============================================ WARNING: possible recursive locking detected 6.11.0-rc5-syzkaller-00768-g221f9cce949a #0 Not tainted -------------------------------------------- syz-executor/7297 is trying to acquire lock: ffff8880b892a718 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240 kernel/time/timer.c:1051 but task is already holding lock: ffff8880b882a718 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240 kernel/time/timer.c:1051 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&base->lock); lock(&base->lock); *** DEADLOCK *** May be due to missing lock nesting notation 6 locks held by syz-executor/7297: #0: ffffffff8fc8c048 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline] #0: ffffffff8fc8c048 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 net/core/rtnetlink.c:6643 #1: ffffffff8fd5e650 ((inetaddr_chain).rwsem){++++}-{3:3}, at: blocking_notifier_call_chain+0x53/0x90 kernel/notifier.c:387 #2: ffff8880286cada0 (&net->sctp.local_addr_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline] #2: ffff8880286cada0 (&net->sctp.local_addr_lock){+...}-{2:2}, at: sctp_inetaddr_event+0x309/0x600 net/sctp/protocol.c:797 #3: ffff8880286cad60 (&net->sctp.addr_wq_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline] #3: ffff8880286cad60 (&net->sctp.addr_wq_lock){+.-.}-{2:2}, at: sctp_addr_wq_mgmt+0x3c/0x720 net/sctp/protocol.c:739 #4: ffff8880b882a718 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240 kernel/time/timer.c:1051 #5: ffffffff8f0549e0 (fill_pool_map-wait-type-override){+.+.}-{3:3}, at: debug_objects_fill_pool+0x80/0x9b0 lib/debugobjects.c:615 stack backtrace: CPU: 0 UID: 0 PID: 7297 Comm: syz-executor Not tainted 6.11.0-rc5-syzkaller-00768-g221f9cce949a #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Call Trace: __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 check_deadlock kernel/locking/lockdep.c:3061 [inline] validate_chain+0x15d3/0x5900 kernel/locking/lockdep.c:3855 __lock_acquire+0x137a/0x2040 kernel/locking/lockdep.c:5142 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5759 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 lock_timer_base+0x112/0x240 kernel/time/timer.c:1051 __mod_timer+0x1ca/0xeb0 kernel/time/timer.c:1132 queue_delayed_work_on+0x1ca/0x390 kernel/workqueue.c:2554 queue_delayed_work include/linux/workqueue.h:636 [inline] schedule_delayed_work include/linux/workqueue.h:776 [inline] __debug_check_no_obj_freed lib/debugobjects.c:1013 [inline] debug_check_no_obj_freed+0x14a/0x580 lib/debugobjects.c:1020 free_pages_prepare mm/page_alloc.c:1101 [inline] free_unref_page+0x38a/0xea0 mm/page_alloc.c:2612 stack_depot_save_flags+0x6f6/0x830 lib/stackdepot.c:666 kasan_save_stack mm/kasan/common.c:48 [inline] kasan_save_track+0x51/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:312 [inline] __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3988 [inline] slab_alloc_node mm/slub.c:4037 [inline] kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044 fill_pool lib/debugobjects.c:169 [inline] debug_objects_fill_pool+0x63f/0x9b0 lib/debugobjects.c:616 debug_object_activate+0x135/0x510 lib/debugobjects.c:705 debug_timer_activate kernel/time/timer.c:836 [inline] __mod_timer+0x89d/0xeb0 kernel/time/timer.c:1171 sctp_addr_wq_mgmt+0x482/0x720 net/sctp/protocol.c:770 sctp_inetaddr_event+0x41c/0x600 net/sctp/protocol.c:799 notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93 blocking_notifier_call_chain+0x69/0x90 kernel/notifier.c:388 __inet_insert_ifa+0x9d4/0xc30 net/ipv4/devinet.c:571 inet_rtm_newaddr+0xc15/0x1b20 net/ipv4/devinet.c:982 rtnetlink_rcv_msg+0x73f/0xcf0 net/core/rtnetlink.c:6646 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550 netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline] netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357 netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:745 __sys_sendto+0x3a4/0x4f0 net/socket.c:2204 __do_sys_sendto net/socket.c:2216 [inline] __se_sys_sendto net/socket.c:2212 [inline] __x64_sys_sendto+0xde/0x100 net/socket.c:2212 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f8f7437bd4c Code: 2a 5a 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5a 02 00 48 8b RSP: 002b:00007ffe7cc537d0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f8f75044620 RCX: 00007f8f7437bd4c RDX: 0000000000000028 RSI: 00007f8f75044670 RDI: 0000000000000003 RBP: 0000000000000000 R08: 00007ffe7cc53824 R09: 000000000000000c R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 R13: 0000000000000000 R14: 00007f8f75044670 R15: 0000000000000000