Warning: Permanently added '10.128.0.170' (ED25519) to the list of known hosts. executing program executing program executing program [ 56.713235][ T5060] [ 56.715595][ T5060] ===================================================== [ 56.722510][ T5060] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 56.729946][ T5060] 6.8.0-syzkaller-05221-gea80e3ed09ab #0 Not tainted [ 56.736601][ T5060] ----------------------------------------------------- [ 56.743513][ T5060] syz-executor294/5060 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire: [ 56.751564][ T5060] ffff88802abb60f8 (&htab->buckets[i].lock){+...}-{2:2}, at: sock_hash_delete_elem+0xb0/0x300 [ 56.762190][ T5060] [ 56.762190][ T5060] and this task is already holding: [ 56.769539][ T5060] ffff8880b952c8d8 (hrtimer_bases.lock){-.-.}-{2:2}, at: hrtimer_start_range_ns+0xdf/0xc60 [ 56.779528][ T5060] which would create a new lock dependency: [ 56.785571][ T5060] (hrtimer_bases.lock){-.-.}-{2:2} -> (&htab->buckets[i].lock){+...}-{2:2} [ 56.794258][ T5060] [ 56.794258][ T5060] but this new dependency connects a HARDIRQ-irq-safe lock: [ 56.803688][ T5060] (hrtimer_bases.lock){-.-.}-{2:2} [ 56.803708][ T5060] [ 56.803708][ T5060] ... which became HARDIRQ-irq-safe at: [ 56.816568][ T5060] lock_acquire+0x1e4/0x530 [ 56.821144][ T5060] _raw_spin_lock_irqsave+0xd5/0x120 [ 56.826507][ T5060] hrtimer_run_queues+0x18e/0x460 [ 56.831603][ T5060] update_process_times+0x80/0x230 [ 56.836784][ T5060] tick_periodic+0x190/0x220 [ 56.841443][ T5060] tick_handle_periodic+0x4a/0x160 [ 56.846622][ T5060] timer_interrupt+0x5c/0x70 [ 56.851287][ T5060] __handle_irq_event_percpu+0x28c/0xa30 [ 56.856990][ T5060] handle_irq_event+0x89/0x1f0 [ 56.861831][ T5060] handle_edge_irq+0x25f/0xc20 [ 56.866664][ T5060] __common_interrupt+0x13a/0x230 [ 56.871761][ T5060] common_interrupt+0xa5/0xd0 [ 56.876603][ T5060] asm_common_interrupt+0x26/0x40 [ 56.881701][ T5060] mcheck_cpu_init+0x176/0x1200 [ 56.886634][ T5060] identify_cpu+0x1939/0x3280 [ 56.891469][ T5060] identify_boot_cpu+0xd/0xe0 [ 56.896569][ T5060] arch_cpu_finalize_init+0x9/0xa0 [ 56.901754][ T5060] start_kernel+0x402/0x500 [ 56.906325][ T5060] x86_64_start_reservations+0x2a/0x30 [ 56.911854][ T5060] x86_64_start_kernel+0x99/0xa0 [ 56.916875][ T5060] common_startup_64+0x13e/0x147 [ 56.921886][ T5060] [ 56.921886][ T5060] to a HARDIRQ-irq-unsafe lock: [ 56.928884][ T5060] (&htab->buckets[i].lock){+...}-{2:2} [ 56.928905][ T5060] [ 56.928905][ T5060] ... which became HARDIRQ-irq-unsafe at: [ 56.942297][ T5060] ... [ 56.942303][ T5060] lock_acquire+0x1e4/0x530 [ 56.949437][ T5060] _raw_spin_lock_bh+0x35/0x50 [ 56.954269][ T5060] sock_hash_free+0x164/0x820 [ 56.959017][ T5060] bpf_map_free_deferred+0xe6/0x110 [ 56.964286][ T5060] process_scheduled_works+0xa00/0x1770 [ 56.969990][ T5060] worker_thread+0x86d/0xd70 [ 56.974651][ T5060] kthread+0x2f0/0x390 [ 56.978791][ T5060] ret_from_fork+0x4b/0x80 [ 56.983299][ T5060] ret_from_fork_asm+0x1a/0x30 [ 56.988157][ T5060] [ 56.988157][ T5060] other info that might help us debug this: [ 56.988157][ T5060] [ 56.998387][ T5060] Possible interrupt unsafe locking scenario: [ 56.998387][ T5060] [ 57.006693][ T5060] CPU0 CPU1 [ 57.012040][ T5060] ---- ---- [ 57.017387][ T5060] lock(&htab->buckets[i].lock); [ 57.022399][ T5060] local_irq_disable(); [ 57.029224][ T5060] lock(hrtimer_bases.lock); [ 57.036407][ T5060] lock(&htab->buckets[i].lock); [ 57.043938][ T5060] [ 57.047374][ T5060] lock(hrtimer_bases.lock); [ 57.052208][ T5060] [ 57.052208][ T5060] *** DEADLOCK *** [ 57.052208][ T5060] [ 57.061029][ T5060] 2 locks held by syz-executor294/5060: [ 57.066555][ T5060] #0: ffff8880b952c8d8 (hrtimer_bases.lock){-.-.}-{2:2}, at: hrtimer_start_range_ns+0xdf/0xc60 [ 57.076986][ T5060] #1: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x114/0x420 [ 57.086456][ T5060] [ 57.086456][ T5060] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 57.096838][ T5060] -> (hrtimer_bases.lock){-.-.}-{2:2} { [ 57.102390][ T5060] IN-HARDIRQ-W at: [ 57.106443][ T5060] lock_acquire+0x1e4/0x530 [ 57.112927][ T5060] _raw_spin_lock_irqsave+0xd5/0x120 [ 57.119850][ T5060] hrtimer_run_queues+0x18e/0x460 [ 57.126536][ T5060] update_process_times+0x80/0x230 [ 57.133297][ T5060] tick_periodic+0x190/0x220 [ 57.139701][ T5060] tick_handle_periodic+0x4a/0x160 [ 57.146462][ T5060] timer_interrupt+0x5c/0x70 [ 57.152694][ T5060] __handle_irq_event_percpu+0x28c/0xa30 [ 57.159968][ T5060] handle_irq_event+0x89/0x1f0 [ 57.166371][ T5060] handle_edge_irq+0x25f/0xc20 [ 57.172782][ T5060] __common_interrupt+0x13a/0x230 [ 57.179456][ T5060] common_interrupt+0xa5/0xd0 [ 57.185866][ T5060] asm_common_interrupt+0x26/0x40 [ 57.192539][ T5060] mcheck_cpu_init+0x176/0x1200 [ 57.199034][ T5060] identify_cpu+0x1939/0x3280 [ 57.205350][ T5060] identify_boot_cpu+0xd/0xe0 [ 57.211666][ T5060] arch_cpu_finalize_init+0x9/0xa0 [ 57.218412][ T5060] start_kernel+0x402/0x500 [ 57.224548][ T5060] x86_64_start_reservations+0x2a/0x30 [ 57.231642][ T5060] x86_64_start_kernel+0x99/0xa0 [ 57.238215][ T5060] common_startup_64+0x13e/0x147 [ 57.244874][ T5060] IN-SOFTIRQ-W at: [ 57.248843][ T5060] lock_acquire+0x1e4/0x530 [ 57.255065][ T5060] _raw_spin_lock_irqsave+0xd5/0x120 [ 57.261983][ T5060] hrtimer_interrupt+0xfb/0x990 [ 57.268467][ T5060] __sysvec_apic_timer_interrupt+0x107/0x3a0 [ 57.276086][ T5060] sysvec_apic_timer_interrupt+0x52/0xc0 [ 57.283353][ T5060] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 57.290969][ T5060] __sanitizer_cov_trace_switch+0x90/0x120 [ 57.298413][ T5060] unwind_next_frame+0x7be/0x2a00 [ 57.305077][ T5060] arch_stack_walk+0x151/0x1b0 [ 57.311488][ T5060] stack_trace_save+0x118/0x1d0 [ 57.317977][ T5060] kasan_save_track+0x3f/0x80 [ 57.324300][ T5060] kasan_save_free_info+0x40/0x50 [ 57.330969][ T5060] poison_slab_object+0xa6/0xe0 [ 57.337455][ T5060] __kasan_slab_free+0x37/0x60 [ 57.343950][ T5060] kfree+0x14a/0x380 [ 57.349743][ T5060] security_cred_free+0xbc/0x100 [ 57.356312][ T5060] put_cred_rcu+0x69/0x2e0 [ 57.362366][ T5060] rcu_core+0xafd/0x1830 [ 57.368240][ T5060] __do_softirq+0x2bc/0x943 [ 57.374377][ T5060] __irq_exit_rcu+0xf2/0x1c0 [ 57.380599][ T5060] irq_exit_rcu+0x9/0x30 [ 57.386480][ T5060] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 57.393749][ T5060] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 57.401371][ T5060] unwind_next_frame+0x56/0x2a00 [ 57.407947][ T5060] arch_stack_walk+0x151/0x1b0 [ 57.414605][ T5060] stack_trace_save+0x118/0x1d0 [ 57.421095][ T5060] kasan_save_track+0x3f/0x80 [ 57.427409][ T5060] __kasan_slab_alloc+0x66/0x80 [ 57.433898][ T5060] kmem_cache_alloc_node+0x192/0x380 [ 57.440832][ T5060] scsi_mq_init_request+0x5a/0x2b0 [ 57.447706][ T5060] blk_mq_alloc_map_and_rqs+0x697/0x970 [ 57.454893][ T5060] blk_mq_alloc_set_map_and_rqs+0x19c/0x830 [ 57.462424][ T5060] blk_mq_alloc_tag_set+0x7b4/0xf40 [ 57.469254][ T5060] scsi_add_host_with_dma+0x2a6/0xbe0 [ 57.476267][ T5060] virtscsi_probe+0x8a9/0xf60 [ 57.482583][ T5060] virtio_dev_probe+0x991/0xaf0 [ 57.489068][ T5060] really_probe+0x29e/0xc50 [ 57.495221][ T5060] __driver_probe_device+0x1a2/0x3e0 [ 57.502143][ T5060] driver_probe_device+0x50/0x430 [ 57.508835][ T5060] __driver_attach+0x45f/0x710 [ 57.515238][ T5060] bus_for_each_dev+0x239/0x2b0 [ 57.521725][ T5060] bus_add_driver+0x347/0x620 [ 57.528036][ T5060] driver_register+0x23a/0x320 [ 57.534433][ T5060] virtio_scsi_init+0x65/0xe0 [ 57.540746][ T5060] do_one_initcall+0x238/0x830 [ 57.547149][ T5060] do_initcall_level+0x157/0x210 [ 57.553727][ T5060] do_initcalls+0x3f/0x80 [ 57.559693][ T5060] kernel_init_freeable+0x435/0x5d0 [ 57.566526][ T5060] kernel_init+0x1d/0x2a0 [ 57.572495][ T5060] ret_from_fork+0x4b/0x80 [ 57.578549][ T5060] ret_from_fork_asm+0x1a/0x30 [ 57.584957][ T5060] INITIAL USE at: [ 57.588854][ T5060] lock_acquire+0x1e4/0x530 [ 57.594911][ T5060] _raw_spin_lock_irqsave+0xd5/0x120 [ 57.601768][ T5060] hrtimer_run_queues+0x18e/0x460 [ 57.608437][ T5060] update_process_times+0x80/0x230 [ 57.615102][ T5060] tick_periodic+0x190/0x220 [ 57.621246][ T5060] tick_handle_periodic+0x4a/0x160 [ 57.627906][ T5060] timer_interrupt+0x5c/0x70 [ 57.634048][ T5060] __handle_irq_event_percpu+0x28c/0xa30 [ 57.641230][ T5060] handle_irq_event+0x89/0x1f0 [ 57.647541][ T5060] handle_edge_irq+0x25f/0xc20 [ 57.653852][ T5060] __common_interrupt+0x13a/0x230 [ 57.660546][ T5060] common_interrupt+0xa5/0xd0 [ 57.666781][ T5060] asm_common_interrupt+0x26/0x40 [ 57.673369][ T5060] mcheck_cpu_init+0x176/0x1200 [ 57.679773][ T5060] identify_cpu+0x1939/0x3280 [ 57.686007][ T5060] identify_boot_cpu+0xd/0xe0 [ 57.692236][ T5060] arch_cpu_finalize_init+0x9/0xa0 [ 57.698918][ T5060] start_kernel+0x402/0x500 [ 57.704969][ T5060] x86_64_start_reservations+0x2a/0x30 [ 57.711989][ T5060] x86_64_start_kernel+0x99/0xa0 [ 57.718574][ T5060] common_startup_64+0x13e/0x147 [ 57.725065][ T5060] } [ 57.727551][ T5060] ... key at: [] 0xffff8880b942c8d8 [ 57.734820][ T5060] [ 57.734820][ T5060] the dependencies between the lock to be acquired [ 57.734827][ T5060] and HARDIRQ-irq-unsafe lock: [ 57.748575][ T5060] -> (&htab->buckets[i].lock){+...}-{2:2} { [ 57.754472][ T5060] HARDIRQ-ON-W at: [ 57.758960][ T5060] lock_acquire+0x1e4/0x530 [ 57.765099][ T5060] _raw_spin_lock_bh+0x35/0x50 [ 57.771498][ T5060] sock_hash_free+0x164/0x820 [ 57.777916][ T5060] bpf_map_free_deferred+0xe6/0x110 [ 57.784749][ T5060] process_scheduled_works+0xa00/0x1770 [ 57.791930][ T5060] worker_thread+0x86d/0xd70 [ 57.798157][ T5060] kthread+0x2f0/0x390 [ 57.803869][ T5060] ret_from_fork+0x4b/0x80 [ 57.809942][ T5060] ret_from_fork_asm+0x1a/0x30 [ 57.816632][ T5060] INITIAL USE at: [ 57.820534][ T5060] lock_acquire+0x1e4/0x530 [ 57.826866][ T5060] _raw_spin_lock_bh+0x35/0x50 [ 57.833268][ T5060] sock_hash_free+0x164/0x820 [ 57.839499][ T5060] bpf_map_free_deferred+0xe6/0x110 [ 57.846245][ T5060] process_scheduled_works+0xa00/0x1770 [ 57.853342][ T5060] worker_thread+0x86d/0xd70 [ 57.859479][ T5060] kthread+0x2f0/0x390 [ 57.865186][ T5060] ret_from_fork+0x4b/0x80 [ 57.871157][ T5060] ret_from_fork_asm+0x1a/0x30 [ 57.877469][ T5060] } [ 57.879950][ T5060] ... key at: [] sock_hash_alloc.__key+0x0/0x20 [ 57.888266][ T5060] ... acquired at: [ 57.892055][ T5060] lock_acquire+0x1e4/0x530 [ 57.896714][ T5060] _raw_spin_lock_bh+0x35/0x50 [ 57.901634][ T5060] sock_hash_delete_elem+0xb0/0x300 [ 57.906988][ T5060] bpf_prog_2c29ac5cdc6b1842+0x42/0x46 [ 57.912613][ T5060] bpf_trace_run2+0x204/0x420 [ 57.917535][ T5060] enqueue_hrtimer+0x335/0x3a0 [ 57.922460][ T5060] hrtimer_start_range_ns+0xaa0/0xc60 [ 57.927988][ T5060] do_nanosleep+0x158/0x600 [ 57.932648][ T5060] hrtimer_nanosleep+0x227/0x470 [ 57.937751][ T5060] __se_sys_clock_nanosleep+0x32b/0x3c0 [ 57.943466][ T5060] do_syscall_64+0xfb/0x240 [ 57.948165][ T5060] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 57.954235][ T5060] [ 57.956546][ T5060] [ 57.956546][ T5060] stack backtrace: [ 57.962429][ T5060] CPU: 1 PID: 5060 Comm: syz-executor294 Not tainted 6.8.0-syzkaller-05221-gea80e3ed09ab #0 [ 57.972493][ T5060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 57.982549][ T5060] Call Trace: [ 57.985827][ T5060] [ 57.988766][ T5060] dump_stack_lvl+0x1e7/0x2e0 [ 57.993450][ T5060] ? __pfx_dump_stack_lvl+0x10/0x10 [ 57.998644][ T5060] ? __pfx__printk+0x10/0x10 [ 58.003243][ T5060] ? print_shortest_lock_dependencies+0xf2/0x160 [ 58.009675][ T5060] validate_chain+0x4dc7/0x58e0 [ 58.014536][ T5060] ? __pfx_validate_chain+0x10/0x10 [ 58.019733][ T5060] ? __lock_acquire+0x1346/0x1fd0 [ 58.024756][ T5060] ? __pfx_validate_chain+0x10/0x10 [ 58.029958][ T5060] ? register_lock_class+0x102/0x980 [ 58.035233][ T5060] ? __pfx_register_lock_class+0x10/0x10 [ 58.040853][ T5060] ? mark_lock+0x9a/0x350 [ 58.045174][ T5060] __lock_acquire+0x1346/0x1fd0 [ 58.050025][ T5060] lock_acquire+0x1e4/0x530 [ 58.054513][ T5060] ? sock_hash_delete_elem+0xb0/0x300 [ 58.060186][ T5060] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 58.065898][ T5060] ? __pfx_lock_acquire+0x10/0x10 [ 58.070925][ T5060] ? sock_hash_delete_elem+0xb0/0x300 [ 58.076294][ T5060] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 58.082089][ T5060] ? __pfx_lock_acquire+0x10/0x10 [ 58.087105][ T5060] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 58.093000][ T5060] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 58.099318][ T5060] ? sock_hash_delete_elem+0xb0/0x300 [ 58.104692][ T5060] _raw_spin_lock_bh+0x35/0x50 [ 58.109451][ T5060] ? sock_hash_delete_elem+0xb0/0x300 [ 58.114808][ T5060] sock_hash_delete_elem+0xb0/0x300 [ 58.119992][ T5060] ? debug_object_activate+0x3e4/0x510 [ 58.125439][ T5060] bpf_prog_2c29ac5cdc6b1842+0x42/0x46 [ 58.131064][ T5060] bpf_trace_run2+0x204/0x420 [ 58.135752][ T5060] ? bpf_trace_run2+0x114/0x420 [ 58.140591][ T5060] ? __pfx_bpf_trace_run2+0x10/0x10 [ 58.145777][ T5060] ? _raw_spin_lock_irqsave+0xe1/0x120 [ 58.151236][ T5060] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 58.157379][ T5060] enqueue_hrtimer+0x335/0x3a0 [ 58.162225][ T5060] hrtimer_start_range_ns+0xaa0/0xc60 [ 58.167591][ T5060] do_nanosleep+0x158/0x600 [ 58.172102][ T5060] ? do_nanosleep+0x80/0x600 [ 58.176870][ T5060] ? __pfx_do_nanosleep+0x10/0x10 [ 58.182013][ T5060] ? __asan_memset+0x23/0x50 [ 58.186606][ T5060] ? __hrtimer_init+0x170/0x250 [ 58.191486][ T5060] hrtimer_nanosleep+0x227/0x470 [ 58.196442][ T5060] ? __pfx_hrtimer_nanosleep+0x10/0x10 [ 58.201901][ T5060] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 58.207089][ T5060] ? __pfx_get_timespec64+0x10/0x10 [ 58.212282][ T5060] __se_sys_clock_nanosleep+0x32b/0x3c0 [ 58.217830][ T5060] ? __pfx___se_sys_clock_nanosleep+0x10/0x10 [ 58.223900][ T5060] ? do_syscall_64+0x10a/0x240 [ 58.228674][ T5060] ? do_syscall_64+0xb6/0x240 [ 58.233345][ T5060] do_syscall_64+0xfb/0x240 [ 58.238021][ T5060] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 58.243907][ T5060] RIP: 0033:0x7f3db8d876b3 [ 58.248309][ T5060] Code: 00 00 00 00 0f 1f 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d ce e9 03 00 00 74 14 b8 e6 00 00 00 0f 05 d8 c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 [ 58.267987][ T5060] RSP: 002b:00007ffeab7b0778 EFLAGS: 00000202 ORIG_RAX: 00000000000000e6 [ 58.276389][ T5060] RAX: ffffffffffffffda RBX: 00000000000013c7 RCX: 00007f3db8d876b3 [ 58.284351][ T5060] RDX: 00007ffeab7b0790 RSI: 0000000000000000 RDI: 0000000000000000 [ 58.292307][ T5060] RBP: 000000000000dd4e R08: 0000000000000010 R09: 00007f3db8d0d0b0 [ 58.300262][ T5060] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffeab7b07cc [ 58.308219][ T5060] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 [ 58.316184][ T5060]