Warning: Permanently added '10.128.1.90' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 49.945277][ T3015] [ 49.947643][ T3015] ===================================================== [ 49.954652][ T3015] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 49.962110][ T3015] 6.1.82-syzkaller #0 Not tainted [ 49.967136][ T3015] ----------------------------------------------------- [ 49.974064][ T3015] kworker/0:3/3015 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire: [ 49.981777][ T3015] ffff88807a233020 (&htab->buckets[i].lock){+...}-{2:2}, at: sock_hash_delete_elem+0xac/0x2f0 [ 49.992051][ T3015] [ 49.992051][ T3015] and this task is already holding: [ 49.999408][ T3015] ffff8880b9828358 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x120/0x260 [ 50.008268][ T3015] which would create a new lock dependency: [ 50.014140][ T3015] (&base->lock){-.-.}-{2:2} -> (&htab->buckets[i].lock){+...}-{2:2} [ 50.022332][ T3015] [ 50.022332][ T3015] but this new dependency connects a HARDIRQ-irq-safe lock: [ 50.031773][ T3015] (&base->lock){-.-.}-{2:2} [ 50.031796][ T3015] [ 50.031796][ T3015] ... which became HARDIRQ-irq-safe at: [ 50.044051][ T3015] lock_acquire+0x1f8/0x5a0 [ 50.048642][ T3015] _raw_spin_lock_irqsave+0xd1/0x120 [ 50.054029][ T3015] lock_timer_base+0x120/0x260 [ 50.058892][ T3015] add_timer_on+0x1eb/0x580 [ 50.063486][ T3015] handle_irq_event+0xa9/0x1e0 [ 50.068343][ T3015] handle_edge_irq+0x245/0xbf0 [ 50.073210][ T3015] __common_interrupt+0xd7/0x1f0 [ 50.078243][ T3015] common_interrupt+0x9f/0xc0 [ 50.083095][ T3015] asm_common_interrupt+0x22/0x40 [ 50.088203][ T3015] console_emit_next_record+0xc69/0xea0 [ 50.093827][ T3015] console_unlock+0x278/0x7c0 [ 50.098583][ T3015] vprintk_emit+0x523/0x740 [ 50.103167][ T3015] _printk+0xd1/0x111 [ 50.107229][ T3015] cpu_select_mitigations+0x38/0x8f [ 50.112504][ T3015] arch_cpu_finalize_init+0xf/0x81 [ 50.117690][ T3015] start_kernel+0x423/0x53f [ 50.122271][ T3015] secondary_startup_64_no_verify+0xcf/0xdb [ 50.128245][ T3015] [ 50.128245][ T3015] to a HARDIRQ-irq-unsafe lock: [ 50.135264][ T3015] (&htab->buckets[i].lock){+...}-{2:2} [ 50.135287][ T3015] [ 50.135287][ T3015] ... which became HARDIRQ-irq-unsafe at: [ 50.148694][ T3015] ... [ 50.148703][ T3015] lock_acquire+0x1f8/0x5a0 [ 50.155862][ T3015] _raw_spin_lock_bh+0x31/0x40 [ 50.160707][ T3015] sock_hash_free+0x160/0x820 [ 50.165478][ T3015] process_one_work+0x8a9/0x11d0 [ 50.170498][ T3015] worker_thread+0xa47/0x1200 [ 50.175262][ T3015] kthread+0x28d/0x320 [ 50.179425][ T3015] ret_from_fork+0x1f/0x30 [ 50.183927][ T3015] [ 50.183927][ T3015] other info that might help us debug this: [ 50.183927][ T3015] [ 50.194147][ T3015] Possible interrupt unsafe locking scenario: [ 50.194147][ T3015] [ 50.202473][ T3015] CPU0 CPU1 [ 50.207846][ T3015] ---- ---- [ 50.213203][ T3015] lock(&htab->buckets[i].lock); [ 50.218256][ T3015] local_irq_disable(); [ 50.225013][ T3015] lock(&base->lock); [ 50.231607][ T3015] lock(&htab->buckets[i].lock); [ 50.239253][ T3015] [ 50.242709][ T3015] lock(&base->lock); [ 50.246950][ T3015] [ 50.246950][ T3015] *** DEADLOCK *** [ 50.246950][ T3015] [ 50.255086][ T3015] 4 locks held by kworker/0:3/3015: [ 50.260270][ T3015] #0: ffff888012472138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 50.270617][ T3015] #1: ffffc9000c9ffd20 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 50.281999][ T3015] #2: ffff8880b9828358 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x120/0x260 [ 50.291316][ T3015] #3: ffffffff8d12a940 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run3+0x146/0x440 [ 50.300737][ T3015] [ 50.300737][ T3015] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 50.311148][ T3015] -> (&base->lock){-.-.}-{2:2} { [ 50.316090][ T3015] IN-HARDIRQ-W at: [ 50.320056][ T3015] lock_acquire+0x1f8/0x5a0 [ 50.326203][ T3015] _raw_spin_lock_irqsave+0xd1/0x120 [ 50.333131][ T3015] lock_timer_base+0x120/0x260 [ 50.339533][ T3015] add_timer_on+0x1eb/0x580 [ 50.345672][ T3015] handle_irq_event+0xa9/0x1e0 [ 50.352076][ T3015] handle_edge_irq+0x245/0xbf0 [ 50.358487][ T3015] __common_interrupt+0xd7/0x1f0 [ 50.365071][ T3015] common_interrupt+0x9f/0xc0 [ 50.371392][ T3015] asm_common_interrupt+0x22/0x40 [ 50.378058][ T3015] console_emit_next_record+0xc69/0xea0 [ 50.385244][ T3015] console_unlock+0x278/0x7c0 [ 50.391562][ T3015] vprintk_emit+0x523/0x740 [ 50.397723][ T3015] _printk+0xd1/0x111 [ 50.403355][ T3015] cpu_select_mitigations+0x38/0x8f [ 50.410193][ T3015] arch_cpu_finalize_init+0xf/0x81 [ 50.416946][ T3015] start_kernel+0x423/0x53f [ 50.423093][ T3015] secondary_startup_64_no_verify+0xcf/0xdb [ 50.430633][ T3015] IN-SOFTIRQ-W at: [ 50.434599][ T3015] lock_acquire+0x1f8/0x5a0 [ 50.440764][ T3015] _raw_spin_lock_irq+0xcf/0x110 [ 50.447355][ T3015] __run_timers+0x111/0x890 [ 50.453510][ T3015] run_timer_softirq+0x63/0xf0 [ 50.460030][ T3015] __do_softirq+0x2e9/0xa4c [ 50.466186][ T3015] __irq_exit_rcu+0x155/0x240 [ 50.472776][ T3015] irq_exit_rcu+0x5/0x20 [ 50.478833][ T3015] common_interrupt+0xa4/0xc0 [ 50.485166][ T3015] asm_common_interrupt+0x22/0x40 [ 50.491934][ T3015] console_emit_next_record+0xc69/0xea0 [ 50.499399][ T3015] console_unlock+0x278/0x7c0 [ 50.505753][ T3015] vprintk_emit+0x523/0x740 [ 50.512100][ T3015] _printk+0xd1/0x111 [ 50.517826][ T3015] md_clear_update_mitigation+0x36f/0x4aa [ 50.525195][ T3015] cpu_select_mitigations+0x56/0x8f [ 50.532047][ T3015] arch_cpu_finalize_init+0xf/0x81 [ 50.538809][ T3015] start_kernel+0x423/0x53f [ 50.544964][ T3015] secondary_startup_64_no_verify+0xcf/0xdb [ 50.552519][ T3015] INITIAL USE at: [ 50.556401][ T3015] lock_acquire+0x1f8/0x5a0 [ 50.562458][ T3015] _raw_spin_lock_irqsave+0xd1/0x120 [ 50.569307][ T3015] lock_timer_base+0x120/0x260 [ 50.575647][ T3015] add_timer_on+0x1eb/0x580 [ 50.581712][ T3015] handle_irq_event+0xa9/0x1e0 [ 50.588119][ T3015] handle_edge_irq+0x245/0xbf0 [ 50.594456][ T3015] __common_interrupt+0xd7/0x1f0 [ 50.601059][ T3015] common_interrupt+0x9f/0xc0 [ 50.607302][ T3015] asm_common_interrupt+0x22/0x40 [ 50.613913][ T3015] console_emit_next_record+0xc69/0xea0 [ 50.621027][ T3015] console_unlock+0x278/0x7c0 [ 50.627262][ T3015] vprintk_emit+0x523/0x740 [ 50.633326][ T3015] _printk+0xd1/0x111 [ 50.638867][ T3015] cpu_select_mitigations+0x38/0x8f [ 50.645628][ T3015] arch_cpu_finalize_init+0xf/0x81 [ 50.652292][ T3015] start_kernel+0x423/0x53f [ 50.658374][ T3015] secondary_startup_64_no_verify+0xcf/0xdb [ 50.665826][ T3015] } [ 50.668313][ T3015] ... key at: [] init_timer_cpu.__key+0x0/0x20 [ 50.676548][ T3015] [ 50.676548][ T3015] the dependencies between the lock to be acquired [ 50.676555][ T3015] and HARDIRQ-irq-unsafe lock: [ 50.690073][ T3015] -> (&htab->buckets[i].lock){+...}-{2:2} { [ 50.695976][ T3015] HARDIRQ-ON-W at: [ 50.699946][ T3015] lock_acquire+0x1f8/0x5a0 [ 50.706096][ T3015] _raw_spin_lock_bh+0x31/0x40 [ 50.712498][ T3015] sock_hash_free+0x160/0x820 [ 50.718820][ T3015] process_one_work+0x8a9/0x11d0 [ 50.725397][ T3015] worker_thread+0xa47/0x1200 [ 50.731713][ T3015] kthread+0x28d/0x320 [ 50.737434][ T3015] ret_from_fork+0x1f/0x30 [ 50.743587][ T3015] INITIAL USE at: [ 50.747469][ T3015] lock_acquire+0x1f8/0x5a0 [ 50.753553][ T3015] _raw_spin_lock_bh+0x31/0x40 [ 50.759881][ T3015] sock_hash_free+0x160/0x820 [ 50.766134][ T3015] process_one_work+0x8a9/0x11d0 [ 50.772639][ T3015] worker_thread+0xa47/0x1200 [ 50.778900][ T3015] kthread+0x28d/0x320 [ 50.784592][ T3015] ret_from_fork+0x1f/0x30 [ 50.790579][ T3015] } [ 50.793068][ T3015] ... key at: [] sock_hash_alloc.__key+0x0/0x20 [ 50.801396][ T3015] ... acquired at: [ 50.805184][ T3015] lock_acquire+0x1f8/0x5a0 [ 50.809853][ T3015] _raw_spin_lock_bh+0x31/0x40 [ 50.814781][ T3015] sock_hash_delete_elem+0xac/0x2f0 [ 50.820146][ T3015] bpf_prog_2e01b746faa822d9+0x42/0x46 [ 50.825771][ T3015] bpf_trace_run3+0x231/0x440 [ 50.830612][ T3015] enqueue_timer+0x440/0x600 [ 50.835365][ T3015] __mod_timer+0x92b/0xee0 [ 50.839963][ T3015] schedule_timeout+0x1b4/0x300 [ 50.844993][ T3015] rcu_exp_sel_wait_wake+0x764/0x1d50 [ 50.850534][ T3015] process_one_work+0x8a9/0x11d0 [ 50.855638][ T3015] worker_thread+0xa47/0x1200 [ 50.860486][ T3015] kthread+0x28d/0x320 [ 50.864746][ T3015] ret_from_fork+0x1f/0x30 [ 50.869329][ T3015] [ 50.871640][ T3015] [ 50.871640][ T3015] stack backtrace: [ 50.877529][ T3015] CPU: 0 PID: 3015 Comm: kworker/0:3 Not tainted 6.1.82-syzkaller #0 [ 50.885588][ T3015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 50.895641][ T3015] Workqueue: rcu_gp wait_rcu_exp_gp [ 50.900870][ T3015] Call Trace: [ 50.904140][ T3015] [ 50.907066][ T3015] dump_stack_lvl+0x1e3/0x2cb [ 50.911742][ T3015] ? nf_tcp_handle_invalid+0x642/0x642 [ 50.917207][ T3015] ? panic+0x75d/0x75d [ 50.921273][ T3015] ? print_shortest_lock_dependencies+0xee/0x150 [ 50.927598][ T3015] validate_chain+0x4d16/0x5950 [ 50.932455][ T3015] ? reacquire_held_locks+0x660/0x660 [ 50.937826][ T3015] ? reacquire_held_locks+0x660/0x660 [ 50.943289][ T3015] ? register_lock_class+0x100/0x990 [ 50.948570][ T3015] ? validate_chain+0x112/0x5950 [ 50.953503][ T3015] ? is_dynamic_key+0x260/0x260 [ 50.958348][ T3015] ? mark_lock+0x9a/0x340 [ 50.962669][ T3015] __lock_acquire+0x125b/0x1f80 [ 50.967519][ T3015] lock_acquire+0x1f8/0x5a0 [ 50.972019][ T3015] ? sock_hash_delete_elem+0xac/0x2f0 [ 50.977390][ T3015] ? lockdep_softirqs_on+0x590/0x590 [ 50.982676][ T3015] ? read_lock_is_recursive+0x10/0x10 [ 50.988044][ T3015] ? sock_hash_delete_elem+0xac/0x2f0 [ 50.993411][ T3015] ? __bpf_trace_softirq+0x10/0x10 [ 50.998515][ T3015] ? read_lock_is_recursive+0x10/0x10 [ 51.003881][ T3015] ? sock_hash_delete_elem+0xac/0x2f0 [ 51.009249][ T3015] _raw_spin_lock_bh+0x31/0x40 [ 51.014003][ T3015] ? sock_hash_delete_elem+0xac/0x2f0 [ 51.019366][ T3015] sock_hash_delete_elem+0xac/0x2f0 [ 51.024562][ T3015] bpf_prog_2e01b746faa822d9+0x42/0x46 [ 51.030010][ T3015] bpf_trace_run3+0x231/0x440 [ 51.034674][ T3015] ? bpf_trace_run3+0x146/0x440 [ 51.039516][ T3015] ? bpf_trace_run2+0x410/0x410 [ 51.044354][ T3015] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 51.050236][ T3015] ? _raw_spin_lock_irqsave+0xdd/0x120 [ 51.055684][ T3015] ? _raw_spin_lock+0x40/0x40 [ 51.060353][ T3015] enqueue_timer+0x440/0x600 [ 51.064936][ T3015] __mod_timer+0x92b/0xee0 [ 51.069343][ T3015] ? mod_timer_pending+0x20/0x20 [ 51.074269][ T3015] ? lockdep_softirqs_off+0x420/0x420 [ 51.079631][ T3015] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 51.085513][ T3015] ? _raw_spin_unlock+0x40/0x40 [ 51.090353][ T3015] schedule_timeout+0x1b4/0x300 [ 51.095199][ T3015] ? console_conditional_schedule+0x40/0x40 [ 51.101083][ T3015] ? update_process_times+0x1b0/0x1b0 [ 51.106449][ T3015] rcu_exp_sel_wait_wake+0x764/0x1d50 [ 51.111816][ T3015] ? read_lock_is_recursive+0x10/0x10 [ 51.117184][ T3015] ? rcu_check_gp_start_stall+0x450/0x450 [ 51.122891][ T3015] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 51.128862][ T3015] ? do_raw_spin_unlock+0x137/0x8a0 [ 51.134053][ T3015] ? process_one_work+0x7a9/0x11d0 [ 51.139154][ T3015] process_one_work+0x8a9/0x11d0 [ 51.144096][ T3015] ? worker_detach_from_pool+0x260/0x260 [ 51.149721][ T3015] ? _raw_spin_lock_irqsave+0x120/0x120 [ 51.155255][ T3015] ? kthread_data+0x4e/0xc0 [ 51.159752][ T3015] ? wq_worker_running+0x97/0x190 [ 51.164777][ T3015] worker_thread+0xa47/0x1200 [ 51.169449][ T3015] ? _raw_spin_unlock+0x40/0x40 [ 51.174288][ T3015] ? __sched_text_start+0x8/0x8 [ 51.179132][ T3015] ? _raw_spin_unlock+0x40/0x40 [ 51.183976][ T3015] kthread+0x28d/0x320 [ 51.188040][ T3015] ? worker_clr_flags+0x190/0x190 [ 51.193054][ T3015] ? kthread_blkcg+0xd0/0xd0 [ 51.197639][ T3015] ret_from_fork+0x1f/0x30 [ 51.202142][ T3015]