){-.-.}-{2:2} -> (&htab->buckets[i].lock){+...}-{2:2} [ 54.632789][ T18] [ 54.632789][ T18] but this new dependency connects a HARDIRQ-irq-safe lock: [ 54.642220][ T18] (rcu_node_0){-.-.}-{2:2} [ 54.642239][ T18] [ 54.642239][ T18] ... which became HARDIRQ-irq-safe at: [ 54.654405][ T18] lock_acquire+0x1e4/0x530 [ 54.658981][ T18] _raw_spin_lock_irqsave+0xd5/0x120 [ 54.664353][ T18] rcu_report_exp_cpu_mult+0x27/0x2f0 [ 54.669799][ T18] __flush_smp_call_function_queue+0xb2e/0x15b0 [ 54.676116][ T18] __sysvec_call_function_single+0xa8/0x3e0 [ 54.682087][ T18] sysvec_call_function_single+0x9e/0xc0 [ 54.687792][ T18] asm_sysvec_call_function_single+0x1a/0x20 [ 54.693852][ T18] string+0x298/0x2b0 [ 54.697910][ T18] vsnprintf+0x1101/0x1da0 [ 54.702403][ T18] add_uevent_var+0x1c8/0x450 [ 54.707157][ T18] kobject_uevent_env+0x325/0x8f0 [ 54.712255][ T18] driver_register+0x2d6/0x320 [ 54.717092][ T18] do_one_initcall+0x238/0x830 [ 54.721930][ T18] do_initcall_level+0x157/0x210 [ 54.726945][ T18] do_initcalls+0x3f/0x80 [ 54.731346][ T18] kernel_init_freeable+0x435/0x5d0 [ 54.736615][ T18] kernel_init+0x1d/0x2a0 [ 54.741022][ T18] ret_from_fork+0x4b/0x80 [ 54.745515][ T18] ret_from_fork_asm+0x1a/0x30 [ 54.750357][ T18] [ 54.750357][ T18] to a HARDIRQ-irq-unsafe lock: [ 54.757358][ T18] (&htab->buckets[i].lock){+...}-{2:2} [ 54.757379][ T18] [ 54.757379][ T18] ... which became HARDIRQ-irq-unsafe at: [ 54.770765][ T18] ... [ 54.770770][ T18] lock_acquire+0x1e4/0x530 [ 54.777909][ T18] _raw_spin_lock_bh+0x35/0x50 [ 54.782746][ T18] sock_hash_delete_elem+0xb0/0x300 [ 54.788020][ T18] 0xffffffffa0001fd6 [ 54.792072][ T18] bpf_trace_run2+0x204/0x420 [ 54.796823][ T18] trace_contention_end+0xd7/0x100 [ 54.802014][ T18] __mutex_lock+0x2e5/0xd70 [ 54.806593][ T18] futex_exit_release+0x34/0x1f0 [ 54.811633][ T18] exit_mm_release+0x1a/0x30 [ 54.816323][ T18] exit_mm+0xb0/0x310 [ 54.820388][ T18] do_exit+0x99e/0x27e0 [ 54.824624][ T18] do_group_exit+0x207/0x2c0 [ 54.829298][ T18] __x64_sys_exit_group+0x3f/0x40 [ 54.834402][ T18] do_syscall_64+0xfb/0x240 [ 54.838987][ T18] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 54.844960][ T18] [ 54.844960][ T18] other info that might help us debug this: [ 54.844960][ T18] [ 54.855178][ T18] Possible interrupt unsafe locking scenario: [ 54.855178][ T18] [ 54.863481][ T18] CPU0 CPU1 [ 54.868847][ T18] ---- ---- [ 54.874198][ T18] lock(&htab->buckets[i].lock); [ 54.879211][ T18] local_irq_disable(); [ 54.885953][ T18] lock(rcu_node_0); [ 54.892443][ T18] lock(&htab->buckets[i].lock); [ 54.899973][ T18] [ 54.903414][ T18] lock(rcu_node_0); [ 54.907558][ T18] [ 54.907558][ T18] *** DEADLOCK *** [ 54.907558][ T18] [ 54.915686][ T18] 2 locks held by rcu_exp_gp_kthr/18: [ 54.921039][ T18] #0: ffffffff8e136558 (rcu_node_0){-.-.}-{2:2}, at: sync_rcu_exp_done_unlocked+0xe/0x140 [ 54.931032][ T18] #1: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x114/0x420 [ 54.940418][ T18] [ 54.940418][ T18] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 54.950804][ T18] -> (rcu_node_0){-.-.}-{2:2} { [ 54.955658][ T18] IN-HARDIRQ-W at: [ 54.959626][ T18] lock_acquire+0x1e4/0x530 [ 54.965766][ T18] _raw_spin_lock_irqsave+0xd5/0x120 [ 54.972688][ T18] rcu_report_exp_cpu_mult+0x27/0x2f0 [ 54.979695][ T18] __flush_smp_call_function_queue+0xb2e/0x15b0 [ 54.987571][ T18] __sysvec_call_function_single+0xa8/0x3e0 [ 54.995100][ T18] sysvec_call_function_single+0x9e/0xc0 [ 55.002372][ T18] asm_sysvec_call_function_single+0x1a/0x20 [ 55.009996][ T18] string+0x298/0x2b0 [ 55.015618][ T18] vsnprintf+0x1101/0x1da0 [ 55.021674][ T18] add_uevent_var+0x1c8/0x450 [ 55.027994][ T18] kobject_uevent_env+0x325/0x8f0 [ 55.034657][ T18] driver_register+0x2d6/0x320 [ 55.041057][ T18] do_one_initcall+0x238/0x830 [ 55.047475][ T18] do_initcall_level+0x157/0x210 [ 55.054061][ T18] do_initcalls+0x3f/0x80 [ 55.060030][ T18] kernel_init_freeable+0x435/0x5d0 [ 55.066868][ T18] kernel_init+0x1d/0x2a0 [ 55.072850][ T18] ret_from_fork+0x4b/0x80 [ 55.078917][ T18] ret_from_fork_asm+0x1a/0x30 [ 55.085328][ T18] IN-SOFTIRQ-W at: [ 55.089302][ T18] lock_acquire+0x1e4/0x530 [ 55.095448][ T18] _raw_spin_lock_irqsave+0xd5/0x120 [ 55.102378][ T18] rcu_core+0x3ae/0x1830 [ 55.108268][ T18] __do_softirq+0x2bc/0x943 [ 55.114410][ T18] __irq_exit_rcu+0xf2/0x1c0 [ 55.120635][ T18] irq_exit_rcu+0x9/0x30 [ 55.126515][ T18] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 55.134312][ T18] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 55.141935][ T18] lock_is_held_type+0x13b/0x190 [ 55.148508][ T18] __might_resched+0xf4/0x780 [ 55.154822][ T18] kmalloc_trace+0x67/0x360 [ 55.160965][ T18] ddebug_add_module+0x88/0x800 [ 55.167451][ T18] dynamic_debug_init+0x205/0x5a0 [ 55.174115][ T18] do_one_initcall+0x238/0x830 [ 55.180520][ T18] do_pre_smp_initcalls+0x57/0xa0 [ 55.187177][ T18] kernel_init_freeable+0x40d/0x5d0 [ 55.194010][ T18] kernel_init+0x1d/0x2a0 [ 55.199977][ T18] ret_from_fork+0x4b/0x80 [ 55.206033][ T18] ret_from_fork_asm+0x1a/0x30 [ 55.212434][ T18] INITIAL USE at: [ 55.216315][ T18] lock_acquire+0x1e4/0x530 [ 55.222399][ T18] _raw_spin_lock_irqsave+0xd5/0x120 [ 55.229242][ T18] rcutree_prepare_cpu+0x71/0x640 [ 55.235818][ T18] rcu_init+0x9b/0x140 [ 55.241447][ T18] start_kernel+0x1f7/0x500 [ 55.247517][ T18] x86_64_start_reservations+0x2a/0x30 [ 55.254534][ T18] x86_64_start_kernel+0x99/0xa0 [ 55.261018][ T18] common_startup_64+0x13e/0x147 [ 55.267503][ T18] } [ 55.269985][ T18] ... key at: [] rcu_init_one.rcu_node_class+0x0/0x20 [ 55.278828][ T18] [ 55.278828][ T18] the dependencies between the lock to be acquired [ 55.278836][ T18] and HARDIRQ-irq-unsafe lock: [ 55.292334][ T18] -> (&htab->buckets[i].lock){+...}-{2:2} { [ 55.298231][ T18] HARDIRQ-ON-W at: [ 55.302212][ T18] lock_acquire+0x1e4/0x530 [ 55.308364][ T18] _raw_spin_lock_bh+0x35/0x50 [ 55.314767][ T18] sock_hash_delete_elem+0xb0/0x300 [ 55.321605][ T18] 0xffffffffa0001fd6 [ 55.327219][ T18] bpf_trace_run2+0x204/0x420 [ 55.333536][ T18] trace_contention_end+0xd7/0x100 [ 55.340288][ T18] __mutex_lock+0x2e5/0xd70 [ 55.346430][ T18] futex_exit_release+0x34/0x1f0 [ 55.353007][ T18] exit_mm_release+0x1a/0x30 [ 55.359240][ T18] exit_mm+0xb0/0x310 [ 55.364864][ T18] do_exit+0x99e/0x27e0 [ 55.370658][ T18] do_group_exit+0x207/0x2c0 [ 55.376886][ T18] __x64_sys_exit_group+0x3f/0x40 [ 55.383550][ T18] do_syscall_64+0xfb/0x240 [ 55.389691][ T18] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 55.397222][ T18] INITIAL USE at: [ 55.401101][ T18] lock_acquire+0x1e4/0x530 [ 55.407152][ T18] _raw_spin_lock_bh+0x35/0x50 [ 55.413466][ T18] sock_hash_delete_elem+0xb0/0x300 [ 55.420213][ T18] 0xffffffffa0001fd6 [ 55.425742][ T18] bpf_trace_run2+0x204/0x420 [ 55.431965][ T18] trace_contention_end+0xd7/0x100 [ 55.438628][ T18] __mutex_lock+0x2e5/0xd70 [ 55.444684][ T18] futex_exit_release+0x34/0x1f0 [ 55.451171][ T18] exit_mm_release+0x1a/0x30 [ 55.457308][ T18] exit_mm+0xb0/0x310 [ 55.462842][ T18] do_exit+0x99e/0x27e0 [ 55.468551][ T18] do_group_exit+0x207/0x2c0 [ 55.474691][ T18] __x64_sys_exit_group+0x3f/0x40 [ 55.481264][ T18] do_syscall_64+0xfb/0x240 [ 55.487318][ T18] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 55.494761][ T18] } [ 55.497247][ T18] ... key at: [] sock_hash_alloc.__key+0x0/0x20 [ 55.505580][ T18] ... acquired at: [ 55.509367][ T18] lock_acquire+0x1e4/0x530 [ 55.514031][ T18] _raw_spin_lock_bh+0x35/0x50 [ 55.518953][ T18] sock_hash_delete_elem+0xb0/0x300 [ 55.524310][ T18] bpf_prog_05fc780d7a5f93f9+0x4a/0x4e [ 55.529927][ T18] bpf_trace_run2+0x204/0x420 [ 55.534763][ T18] trace_contention_end+0xf6/0x120 [ 55.540034][ T18] __pv_queued_spin_lock_slowpath+0x939/0xc60 [ 55.546262][ T18] queued_spin_lock_slowpath+0x42/0x50 [ 55.551883][ T18] do_raw_spin_lock+0x272/0x370 [ 55.556899][ T18] _raw_spin_lock_irqsave+0xe1/0x120 [ 55.562344][ T18] sync_rcu_exp_done_unlocked+0xe/0x140 [ 55.568050][ T18] rcu_exp_sel_wait_wake+0x628/0x1df0 [ 55.573581][ T18] kthread_worker_fn+0x4bf/0xab0 [ 55.578675][ T18] kthread+0x2f0/0x390 [ 55.582904][ T18] ret_from_fork+0x4b/0x80 [ 55.587481][ T18] ret_from_fork_asm+0x1a/0x30 [ 55.592409][ T18] [ 55.594714][ T18] [ 55.594714][ T18] stack backtrace: [ 55.600581][ T18] CPU: 1 PID: 18 Comm: rcu_exp_gp_kthr Not tainted 6.8.0-syzkaller-05236-g443574b03387 #0 [ 55.610454][ T18] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 55.620491][ T18] Call Trace: [ 55.623757][ T18] [ 55.626679][ T18] dump_stack_lvl+0x1e7/0x2e0 [ 55.631346][ T18] ? __pfx_dump_stack_lvl+0x10/0x10 [ 55.636533][ T18] ? __pfx__printk+0x10/0x10 [ 55.641111][ T18] ? print_shortest_lock_dependencies+0xf2/0x160 [ 55.647431][ T18] validate_chain+0x4dc7/0x58e0 [ 55.652276][ T18] ? __pfx_validate_chain+0x10/0x10 [ 55.657464][ T18] ? __pfx_validate_chain+0x10/0x10 [ 55.662651][ T18] ? register_lock_class+0x102/0x980 [ 55.667922][ T18] ? __pfx_register_lock_class+0x10/0x10 [ 55.673542][ T18] ? mark_lock+0x9a/0x350 [ 55.677864][ T18] __lock_acquire+0x1346/0x1fd0 [ 55.682708][ T18] lock_acquire+0x1e4/0x530 [ 55.687196][ T18] ? sock_hash_delete_elem+0xb0/0x300 [ 55.692554][ T18] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 55.698261][ T18] ? __pfx_lock_acquire+0x10/0x10 [ 55.703271][ T18] ? __pfx_validate_chain+0x10/0x10 [ 55.708454][ T18] ? sock_hash_delete_elem+0xb0/0x300 [ 55.713814][ T18] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 55.719608][ T18] ? __pfx_lock_acquire+0x10/0x10 [ 55.724626][ T18] ? sock_hash_delete_elem+0xb0/0x300 [ 55.729985][ T18] _raw_spin_lock_bh+0x35/0x50 [ 55.734739][ T18] ? sock_hash_delete_elem+0xb0/0x300 [ 55.740094][ T18] sock_hash_delete_elem+0xb0/0x300 [ 55.745282][ T18] bpf_prog_05fc780d7a5f93f9+0x4a/0x4e [ 55.750726][ T18] bpf_trace_run2+0x204/0x420 [ 55.755390][ T18] ? bpf_trace_run2+0x114/0x420 [ 55.760226][ T18] ? __pfx_bpf_trace_run2+0x10/0x10 [ 55.765413][ T18] ? trace_contention_end+0x57/0x120 [ 55.770687][ T18] trace_contention_end+0xf6/0x120 [ 55.775790][ T18] __pv_queued_spin_lock_slowpath+0x939/0xc60 [ 55.781851][ T18] ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10 [ 55.788464][ T18] queued_spin_lock_slowpath+0x42/0x50 [ 55.793923][ T18] do_raw_spin_lock+0x272/0x370 [ 55.798767][ T18] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 55.804150][ T18] _raw_spin_lock_irqsave+0xe1/0x120 [ 55.809426][ T18] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 55.815303][ T18] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 55.821182][ T18] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 55.827500][ T18] sync_rcu_exp_done_unlocked+0xe/0x140 [ 55.833032][ T18] rcu_exp_sel_wait_wake+0x628/0x1df0 [ 55.838400][ T18] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 55.844364][ T18] ? __pfx_rcu_exp_sel_wait_wake+0x10/0x10 [ 55.850159][ T18] ? _raw_spin_lock_irq+0xdf/0x120 [ 55.855262][ T18] kthread_worker_fn+0x4bf/0xab0 [ 55.860189][ T18] ? kthread_worker_fn+0xdc/0xab0 [ 55.865202][ T18] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 55.870472][ T18] ? __pfx_kthread_worker_fn+0x10/0x10 [ 55.875917][ T18] kthread+0x2f0/0x390 [ 55.879978][ T18] ? __pfx_kthread_worker_fn+0x10/0x10 [ 55.885423][ T18] ? __pfx_kthread+0x10/0x10 [ 55.890001][ T18] ret_from_fork+0x4b/0x80 [ 55.894407][ T18] ? __pfx_kthread+0x10/0x10 [ 55.898989][ T18] ret_from_fork_asm+0x1a/0x30 [ 55.903748][ T18]