======================================================
WARNING: possible circular locking dependency detected
5.12.0-syzkaller #0 Not tainted
------------------------------------------------------
kworker/u4:22/11108 is trying to acquire lock:
ffff888072bb30a0 (slock-AF_INET#2){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:354 [inline]
ffff888072bb30a0 (slock-AF_INET#2){+.-.}-{2:2}, at: sctp_addr_wq_timeout_handler+0x192/0x470 net/sctp/protocol.c:666
but task is already holding lock:
ffff888028cacaa0 (&net->sctp.addr_wq_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:359 [inline]
ffff888028cacaa0 (&net->sctp.addr_wq_lock){+.-.}-{2:2}, at: sctp_addr_wq_timeout_handler+0x2c/0x470 net/sctp/protocol.c:626
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&net->sctp.addr_wq_lock){+.-.}-{2:2}:
lock_acquire+0x17f/0x720 kernel/locking/lockdep.c:5512
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
_raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:175
spin_lock_bh include/linux/spinlock.h:359 [inline]
sctp_destroy_sock+0xc9/0x370 net/sctp/socket.c:5028
sk_common_release+0x6a/0x2e0 net/core/sock.c:3264
sctp_close+0x761/0x8f0 net/sctp/socket.c:1531
inet_release+0x16e/0x1f0 net/ipv4/af_inet.c:431
__sock_release net/socket.c:599 [inline]
sock_close+0xd8/0x260 net/socket.c:1258
__fput+0x352/0x7b0 fs/file_table.c:280
task_work_run+0x146/0x1c0 kernel/task_work.c:161
exit_task_work include/linux/task_work.h:32 [inline]
do_exit+0x736/0x23d0 kernel/exit.c:826
do_group_exit+0x168/0x2d0 kernel/exit.c:923
get_signal+0x1770/0x2180 kernel/signal.c:2818
arch_do_signal_or_restart+0x8e/0x6c0 arch/x86/kernel/signal.c:789
handle_signal_work kernel/entry/common.c:147 [inline]
exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
exit_to_user_mode_prepare+0xac/0x200 kernel/entry/common.c:208
__syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
syscall_exit_to_user_mode+0x26/0x70 kernel/entry/common.c:301
do_syscall_64+0x4b/0xb0 arch/x86/entry/common.c:57
entry_SYSCALL_64_after_hwframe+0x44/0xae
-> #0 (slock-AF_INET#2){+.-.}-{2:2}:
check_prev_add kernel/locking/lockdep.c:2938 [inline]
check_prevs_add+0x4d6/0x5a90 kernel/locking/lockdep.c:3061
validate_chain kernel/locking/lockdep.c:3676 [inline]
__lock_acquire+0x4307/0x6040 kernel/locking/lockdep.c:4902
lock_acquire+0x17f/0x720 kernel/locking/lockdep.c:5512
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151
spin_lock include/linux/spinlock.h:354 [inline]
sctp_addr_wq_timeout_handler+0x192/0x470 net/sctp/protocol.c:666
call_timer_fn+0xf6/0x210 kernel/time/timer.c:1431
expire_timers kernel/time/timer.c:1476 [inline]
__run_timers+0x6ff/0x910 kernel/time/timer.c:1745
run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1758
__do_softirq+0x372/0x7a6 kernel/softirq.c:559
invoke_softirq kernel/softirq.c:433 [inline]
__irq_exit_rcu+0x245/0x280 kernel/softirq.c:637
irq_exit_rcu+0x5/0x20 kernel/softirq.c:649
sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1100
asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632
__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline]
_raw_spin_unlock_irq+0x25/0x40 kernel/locking/spinlock.c:199
finish_task_switch+0x145/0x620 kernel/sched/core.c:4210
context_switch kernel/sched/core.c:4342 [inline]
__schedule+0xba0/0x1120 kernel/sched/core.c:5147
preempt_schedule_irq+0xe3/0x190 kernel/sched/core.c:5535
irqentry_exit+0x56/0x90 kernel/entry/common.c:426
asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632
lock_is_held_type+0x129/0x180 arch/x86/include/asm/irqflags.h:45
lock_is_held include/linux/lockdep.h:283 [inline]
___might_sleep+0xab/0x6b0 kernel/sched/core.c:8304
get_next_corpse net/netfilter/nf_conntrack_core.c:2223 [inline]
nf_ct_iterate_cleanup+0x36a/0x3f0 net/netfilter/nf_conntrack_core.c:2245
nf_conntrack_cleanup_net_list+0x7c/0x210 net/netfilter/nf_conntrack_core.c:2432
ops_exit_list net/core/net_namespace.c:178 [inline]
cleanup_net+0x7ec/0xc60 net/core/net_namespace.c:595
process_one_work+0x833/0x10c0 kernel/workqueue.c:2275
worker_thread+0xac1/0x1300 kernel/workqueue.c:2421
kthread+0x39a/0x3c0 kernel/kthread.c:313
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&net->sctp.addr_wq_lock);
lock(slock-AF_INET#2);
lock(&net->sctp.addr_wq_lock);
lock(slock-AF_INET#2);
*** DEADLOCK ***
5 locks held by kworker/u4:22/11108:
#0: ffff8880122d3138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x7aa/0x10c0 kernel/workqueue.c:2248
#1: ffffc90015df7d20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7e8/0x10c0 kernel/workqueue.c:2250
#2: ffffffff8dd0a770 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf0/0xc60 net/core/net_namespace.c:557
#3: ffffc90000007be0 ((&net->sctp.addr_wq_timer)){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:45 [inline]
#3: ffffc90000007be0 ((&net->sctp.addr_wq_timer)){+.-.}-{0:0}, at: call_timer_fn+0xbd/0x210 kernel/time/timer.c:1421
#4: ffff888028cacaa0 (&net->sctp.addr_wq_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:359 [inline]
#4: ffff888028cacaa0 (&net->sctp.addr_wq_lock){+.-.}-{2:2}, at: sctp_addr_wq_timeout_handler+0x2c/0x470 net/sctp/protocol.c:626
stack backtrace:
CPU: 0 PID: 11108 Comm: kworker/u4:22 Not tainted 5.12.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
Call Trace:
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack+0x202/0x31e lib/dump_stack.c:120
print_circular_bug+0xb17/0xdc0 kernel/locking/lockdep.c:2007
check_noncircular+0x2cc/0x390 kernel/locking/lockdep.c:2129
check_prev_add kernel/locking/lockdep.c:2938 [inline]
check_prevs_add+0x4d6/0x5a90 kernel/locking/lockdep.c:3061
validate_chain kernel/locking/lockdep.c:3676 [inline]
__lock_acquire+0x4307/0x6040 kernel/locking/lockdep.c:4902
lock_acquire+0x17f/0x720 kernel/locking/lockdep.c:5512
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151
spin_lock include/linux/spinlock.h:354 [inline]
sctp_addr_wq_timeout_handler+0x192/0x470 net/sctp/protocol.c:666
call_timer_fn+0xf6/0x210 kernel/time/timer.c:1431
expire_timers kernel/time/timer.c:1476 [inline]
__run_timers+0x6ff/0x910 kernel/time/timer.c:1745
run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1758
__do_softirq+0x372/0x7a6 kernel/softirq.c:559
invoke_softirq kernel/softirq.c:433 [inline]
__irq_exit_rcu+0x245/0x280 kernel/softirq.c:637
irq_exit_rcu+0x5/0x20 kernel/softirq.c:649
sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1100
asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632
RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline]
RIP: 0010:_raw_spin_unlock_irq+0x25/0x40 kernel/locking/spinlock.c:199
Code: 00 00 00 00 00 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 ee ff ae f7 48 89 df e8 c6 a1 b0 f7 e8 61 ad d2 f7 fb bf 01 00 00 00 b6 73 a4 f7 65 8b 05 e7 8f 4f 76 85 c0 74 02 5b c3 e8 1b f2 4d
RSP: 0018:ffffc90015df7650 EFLAGS: 00000282
RAX: 21e412e549963800 RBX: ffff8880b9a34cc0 RCX: ffffffff8161b2a9
RDX: dffffc0000000000 RSI: 0000000000000002 RDI: 0000000000000001
RBP: ffffc90015df76b0 R08: dffffc0000000000 R09: fffffbfff2000db2
R10: fffffbfff2000db2 R11: 0000000000000000 R12: ffff8880b9a34cc0
R13: ffff888075d49c40 R14: dffffc0000000000 R15: 0000000000000000
finish_task_switch+0x145/0x620 kernel/sched/core.c:4210
context_switch kernel/sched/core.c:4342 [inline]
__schedule+0xba0/0x1120 kernel/sched/core.c:5147
preempt_schedule_irq+0xe3/0x190 kernel/sched/core.c:5535
irqentry_exit+0x56/0x90 kernel/entry/common.c:426
asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632
RIP: 0010:lock_is_held_type+0x129/0x180 arch/x86/include/asm/irqflags.h:45
Code: 05 2c 50 52 76 83 f8 01 75 38 9c 8f 04 24 f7 04 24 00 02 00 00 75 46 41 f7 c4 00 02 00 00 74 01 fb 65 48 8b 04 25 28 00 00 00 <48> 3b 44 24 08 75 3c 89 d8 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f
RSP: 0018:ffffc90015df7978 EFLAGS: 00000206
RAX: 21e412e549963800 RBX: 0000000000000000 RCX: ffff888075d49c40
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000003 R08: dffffc0000000000 R09: fffffbfff2000db2
R10: fffffbfff2000db2 R11: 0000000000000000 R12: 0000000000000246
R13: ffff888075d49c40 R14: 00000000ffffffff R15: ffffffff8cd145e0
lock_is_held include/linux/lockdep.h:283 [inline]
___might_sleep+0xab/0x6b0 kernel/sched/core.c:8304
get_next_corpse net/netfilter/nf_conntrack_core.c:2223 [inline]
nf_ct_iterate_cleanup+0x36a/0x3f0 net/netfilter/nf_conntrack_core.c:2245
nf_conntrack_cleanup_net_list+0x7c/0x210 net/netfilter/nf_conntrack_core.c:2432
ops_exit_list net/core/net_namespace.c:178 [inline]
cleanup_net+0x7ec/0xc60 net/core/net_namespace.c:595
process_one_work+0x833/0x10c0 kernel/workqueue.c:2275
worker_thread+0xac1/0x1300 kernel/workqueue.c:2421
kthread+0x39a/0x3c0 kernel/kthread.c:313
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294