Warning: Permanently added '10.128.1.183' (ED25519) to the list of known hosts. executing program executing program executing program [ 42.306775][ T7] [ 42.309128][ T7] ===================================================== [ 42.316051][ T7] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 42.323520][ T7] 5.15.152-syzkaller #0 Not tainted [ 42.328699][ T7] ----------------------------------------------------- [ 42.335612][ T7] kworker/0:0/7 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire: [ 42.343054][ T7] ffff88807a0028d8 (&htab->buckets[i].lock){+...}-{2:2}, at: sock_hash_delete_elem+0xac/0x2f0 [ 42.353308][ T7] [ 42.353308][ T7] and this task is already holding: [ 42.360652][ T7] ffff8880b9a28098 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x120/0x260 [ 42.369503][ T7] which would create a new lock dependency: [ 42.375371][ T7] (&base->lock){-.-.}-{2:2} -> (&htab->buckets[i].lock){+...}-{2:2} [ 42.383442][ T7] [ 42.383442][ T7] but this new dependency connects a HARDIRQ-irq-safe lock: [ 42.392955][ T7] (&base->lock){-.-.}-{2:2} [ 42.392974][ T7] [ 42.392974][ T7] ... which became HARDIRQ-irq-safe at: [ 42.405225][ T7] lock_acquire+0x1db/0x4f0 [ 42.409798][ T7] _raw_spin_lock_irqsave+0xd1/0x120 [ 42.415151][ T7] lock_timer_base+0x120/0x260 [ 42.419983][ T7] add_timer_on+0x1eb/0x580 [ 42.424554][ T7] handle_irq_event+0x124/0x2b0 [ 42.429471][ T7] handle_edge_irq+0x245/0xbf0 [ 42.434303][ T7] __common_interrupt+0xd7/0x1f0 [ 42.439315][ T7] common_interrupt+0x9f/0xc0 [ 42.444060][ T7] asm_common_interrupt+0x22/0x40 [ 42.449154][ T7] console_unlock+0xe53/0x12b0 [ 42.453983][ T7] vprintk_emit+0xbf/0x150 [ 42.458474][ T7] _printk+0xd1/0x111 [ 42.462522][ T7] cpu_select_mitigations+0x38/0x8f [ 42.467792][ T7] arch_cpu_finalize_init+0xf/0x81 [ 42.472971][ T7] start_kernel+0x419/0x535 [ 42.477541][ T7] secondary_startup_64_no_verify+0xb1/0xbb [ 42.483504][ T7] [ 42.483504][ T7] to a HARDIRQ-irq-unsafe lock: [ 42.490500][ T7] (&htab->buckets[i].lock){+...}-{2:2} [ 42.490519][ T7] [ 42.490519][ T7] ... which became HARDIRQ-irq-unsafe at: [ 42.503893][ T7] ... [ 42.503899][ T7] lock_acquire+0x1db/0x4f0 [ 42.511033][ T7] _raw_spin_lock_bh+0x31/0x40 [ 42.515867][ T7] sock_hash_free+0x14c/0x780 [ 42.520611][ T7] process_one_work+0x8a1/0x10c0 [ 42.526396][ T7] worker_thread+0xaca/0x1280 [ 42.531137][ T7] kthread+0x3f6/0x4f0 [ 42.535271][ T7] ret_from_fork+0x1f/0x30 [ 42.539755][ T7] [ 42.539755][ T7] other info that might help us debug this: [ 42.539755][ T7] [ 42.549963][ T7] Possible interrupt unsafe locking scenario: [ 42.549963][ T7] [ 42.558259][ T7] CPU0 CPU1 [ 42.563606][ T7] ---- ---- [ 42.568947][ T7] lock(&htab->buckets[i].lock); [ 42.573954][ T7] local_irq_disable(); [ 42.580687][ T7] lock(&base->lock); [ 42.587251][ T7] lock(&htab->buckets[i].lock); [ 42.594774][ T7] [ 42.598207][ T7] lock(&base->lock); [ 42.602428][ T7] [ 42.602428][ T7] *** DEADLOCK *** [ 42.602428][ T7] [ 42.610549][ T7] 4 locks held by kworker/0:0/7: [ 42.615465][ T7] #0: ffff888011c72138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 42.625798][ T7] #1: ffffc90000cc7d20 ((work_completion)(&rew.rew_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 42.637082][ T7] #2: ffff8880b9a28098 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x120/0x260 [ 42.646369][ T7] #3: ffffffff8c91f720 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 42.655653][ T7] [ 42.655653][ T7] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 42.666035][ T7] -> (&base->lock){-.-.}-{2:2} { [ 42.670965][ T7] IN-HARDIRQ-W at: [ 42.674924][ T7] lock_acquire+0x1db/0x4f0 [ 42.681060][ T7] _raw_spin_lock_irqsave+0xd1/0x120 [ 42.687977][ T7] lock_timer_base+0x120/0x260 [ 42.694373][ T7] add_timer_on+0x1eb/0x580 [ 42.700513][ T7] handle_irq_event+0x124/0x2b0 [ 42.707017][ T7] handle_edge_irq+0x245/0xbf0 [ 42.713410][ T7] __common_interrupt+0xd7/0x1f0 [ 42.719980][ T7] common_interrupt+0x9f/0xc0 [ 42.726299][ T7] asm_common_interrupt+0x22/0x40 [ 42.732954][ T7] console_unlock+0xe53/0x12b0 [ 42.739348][ T7] vprintk_emit+0xbf/0x150 [ 42.745396][ T7] _printk+0xd1/0x111 [ 42.751096][ T7] cpu_select_mitigations+0x38/0x8f [ 42.757929][ T7] arch_cpu_finalize_init+0xf/0x81 [ 42.764670][ T7] start_kernel+0x419/0x535 [ 42.770806][ T7] secondary_startup_64_no_verify+0xb1/0xbb [ 42.778330][ T7] IN-SOFTIRQ-W at: [ 42.782290][ T7] lock_acquire+0x1db/0x4f0 [ 42.788422][ T7] _raw_spin_lock_irq+0xcf/0x110 [ 42.794995][ T7] __run_timers+0x111/0x890 [ 42.801138][ T7] run_timer_softirq+0x63/0xf0 [ 42.807533][ T7] __do_softirq+0x3b3/0x93a [ 42.813665][ T7] __irq_exit_rcu+0x155/0x240 [ 42.819973][ T7] irq_exit_rcu+0x5/0x20 [ 42.825868][ T7] common_interrupt+0xa4/0xc0 [ 42.832173][ T7] asm_common_interrupt+0x22/0x40 [ 42.838830][ T7] console_unlock+0xe53/0x12b0 [ 42.845248][ T7] vprintk_emit+0xbf/0x150 [ 42.851293][ T7] _printk+0xd1/0x111 [ 42.856906][ T7] cpu_select_mitigations+0x4c/0x8f [ 42.863733][ T7] arch_cpu_finalize_init+0xf/0x81 [ 42.870477][ T7] start_kernel+0x419/0x535 [ 42.876611][ T7] secondary_startup_64_no_verify+0xb1/0xbb [ 42.884138][ T7] INITIAL USE at: [ 42.888009][ T7] lock_acquire+0x1db/0x4f0 [ 42.894057][ T7] _raw_spin_lock_irqsave+0xd1/0x120 [ 42.900889][ T7] lock_timer_base+0x120/0x260 [ 42.907212][ T7] add_timer_on+0x1eb/0x580 [ 42.913263][ T7] handle_irq_event+0x124/0x2b0 [ 42.919659][ T7] handle_edge_irq+0x245/0xbf0 [ 42.925965][ T7] __common_interrupt+0xd7/0x1f0 [ 42.932454][ T7] common_interrupt+0x9f/0xc0 [ 42.938675][ T7] asm_common_interrupt+0x22/0x40 [ 42.945244][ T7] console_unlock+0xe53/0x12b0 [ 42.951560][ T7] vprintk_emit+0xbf/0x150 [ 42.957522][ T7] _printk+0xd1/0x111 [ 42.963047][ T7] cpu_select_mitigations+0x38/0x8f [ 42.969789][ T7] arch_cpu_finalize_init+0xf/0x81 [ 42.976443][ T7] start_kernel+0x419/0x535 [ 42.982488][ T7] secondary_startup_64_no_verify+0xb1/0xbb [ 42.989928][ T7] } [ 42.992404][ T7] ... key at: [] init_timer_cpu.__key+0x0/0x20 [ 43.000626][ T7] [ 43.000626][ T7] the dependencies between the lock to be acquired [ 43.000633][ T7] and HARDIRQ-irq-unsafe lock: [ 43.014109][ T7] -> (&htab->buckets[i].lock){+...}-{2:2} { [ 43.020095][ T7] HARDIRQ-ON-W at: [ 43.024084][ T7] lock_acquire+0x1db/0x4f0 [ 43.030244][ T7] _raw_spin_lock_bh+0x31/0x40 [ 43.036654][ T7] sock_hash_free+0x14c/0x780 [ 43.042967][ T7] process_one_work+0x8a1/0x10c0 [ 43.049538][ T7] worker_thread+0xaca/0x1280 [ 43.055846][ T7] kthread+0x3f6/0x4f0 [ 43.061547][ T7] ret_from_fork+0x1f/0x30 [ 43.067771][ T7] INITIAL USE at: [ 43.071647][ T7] lock_acquire+0x1db/0x4f0 [ 43.077695][ T7] _raw_spin_lock_bh+0x31/0x40 [ 43.084003][ T7] sock_hash_free+0x14c/0x780 [ 43.090222][ T7] process_one_work+0x8a1/0x10c0 [ 43.096703][ T7] worker_thread+0xaca/0x1280 [ 43.102924][ T7] kthread+0x3f6/0x4f0 [ 43.108539][ T7] ret_from_fork+0x1f/0x30 [ 43.114499][ T7] } [ 43.116981][ T7] ... key at: [] sock_hash_alloc.__key+0x0/0x20 [ 43.125291][ T7] ... acquired at: [ 43.129074][ T7] lock_acquire+0x1db/0x4f0 [ 43.133732][ T7] _raw_spin_lock_bh+0x31/0x40 [ 43.138648][ T7] sock_hash_delete_elem+0xac/0x2f0 [ 43.144019][ T7] bpf_prog_2c29ac5cdc6b1842+0x3a/0xb4c [ 43.149797][ T7] bpf_trace_run3+0x1d1/0x380 [ 43.155080][ T7] enqueue_timer+0x3ae/0x540 [ 43.159831][ T7] __mod_timer+0xa60/0xeb0 [ 43.164404][ T7] schedule_timeout+0x1b4/0x300 [ 43.169414][ T7] rcu_exp_sel_wait_wake+0x7cb/0x1c00 [ 43.174941][ T7] process_one_work+0x8a1/0x10c0 [ 43.180034][ T7] worker_thread+0xaca/0x1280 [ 43.184867][ T7] kthread+0x3f6/0x4f0 [ 43.189090][ T7] ret_from_fork+0x1f/0x30 [ 43.193662][ T7] [ 43.196051][ T7] [ 43.196051][ T7] stack backtrace: [ 43.201917][ T7] CPU: 0 PID: 7 Comm: kworker/0:0 Not tainted 5.15.152-syzkaller #0 [ 43.209874][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 43.219910][ T7] Workqueue: rcu_gp wait_rcu_exp_gp [ 43.225184][ T7] Call Trace: [ 43.228448][ T7] [ 43.231362][ T7] dump_stack_lvl+0x1e3/0x2cb [ 43.236024][ T7] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 43.241642][ T7] ? panic+0x84d/0x84d [ 43.245691][ T7] ? print_shortest_lock_dependencies+0xee/0x150 [ 43.252003][ T7] validate_chain+0x4d01/0x5930 [ 43.256841][ T7] ? reacquire_held_locks+0x660/0x660 [ 43.262198][ T7] ? register_lock_class+0x100/0x9a0 [ 43.267464][ T7] ? is_dynamic_key+0x1f0/0x1f0 [ 43.272470][ T7] ? mark_lock+0x98/0x340 [ 43.276780][ T7] __lock_acquire+0x1295/0x1ff0 [ 43.281616][ T7] lock_acquire+0x1db/0x4f0 [ 43.286099][ T7] ? sock_hash_delete_elem+0xac/0x2f0 [ 43.291455][ T7] ? lockdep_softirqs_on+0x590/0x590 [ 43.296718][ T7] ? read_lock_is_recursive+0x10/0x10 [ 43.302074][ T7] ? sock_hash_delete_elem+0xac/0x2f0 [ 43.307426][ T7] ? __bpf_trace_softirq+0x10/0x10 [ 43.312522][ T7] ? sock_hash_delete_elem+0xac/0x2f0 [ 43.317890][ T7] _raw_spin_lock_bh+0x31/0x40 [ 43.322638][ T7] ? sock_hash_delete_elem+0xac/0x2f0 [ 43.327992][ T7] sock_hash_delete_elem+0xac/0x2f0 [ 43.333173][ T7] bpf_prog_2c29ac5cdc6b1842+0x3a/0xb4c [ 43.338710][ T7] bpf_trace_run3+0x1d1/0x380 [ 43.343391][ T7] ? bpf_trace_run2+0x340/0x340 [ 43.348235][ T7] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 43.354116][ T7] ? _raw_spin_lock_irqsave+0xdd/0x120 [ 43.359557][ T7] ? _raw_spin_lock+0x40/0x40 [ 43.364216][ T7] ? __debug_object_init+0x258/0xd30 [ 43.369486][ T7] enqueue_timer+0x3ae/0x540 [ 43.374062][ T7] __mod_timer+0xa60/0xeb0 [ 43.378636][ T7] ? mod_timer_pending+0x20/0x20 [ 43.383556][ T7] ? lockdep_softirqs_off+0x420/0x420 [ 43.388906][ T7] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 43.394872][ T7] ? print_irqtrace_events+0x210/0x210 [ 43.400313][ T7] schedule_timeout+0x1b4/0x300 [ 43.405145][ T7] ? console_conditional_schedule+0x40/0x40 [ 43.411018][ T7] ? update_process_times+0x200/0x200 [ 43.416648][ T7] rcu_exp_sel_wait_wake+0x7cb/0x1c00 [ 43.422011][ T7] ? rcu_check_gp_start_stall+0x450/0x450 [ 43.427710][ T7] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 43.433587][ T7] ? do_raw_spin_unlock+0x137/0x8b0 [ 43.438767][ T7] process_one_work+0x8a1/0x10c0 [ 43.443695][ T7] ? worker_detach_from_pool+0x260/0x260 [ 43.449308][ T7] ? _raw_spin_lock_irqsave+0x120/0x120 [ 43.454836][ T7] ? kthread_data+0x4e/0xc0 [ 43.459317][ T7] ? wq_worker_running+0x97/0x170 [ 43.464322][ T7] worker_thread+0xaca/0x1280 [ 43.468989][ T7] kthread+0x3f6/0x4f0 [ 43.473038][ T7] ? rcu_lock_release+0x20/0x20 [ 43.477870][ T7] ? kthread_blkcg+0xd0/0xd0 [ 43.482443][ T7] ret_from_fork+0x1f/0x30 [ 43.486846][ T7]