Warning: Permanently added '10.128.0.190' (ED25519) to the list of known hosts. executing program executing program executing program [ 51.403209][ T3325] [ 51.405776][ T3325] ===================================================== [ 51.412706][ T3325] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 51.420258][ T3325] 6.1.83-syzkaller #0 Not tainted [ 51.425377][ T3325] ----------------------------------------------------- [ 51.432425][ T3325] kworker/1:3/3325 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire: [ 51.440313][ T3325] ffff8880795d6020 (&htab->buckets[i].lock){+...}-{2:2}, at: sock_hash_delete_elem+0xac/0x2f0 [ 51.451058][ T3325] [ 51.451058][ T3325] and this task is already holding: [ 51.458827][ T3325] ffff8880b9928358 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x120/0x260 [ 51.467960][ T3325] which would create a new lock dependency: [ 51.474644][ T3325] (&base->lock){-.-.}-{2:2} -> (&htab->buckets[i].lock){+...}-{2:2} [ 51.483437][ T3325] [ 51.483437][ T3325] but this new dependency connects a HARDIRQ-irq-safe lock: [ 51.493138][ T3325] (&base->lock){-.-.}-{2:2} [ 51.493158][ T3325] [ 51.493158][ T3325] ... which became HARDIRQ-irq-safe at: [ 51.505788][ T3325] lock_acquire+0x1f8/0x5a0 [ 51.510520][ T3325] _raw_spin_lock_irqsave+0xd1/0x120 [ 51.516104][ T3325] lock_timer_base+0x120/0x260 [ 51.521701][ T3325] add_timer_on+0x1eb/0x580 [ 51.526281][ T3325] handle_irq_event+0xa9/0x1e0 [ 51.531301][ T3325] handle_level_irq+0x3ab/0x6c0 [ 51.536403][ T3325] __common_interrupt+0xd7/0x1f0 [ 51.541420][ T3325] common_interrupt+0x9f/0xc0 [ 51.546178][ T3325] asm_common_interrupt+0x22/0x40 [ 51.551398][ T3325] _raw_spin_unlock_irqrestore+0xd4/0x130 [ 51.557219][ T3325] __setup_irq+0x12fa/0x1d80 [ 51.561924][ T3325] request_threaded_irq+0x2a7/0x380 [ 51.567225][ T3325] setup_default_timer_irq+0x1f/0x30 [ 51.572710][ T3325] x86_late_time_init+0x51/0x86 [ 51.577857][ T3325] start_kernel+0x414/0x53f [ 51.582461][ T3325] secondary_startup_64_no_verify+0xcf/0xdb [ 51.588441][ T3325] [ 51.588441][ T3325] to a HARDIRQ-irq-unsafe lock: [ 51.595454][ T3325] (&htab->buckets[i].lock){+...}-{2:2} [ 51.595477][ T3325] [ 51.595477][ T3325] ... which became HARDIRQ-irq-unsafe at: [ 51.608953][ T3325] ... [ 51.608959][ T3325] lock_acquire+0x1f8/0x5a0 [ 51.616196][ T3325] _raw_spin_lock_bh+0x31/0x40 [ 51.621046][ T3325] sock_hash_free+0x160/0x820 [ 51.625895][ T3325] process_one_work+0x8a9/0x11d0 [ 51.630908][ T3325] worker_thread+0xa47/0x1200 [ 51.635660][ T3325] kthread+0x28d/0x320 [ 51.639809][ T3325] ret_from_fork+0x1f/0x30 [ 51.644302][ T3325] [ 51.644302][ T3325] other info that might help us debug this: [ 51.644302][ T3325] [ 51.654516][ T3325] Possible interrupt unsafe locking scenario: [ 51.654516][ T3325] [ 51.663168][ T3325] CPU0 CPU1 [ 51.668617][ T3325] ---- ---- [ 51.674075][ T3325] lock(&htab->buckets[i].lock); [ 51.679296][ T3325] local_irq_disable(); [ 51.686343][ T3325] lock(&base->lock); [ 51.693020][ T3325] lock(&htab->buckets[i].lock); [ 51.700644][ T3325] [ 51.704259][ T3325] lock(&base->lock); [ 51.708573][ T3325] [ 51.708573][ T3325] *** DEADLOCK *** [ 51.708573][ T3325] [ 51.716961][ T3325] 4 locks held by kworker/1:3/3325: [ 51.722575][ T3325] #0: ffff888012472138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 51.733101][ T3325] #1: ffffc9000381fd20 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 51.744735][ T3325] #2: ffff8880b9928358 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x120/0x260 [ 51.755021][ T3325] #3: ffffffff8d12a940 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run3+0x146/0x440 [ 51.764428][ T3325] [ 51.764428][ T3325] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 51.775001][ T3325] -> (&base->lock){-.-.}-{2:2} { [ 51.780035][ T3325] IN-HARDIRQ-W at: [ 51.784120][ T3325] lock_acquire+0x1f8/0x5a0 [ 51.790356][ T3325] _raw_spin_lock_irqsave+0xd1/0x120 [ 51.797456][ T3325] lock_timer_base+0x120/0x260 [ 51.803946][ T3325] add_timer_on+0x1eb/0x580 [ 51.810095][ T3325] handle_irq_event+0xa9/0x1e0 [ 51.816761][ T3325] handle_level_irq+0x3ab/0x6c0 [ 51.823291][ T3325] __common_interrupt+0xd7/0x1f0 [ 51.829917][ T3325] common_interrupt+0x9f/0xc0 [ 51.836657][ T3325] asm_common_interrupt+0x22/0x40 [ 51.843450][ T3325] _raw_spin_unlock_irqrestore+0xd4/0x130 [ 51.851003][ T3325] __setup_irq+0x12fa/0x1d80 [ 51.857327][ T3325] request_threaded_irq+0x2a7/0x380 [ 51.864347][ T3325] setup_default_timer_irq+0x1f/0x30 [ 51.871355][ T3325] x86_late_time_init+0x51/0x86 [ 51.877892][ T3325] start_kernel+0x414/0x53f [ 51.884232][ T3325] secondary_startup_64_no_verify+0xcf/0xdb [ 51.891780][ T3325] IN-SOFTIRQ-W at: [ 51.895870][ T3325] lock_acquire+0x1f8/0x5a0 [ 51.902016][ T3325] _raw_spin_lock_irq+0xcf/0x110 [ 51.908778][ T3325] __run_timers+0x111/0x890 [ 51.915010][ T3325] run_timer_softirq+0x63/0xf0 [ 51.921596][ T3325] __do_softirq+0x2e9/0xa4c [ 51.928011][ T3325] __irq_exit_rcu+0x155/0x240 [ 51.934427][ T3325] irq_exit_rcu+0x5/0x20 [ 51.940609][ T3325] common_interrupt+0xa4/0xc0 [ 51.947097][ T3325] asm_common_interrupt+0x22/0x40 [ 51.953998][ T3325] calibrate_delay+0xef/0x16a0 [ 51.960434][ T3325] start_kernel+0x41e/0x53f [ 51.966684][ T3325] secondary_startup_64_no_verify+0xcf/0xdb [ 51.974328][ T3325] INITIAL USE at: [ 51.978386][ T3325] lock_acquire+0x1f8/0x5a0 [ 51.984445][ T3325] _raw_spin_lock_irqsave+0xd1/0x120 [ 51.991285][ T3325] lock_timer_base+0x120/0x260 [ 51.997632][ T3325] add_timer_on+0x1eb/0x580 [ 52.003712][ T3325] handle_irq_event+0xa9/0x1e0 [ 52.010041][ T3325] handle_level_irq+0x3ab/0x6c0 [ 52.016797][ T3325] __common_interrupt+0xd7/0x1f0 [ 52.023292][ T3325] common_interrupt+0x9f/0xc0 [ 52.029551][ T3325] asm_common_interrupt+0x22/0x40 [ 52.036219][ T3325] _raw_spin_unlock_irqrestore+0xd4/0x130 [ 52.043601][ T3325] __setup_irq+0x12fa/0x1d80 [ 52.049864][ T3325] request_threaded_irq+0x2a7/0x380 [ 52.056737][ T3325] setup_default_timer_irq+0x1f/0x30 [ 52.063707][ T3325] x86_late_time_init+0x51/0x86 [ 52.070163][ T3325] start_kernel+0x414/0x53f [ 52.076323][ T3325] secondary_startup_64_no_verify+0xcf/0xdb [ 52.083865][ T3325] } [ 52.086388][ T3325] ... key at: [] init_timer_cpu.__key+0x0/0x20 [ 52.094816][ T3325] [ 52.094816][ T3325] the dependencies between the lock to be acquired [ 52.094824][ T3325] and HARDIRQ-irq-unsafe lock: [ 52.108352][ T3325] -> (&htab->buckets[i].lock){+...}-{2:2} { [ 52.114389][ T3325] HARDIRQ-ON-W at: [ 52.118457][ T3325] lock_acquire+0x1f8/0x5a0 [ 52.124890][ T3325] _raw_spin_lock_bh+0x31/0x40 [ 52.131303][ T3325] sock_hash_free+0x160/0x820 [ 52.137627][ T3325] process_one_work+0x8a9/0x11d0 [ 52.144210][ T3325] worker_thread+0xa47/0x1200 [ 52.150736][ T3325] kthread+0x28d/0x320 [ 52.156973][ T3325] ret_from_fork+0x1f/0x30 [ 52.163517][ T3325] INITIAL USE at: [ 52.167582][ T3325] lock_acquire+0x1f8/0x5a0 [ 52.173940][ T3325] _raw_spin_lock_bh+0x31/0x40 [ 52.180994][ T3325] sock_hash_free+0x160/0x820 [ 52.187449][ T3325] process_one_work+0x8a9/0x11d0 [ 52.194855][ T3325] worker_thread+0xa47/0x1200 [ 52.201273][ T3325] kthread+0x28d/0x320 [ 52.206913][ T3325] ret_from_fork+0x1f/0x30 [ 52.212972][ T3325] } [ 52.215495][ T3325] ... key at: [] sock_hash_alloc.__key+0x0/0x20 [ 52.223930][ T3325] ... acquired at: [ 52.228702][ T3325] lock_acquire+0x1f8/0x5a0 [ 52.233396][ T3325] _raw_spin_lock_bh+0x31/0x40 [ 52.238417][ T3325] sock_hash_delete_elem+0xac/0x2f0 [ 52.244046][ T3325] bpf_prog_2c29ac5cdc6b1842+0x3a/0x3e [ 52.249674][ T3325] bpf_trace_run3+0x231/0x440 [ 52.254543][ T3325] enqueue_timer+0x440/0x600 [ 52.259654][ T3325] __mod_timer+0x92b/0xee0 [ 52.264318][ T3325] schedule_timeout+0x1b4/0x300 [ 52.269424][ T3325] rcu_exp_sel_wait_wake+0x764/0x1d50 [ 52.275050][ T3325] process_one_work+0x8a9/0x11d0 [ 52.280238][ T3325] worker_thread+0xa47/0x1200 [ 52.285269][ T3325] kthread+0x28d/0x320 [ 52.289508][ T3325] ret_from_fork+0x1f/0x30 [ 52.294094][ T3325] [ 52.296403][ T3325] [ 52.296403][ T3325] stack backtrace: [ 52.302378][ T3325] CPU: 1 PID: 3325 Comm: kworker/1:3 Not tainted 6.1.83-syzkaller #0 [ 52.310783][ T3325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 52.321097][ T3325] Workqueue: rcu_gp wait_rcu_exp_gp [ 52.326380][ T3325] Call Trace: [ 52.329650][ T3325] [ 52.332573][ T3325] dump_stack_lvl+0x1e3/0x2cb [ 52.337273][ T3325] ? nf_tcp_handle_invalid+0x642/0x642 [ 52.342812][ T3325] ? panic+0x75d/0x75d [ 52.346904][ T3325] ? print_shortest_lock_dependencies+0xee/0x150 [ 52.353533][ T3325] validate_chain+0x4d16/0x5950 [ 52.358753][ T3325] ? reacquire_held_locks+0x660/0x660 [ 52.364131][ T3325] ? reacquire_held_locks+0x660/0x660 [ 52.369949][ T3325] ? reacquire_held_locks+0x660/0x660 [ 52.375529][ T3325] ? register_lock_class+0x100/0x990 [ 52.380846][ T3325] ? validate_chain+0x112/0x5950 [ 52.385842][ T3325] ? is_dynamic_key+0x260/0x260 [ 52.390863][ T3325] ? mark_lock+0x9a/0x340 [ 52.395575][ T3325] __lock_acquire+0x125b/0x1f80 [ 52.400607][ T3325] lock_acquire+0x1f8/0x5a0 [ 52.405126][ T3325] ? sock_hash_delete_elem+0xac/0x2f0 [ 52.410665][ T3325] ? lockdep_softirqs_on+0x590/0x590 [ 52.416462][ T3325] ? read_lock_is_recursive+0x10/0x10 [ 52.421831][ T3325] ? sock_hash_delete_elem+0xac/0x2f0 [ 52.427331][ T3325] ? __bpf_trace_softirq+0x10/0x10 [ 52.432510][ T3325] ? read_lock_is_recursive+0x10/0x10 [ 52.438086][ T3325] ? sock_hash_delete_elem+0xac/0x2f0 [ 52.443544][ T3325] _raw_spin_lock_bh+0x31/0x40 [ 52.448331][ T3325] ? sock_hash_delete_elem+0xac/0x2f0 [ 52.453744][ T3325] sock_hash_delete_elem+0xac/0x2f0 [ 52.459073][ T3325] bpf_prog_2c29ac5cdc6b1842+0x3a/0x3e [ 52.464638][ T3325] bpf_trace_run3+0x231/0x440 [ 52.469321][ T3325] ? bpf_trace_run3+0x146/0x440 [ 52.474186][ T3325] ? bpf_trace_run2+0x410/0x410 [ 52.479064][ T3325] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 52.485068][ T3325] ? _raw_spin_lock_irqsave+0xdd/0x120 [ 52.490530][ T3325] ? _raw_spin_lock+0x40/0x40 [ 52.495381][ T3325] enqueue_timer+0x440/0x600 [ 52.499969][ T3325] __mod_timer+0x92b/0xee0 [ 52.504378][ T3325] ? mod_timer_pending+0x20/0x20 [ 52.510071][ T3325] ? lockdep_softirqs_off+0x420/0x420 [ 52.515466][ T3325] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 52.521741][ T3325] ? _raw_spin_unlock+0x40/0x40 [ 52.526653][ T3325] schedule_timeout+0x1b4/0x300 [ 52.531671][ T3325] ? console_conditional_schedule+0x40/0x40 [ 52.537679][ T3325] ? update_process_times+0x1b0/0x1b0 [ 52.543576][ T3325] rcu_exp_sel_wait_wake+0x764/0x1d50 [ 52.549030][ T3325] ? read_lock_is_recursive+0x10/0x10 [ 52.554600][ T3325] ? rcu_check_gp_start_stall+0x450/0x450 [ 52.560395][ T3325] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 52.566375][ T3325] ? do_raw_spin_unlock+0x137/0x8a0 [ 52.572029][ T3325] ? process_one_work+0x7a9/0x11d0 [ 52.577257][ T3325] process_one_work+0x8a9/0x11d0 [ 52.582773][ T3325] ? worker_detach_from_pool+0x260/0x260 [ 52.588420][ T3325] ? _raw_spin_lock_irqsave+0x120/0x120 [ 52.594223][ T3325] ? kthread_data+0x4e/0xc0 [ 52.598935][ T3325] ? wq_worker_running+0x97/0x190 [ 52.603978][ T3325] worker_thread+0xa47/0x1200 [ 52.608826][ T3325] ? _raw_spin_unlock+0x40/0x40 [ 52.613769][ T3325] ? __sched_text_start+0x8/0x8 [ 52.618963][ T3325] ? _raw_spin_unlock+0x40/0x40 [ 52.623895][ T3325] kthread+0x28d/0x320 [ 52.627958][ T3325] ? worker_clr_flags+0x190/0x190 [ 52.633211][ T3325] ? kthread_blkcg+0xd0/0xd0 [ 52.638058][ T3325] ret_from_fork+0x1f/0x30 [ 52.642659][ T3325]