Warning: Permanently added '10.128.0.4' (ED25519) to the list of known hosts. executing program [ 50.771816][ T3542] [ 50.774167][ T3542] ===================================================== [ 50.781211][ T3542] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 50.788647][ T3542] 6.1.82-syzkaller #0 Not tainted [ 50.793654][ T3542] ----------------------------------------------------- [ 50.800564][ T3542] syz-executor277/3542 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire: [ 50.808611][ T3542] ffff8880771eb820 (&htab->buckets[i].lock){+...}-{2:2}, at: sock_hash_delete_elem+0xac/0x2f0 [ 50.818872][ T3542] [ 50.818872][ T3542] and this task is already holding: [ 50.826218][ T3542] ffffffff8d12f7d8 (rcu_node_0){-.-.}-{2:2}, at: rcu_note_context_switch+0x2a5/0xf10 [ 50.835684][ T3542] which would create a new lock dependency: [ 50.842506][ T3542] (rcu_node_0){-.-.}-{2:2} -> (&htab->buckets[i].lock){+...}-{2:2} [ 50.850487][ T3542] [ 50.850487][ T3542] but this new dependency connects a HARDIRQ-irq-safe lock: [ 50.859927][ T3542] (rcu_node_0){-.-.}-{2:2} [ 50.859943][ T3542] [ 50.859943][ T3542] ... which became HARDIRQ-irq-safe at: [ 50.872111][ T3542] lock_acquire+0x1f8/0x5a0 [ 50.876704][ T3542] _raw_spin_lock_irqsave+0xd1/0x120 [ 50.882158][ T3542] rcu_report_exp_cpu_mult+0x27/0x2e0 [ 50.887613][ T3542] __flush_smp_call_function_queue+0x60c/0xd00 [ 50.893849][ T3542] __sysvec_call_function_single+0xbb/0x360 [ 50.899818][ T3542] sysvec_call_function_single+0x89/0xb0 [ 50.905524][ T3542] asm_sysvec_call_function_single+0x16/0x20 [ 50.911584][ T3542] memset_erms+0xb/0x10 [ 50.915814][ T3542] kasan_unpoison+0x5d/0x80 [ 50.920410][ T3542] __asan_register_globals+0x38/0x70 [ 50.925771][ T3542] asan.module_ctor+0x11/0x20 [ 50.930572][ T3542] do_basic_setup+0x58/0x81 [ 50.935148][ T3542] kernel_init_freeable+0x45c/0x60f [ 50.940418][ T3542] kernel_init+0x19/0x290 [ 50.944813][ T3542] ret_from_fork+0x1f/0x30 [ 50.949319][ T3542] [ 50.949319][ T3542] to a HARDIRQ-irq-unsafe lock: [ 50.956322][ T3542] (&htab->buckets[i].lock){+...}-{2:2} [ 50.956342][ T3542] [ 50.956342][ T3542] ... which became HARDIRQ-irq-unsafe at: [ 50.969721][ T3542] ... [ 50.969727][ T3542] lock_acquire+0x1f8/0x5a0 [ 50.976861][ T3542] _raw_spin_lock_bh+0x31/0x40 [ 50.981696][ T3542] sock_hash_delete_elem+0xac/0x2f0 [ 50.987007][ T3542] bpf_prog_43221478a22f23b5+0x3a/0x3e [ 50.992664][ T3542] bpf_trace_run2+0x1fd/0x410 [ 50.997431][ T3542] trace_contention_end+0x12f/0x170 [ 51.002703][ T3542] __mutex_lock+0x2ed/0xd80 [ 51.007281][ T3542] do_epoll_wait+0x814/0x1e60 [ 51.012062][ T3542] __x64_sys_epoll_wait+0x253/0x2a0 [ 51.017336][ T3542] do_syscall_64+0x3d/0xb0 [ 51.022259][ T3542] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.028241][ T3542] [ 51.028241][ T3542] other info that might help us debug this: [ 51.028241][ T3542] [ 51.038461][ T3542] Possible interrupt unsafe locking scenario: [ 51.038461][ T3542] [ 51.046762][ T3542] CPU0 CPU1 [ 51.052108][ T3542] ---- ---- [ 51.057467][ T3542] lock(&htab->buckets[i].lock); [ 51.062484][ T3542] local_irq_disable(); [ 51.069228][ T3542] lock(rcu_node_0); [ 51.075710][ T3542] lock(&htab->buckets[i].lock); [ 51.083237][ T3542] [ 51.086671][ T3542] lock(rcu_node_0); [ 51.090811][ T3542] [ 51.090811][ T3542] *** DEADLOCK *** [ 51.090811][ T3542] [ 51.098938][ T3542] 4 locks held by syz-executor277/3542: [ 51.104547][ T3542] #0: ffff888028ab5b58 (&mm->mmap_lock){++++}-{3:3}, at: lock_mm_and_find_vma+0x2e/0x2e0 [ 51.115142][ T3542] #1: ffffffff8d12a940 (rcu_read_lock){....}-{1:2}, at: filemap_map_pages+0x277/0x12c0 [ 51.125037][ T3542] #2: ffffffff8d12f7d8 (rcu_node_0){-.-.}-{2:2}, at: rcu_note_context_switch+0x2a5/0xf10 [ 51.134943][ T3542] #3: ffffffff8d12a940 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x110/0x410 [ 51.144319][ T3542] [ 51.144319][ T3542] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 51.154707][ T3542] -> (rcu_node_0){-.-.}-{2:2} { [ 51.159548][ T3542] IN-HARDIRQ-W at: [ 51.163510][ T3542] lock_acquire+0x1f8/0x5a0 [ 51.169649][ T3542] _raw_spin_lock_irqsave+0xd1/0x120 [ 51.176652][ T3542] rcu_report_exp_cpu_mult+0x27/0x2e0 [ 51.183745][ T3542] __flush_smp_call_function_queue+0x60c/0xd00 [ 51.191533][ T3542] __sysvec_call_function_single+0xbb/0x360 [ 51.199059][ T3542] sysvec_call_function_single+0x89/0xb0 [ 51.206334][ T3542] asm_sysvec_call_function_single+0x16/0x20 [ 51.213950][ T3542] memset_erms+0xb/0x10 [ 51.219736][ T3542] kasan_unpoison+0x5d/0x80 [ 51.225868][ T3542] __asan_register_globals+0x38/0x70 [ 51.232785][ T3542] asan.module_ctor+0x11/0x20 [ 51.239095][ T3542] do_basic_setup+0x58/0x81 [ 51.245243][ T3542] kernel_init_freeable+0x45c/0x60f [ 51.252113][ T3542] kernel_init+0x19/0x290 [ 51.258104][ T3542] ret_from_fork+0x1f/0x30 [ 51.264158][ T3542] IN-SOFTIRQ-W at: [ 51.268123][ T3542] lock_acquire+0x1f8/0x5a0 [ 51.274266][ T3542] _raw_spin_lock+0x2a/0x40 [ 51.280405][ T3542] rcu_accelerate_cbs_unlocked+0x8a/0x230 [ 51.287759][ T3542] rcu_core+0x5a0/0x17e0 [ 51.293638][ T3542] __do_softirq+0x2e9/0xa4c [ 51.299788][ T3542] __irq_exit_rcu+0x155/0x240 [ 51.306116][ T3542] irq_exit_rcu+0x5/0x20 [ 51.311992][ T3542] sysvec_apic_timer_interrupt+0x91/0xb0 [ 51.319271][ T3542] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 51.326990][ T3542] __alloc_pages+0x3ee/0x770 [ 51.333223][ T3542] alloc_page_interleave+0x22/0x1c0 [ 51.340160][ T3542] __get_free_pages+0x8/0x30 [ 51.346391][ T3542] kasan_populate_vmalloc_pte+0x35/0xf0 [ 51.353595][ T3542] __apply_to_page_range+0x9c5/0xcc0 [ 51.360515][ T3542] alloc_vmap_area+0x1977/0x1ac0 [ 51.367175][ T3542] __get_vm_area_node+0x16c/0x360 [ 51.373835][ T3542] __vmalloc_node_range+0x394/0x1460 [ 51.380754][ T3542] dup_task_struct+0x3e5/0x6d0 [ 51.387150][ T3542] copy_process+0x637/0x4060 [ 51.393371][ T3542] fork_idle+0xa1/0x264 [ 51.399161][ T3542] idle_threads_init+0x118/0x22b [ 51.405728][ T3542] smp_init+0x14/0x149 [ 51.411427][ T3542] kernel_init_freeable+0x40c/0x60f [ 51.418260][ T3542] kernel_init+0x19/0x290 [ 51.424223][ T3542] ret_from_fork+0x1f/0x30 [ 51.430274][ T3542] INITIAL USE at: [ 51.434156][ T3542] lock_acquire+0x1f8/0x5a0 [ 51.440217][ T3542] _raw_spin_lock_irqsave+0xd1/0x120 [ 51.447048][ T3542] rcutree_prepare_cpu+0x6d/0x520 [ 51.453620][ T3542] rcu_init+0xb4/0x200 [ 51.459238][ T3542] start_kernel+0x20d/0x53f [ 51.465307][ T3542] secondary_startup_64_no_verify+0xcf/0xdb [ 51.472749][ T3542] } [ 51.475226][ T3542] ... key at: [] rcu_init_one.rcu_node_class+0x0/0x20 [ 51.484142][ T3542] [ 51.484142][ T3542] the dependencies between the lock to be acquired [ 51.484149][ T3542] and HARDIRQ-irq-unsafe lock: [ 51.497639][ T3542] -> (&htab->buckets[i].lock){+...}-{2:2} { [ 51.503526][ T3542] HARDIRQ-ON-W at: [ 51.507486][ T3542] lock_acquire+0x1f8/0x5a0 [ 51.513624][ T3542] _raw_spin_lock_bh+0x31/0x40 [ 51.520019][ T3542] sock_hash_delete_elem+0xac/0x2f0 [ 51.526854][ T3542] bpf_prog_43221478a22f23b5+0x3a/0x3e [ 51.533951][ T3542] bpf_trace_run2+0x1fd/0x410 [ 51.540262][ T3542] trace_contention_end+0x12f/0x170 [ 51.547114][ T3542] __mutex_lock+0x2ed/0xd80 [ 51.553254][ T3542] do_epoll_wait+0x814/0x1e60 [ 51.559578][ T3542] __x64_sys_epoll_wait+0x253/0x2a0 [ 51.566437][ T3542] do_syscall_64+0x3d/0xb0 [ 51.572512][ T3542] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.580047][ T3542] INITIAL USE at: [ 51.583930][ T3542] lock_acquire+0x1f8/0x5a0 [ 51.589987][ T3542] _raw_spin_lock_bh+0x31/0x40 [ 51.596297][ T3542] sock_hash_delete_elem+0xac/0x2f0 [ 51.603043][ T3542] bpf_prog_43221478a22f23b5+0x3a/0x3e [ 51.610048][ T3542] bpf_trace_run2+0x1fd/0x410 [ 51.616269][ T3542] trace_contention_end+0x12f/0x170 [ 51.623103][ T3542] __mutex_lock+0x2ed/0xd80 [ 51.629419][ T3542] do_epoll_wait+0x814/0x1e60 [ 51.635648][ T3542] __x64_sys_epoll_wait+0x253/0x2a0 [ 51.642404][ T3542] do_syscall_64+0x3d/0xb0 [ 51.648374][ T3542] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.655814][ T3542] } [ 51.658307][ T3542] ... key at: [] sock_hash_alloc.__key+0x0/0x20 [ 51.666629][ T3542] ... acquired at: [ 51.670410][ T3542] lock_acquire+0x1f8/0x5a0 [ 51.675100][ T3542] _raw_spin_lock_bh+0x31/0x40 [ 51.680028][ T3542] sock_hash_delete_elem+0xac/0x2f0 [ 51.685389][ T3542] bpf_prog_43221478a22f23b5+0x3a/0x3e [ 51.691002][ T3542] bpf_trace_run2+0x1fd/0x410 [ 51.695846][ T3542] trace_contention_end+0x14c/0x190 [ 51.701206][ T3542] __pv_queued_spin_lock_slowpath+0x935/0xc50 [ 51.707442][ T3542] queued_spin_lock_slowpath+0x42/0x50 [ 51.713067][ T3542] do_raw_spin_lock+0x269/0x370 [ 51.718084][ T3542] rcu_note_context_switch+0x2a5/0xf10 [ 51.723699][ T3542] __schedule+0x32e/0x4550 [ 51.728274][ T3542] preempt_schedule_common+0x83/0xd0 [ 51.733716][ T3542] preempt_schedule+0xd9/0xe0 [ 51.738551][ T3542] preempt_schedule_thunk+0x16/0x18 [ 51.743911][ T3542] _raw_spin_unlock+0x36/0x40 [ 51.748757][ T3542] filemap_map_pages+0xffa/0x12c0 [ 51.753932][ T3542] handle_mm_fault+0x33e2/0x5340 [ 51.759025][ T3542] exc_page_fault+0x26f/0x660 [ 51.763858][ T3542] asm_exc_page_fault+0x22/0x30 [ 51.768870][ T3542] [ 51.771176][ T3542] [ 51.771176][ T3542] stack backtrace: [ 51.777050][ T3542] CPU: 0 PID: 3542 Comm: syz-executor277 Not tainted 6.1.82-syzkaller #0 [ 51.785450][ T3542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 51.795591][ T3542] Call Trace: [ 51.798859][ T3542] [ 51.801780][ T3542] dump_stack_lvl+0x1e3/0x2cb [ 51.806448][ T3542] ? nf_tcp_handle_invalid+0x642/0x642 [ 51.812003][ T3542] ? panic+0x75d/0x75d [ 51.816060][ T3542] ? print_shortest_lock_dependencies+0xee/0x150 [ 51.822374][ T3542] validate_chain+0x4d16/0x5950 [ 51.827217][ T3542] ? reacquire_held_locks+0x660/0x660 [ 51.832578][ T3542] ? check_path+0x40/0x40 [ 51.836899][ T3542] ? mark_lock+0x9a/0x340 [ 51.841440][ T3542] __lock_acquire+0x125b/0x1f80 [ 51.846470][ T3542] lock_acquire+0x1f8/0x5a0 [ 51.850963][ T3542] ? sock_hash_delete_elem+0xac/0x2f0 [ 51.856365][ T3542] ? lockdep_softirqs_on+0x590/0x590 [ 51.861655][ T3542] ? read_lock_is_recursive+0x10/0x10 [ 51.867017][ T3542] ? sock_hash_delete_elem+0xac/0x2f0 [ 51.872497][ T3542] ? __bpf_trace_softirq+0x10/0x10 [ 51.877610][ T3542] ? read_lock_is_recursive+0x10/0x10 [ 51.882965][ T3542] ? is_bpf_text_address+0x22/0x2a0 [ 51.888160][ T3542] ? is_bpf_text_address+0x22/0x2a0 [ 51.893376][ T3542] ? stack_trace_save+0x1c0/0x1c0 [ 51.898397][ T3542] ? sock_hash_delete_elem+0xac/0x2f0 [ 51.903757][ T3542] _raw_spin_lock_bh+0x31/0x40 [ 51.908507][ T3542] ? sock_hash_delete_elem+0xac/0x2f0 [ 51.913880][ T3542] sock_hash_delete_elem+0xac/0x2f0 [ 51.919066][ T3542] bpf_prog_43221478a22f23b5+0x3a/0x3e [ 51.924506][ T3542] bpf_trace_run2+0x1fd/0x410 [ 51.929164][ T3542] ? bpf_trace_run2+0x110/0x410 [ 51.934100][ T3542] ? bpf_trace_run1+0x3d0/0x3d0 [ 51.938938][ T3542] trace_contention_end+0x14c/0x190 [ 51.944133][ T3542] __pv_queued_spin_lock_slowpath+0x935/0xc50 [ 51.950185][ T3542] ? __pv_queued_spin_unlock_slowpath+0x2e0/0x2e0 [ 51.956589][ T3542] queued_spin_lock_slowpath+0x42/0x50 [ 51.962034][ T3542] do_raw_spin_lock+0x269/0x370 [ 51.966868][ T3542] ? __rwlock_init+0x140/0x140 [ 51.971637][ T3542] rcu_note_context_switch+0x2a5/0xf10 [ 51.977084][ T3542] ? mark_lock+0x9a/0x340 [ 51.981399][ T3542] ? __lock_acquire+0x125b/0x1f80 [ 51.986408][ T3542] ? cond_synchronize_rcu_expedited_full+0x90/0x90 [ 51.992894][ T3542] ? __schedule+0x320/0x4550 [ 51.997470][ T3542] ? lockdep_hardirqs_off+0x70/0x100 [ 52.002738][ T3542] __schedule+0x32e/0x4550 [ 52.007253][ T3542] ? __sched_text_start+0x8/0x8 [ 52.012092][ T3542] ? preempt_schedule+0xd9/0xe0 [ 52.016928][ T3542] preempt_schedule_common+0x83/0xd0 [ 52.022215][ T3542] preempt_schedule+0xd9/0xe0 [ 52.026894][ T3542] ? schedule_preempt_disabled+0x20/0x20 [ 52.032527][ T3542] ? do_set_pte+0x584/0x590 [ 52.037035][ T3542] preempt_schedule_thunk+0x16/0x18 [ 52.042253][ T3542] _raw_spin_unlock+0x36/0x40 [ 52.046931][ T3542] filemap_map_pages+0xffa/0x12c0 [ 52.052045][ T3542] ? filemap_map_pages+0x277/0x12c0 [ 52.057420][ T3542] ? filemap_read_folio+0x780/0x780 [ 52.062602][ T3542] ? count_memcg_event_mm+0x90/0x410 [ 52.067875][ T3542] ? mtree_range_walk+0x673/0x7c0 [ 52.072901][ T3542] handle_mm_fault+0x33e2/0x5340 [ 52.077826][ T3542] ? mt_find+0x29a/0xc60 [ 52.082054][ T3542] ? mt_find+0x29a/0xc60 [ 52.086310][ T3542] ? numa_migrate_prep+0x250/0x250 [ 52.091411][ T3542] ? lock_mm_and_find_vma+0xae/0x2e0 [ 52.096679][ T3542] exc_page_fault+0x26f/0x660 [ 52.101340][ T3542] asm_exc_page_fault+0x22/0x30 [ 52.106180][ T3542] RIP: 0033:0x7f92a849fdb8 [ 52.110662][ T3542] Code: e8 9d 7d f9 ff 48 85 db 75 f0 48 8b 3d 49 73 03 00 48 83 c5 08 48 81 fd f8 07 00 00 75 cc 48 83 c4 08 5b 5d e9 79 7d f9 ff c3 <48> 83 ec 08 48 83 c4 08 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.130350][ T3542] RSP: 002b:00007ffe7f2fd5b8 EFLAGS: 00010202 [ 52.136424][ T3542] RAX: 00007f92a84cfaf8 RBX: 0000000000000000 RCX: 0000000000000004 [ 52.144382][ T3542] RDX: 00007f92a84d1da0 RSI: 0000000000000000 RDI: 00007f92a84cfaf8 [ 52.152354][ T3542] RBP: 00007f92a84ce138 R08: 000055555706e610 R09: 000055555706e610 [ 52.160506][ T3542] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92a84d1d88 [ 52.168468][ T3542] R13: 0000000000000000 R14: 00007f92a84d1da0 R15: 00007f92a84224c0 [ 52.176448][ T3542]