=====================================================
WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
6.1.84-syzkaller #0 Not tainted
-----------------------------------------------------
kworker/0:0/7 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire:
ffff88807cd06ca0 (&htab->buckets[i].lock){+...}-{2:2}, at: sock_hash_delete_elem+0xac/0x2f0 net/core/sock_map.c:932
and this task is already holding:
ffffffff8d130058 (&rcu_state.expedited_wq){-.-.}-{2:2}, at: finish_swait+0xc4/0x1e0 kernel/sched/swait.c:139
which would create a new lock dependency:
(&rcu_state.expedited_wq){-.-.}-{2:2} -> (&htab->buckets[i].lock){+...}-{2:2}
but this new dependency connects a HARDIRQ-irq-safe lock:
(&rcu_state.expedited_wq){-.-.}-{2:2}
... which became HARDIRQ-irq-safe at:
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
swake_up_one+0x1c/0x150 kernel/sched/swait.c:51
__flush_smp_call_function_queue+0x60c/0xd00 kernel/smp.c:676
__sysvec_call_function_single+0xbb/0x360 arch/x86/kernel/smp.c:267
sysvec_call_function_single+0x89/0xb0 arch/x86/kernel/smp.c:262
asm_sysvec_call_function_single+0x16/0x20 arch/x86/include/asm/idtentry.h:661
clear_page_erms+0x7/0x10 arch/x86/lib/clear_page_64.S:49
clear_page arch/x86/include/asm/page_64.h:57 [inline]
clear_highpage include/linux/highmem.h:242 [inline]
clear_highpage_kasan_tagged include/linux/highmem.h:252 [inline]
kernel_init_pages mm/page_alloc.c:1377 [inline]
post_alloc_hook+0x145/0x1b0 mm/page_alloc.c:2508
prep_new_page mm/page_alloc.c:2520 [inline]
get_page_from_freelist+0x31a1/0x3320 mm/page_alloc.c:4279
__alloc_pages+0x28d/0x770 mm/page_alloc.c:5547
__alloc_pages_node include/linux/gfp.h:237 [inline]
alloc_pages_node include/linux/gfp.h:260 [inline]
alloc_pages_exact_nid+0x115/0x1b9 mm/page_alloc.c:5847
alloc_page_ext+0x1f/0x48 mm/page_ext.c:294
init_section_page_ext+0x101/0x15e mm/page_ext.c:317
page_ext_init+0x5b8/0x782 mm/page_ext.c:511
kernel_init_freeable+0x450/0x60f init/main.c:1623
kernel_init+0x19/0x290 init/main.c:1513
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:307
to a HARDIRQ-irq-unsafe lock:
(&htab->buckets[i].lock){+...}-{2:2}
... which became HARDIRQ-irq-unsafe at:
...
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:178
sock_hash_delete_elem+0xac/0x2f0 net/core/sock_map.c:932
0xffffffffa0001ff2
bpf_dispatcher_nop_func include/linux/bpf.h:989 [inline]
__bpf_prog_run include/linux/filter.h:603 [inline]
bpf_prog_run include/linux/filter.h:610 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2273 [inline]
bpf_trace_run2+0x1fd/0x410 kernel/trace/bpf_trace.c:2312
trace_contention_end+0x12f/0x170 include/trace/events/lock.h:122
__mutex_lock_common kernel/locking/mutex.c:612 [inline]
__mutex_lock+0x2ed/0xd80 kernel/locking/mutex.c:747
futex_cleanup_begin kernel/futex/core.c:1076 [inline]
futex_exit_release+0x30/0x1e0 kernel/futex/core.c:1128
exit_mm_release+0x16/0x30 kernel/fork.c:1505
exit_mm+0xa9/0x300 kernel/exit.c:535
do_exit+0x9f6/0x26a0 kernel/exit.c:856
do_group_exit+0x202/0x2b0 kernel/exit.c:1019
__do_sys_exit_group kernel/exit.c:1030 [inline]
__se_sys_exit_group kernel/exit.c:1028 [inline]
__x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1028
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x63/0xcd
other info that might help us debug this:
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&htab->buckets[i].lock);
local_irq_disable();
lock(&rcu_state.expedited_wq);
lock(&htab->buckets[i].lock);
<Interrupt>
lock(&rcu_state.expedited_wq);
*** DEADLOCK ***
4 locks held by kworker/0:0/7:
#0: ffff888012472138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267
#1: ffffc900000c7d20 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267
#2: ffffffff8d130058 (&rcu_state.expedited_wq){-.-.}-{2:2}, at: finish_swait+0xc4/0x1e0 kernel/sched/swait.c:139
#3: ffffffff8d12a980 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
#3: ffffffff8d12a980 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
#3: ffffffff8d12a980 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2272 [inline]
#3: ffffffff8d12a980 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x110/0x410 kernel/trace/bpf_trace.c:2312
the dependencies between HARDIRQ-irq-safe lock and the holding lock:
-> (&rcu_state.expedited_wq){-.-.}-{2:2} {
IN-HARDIRQ-W at:
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
swake_up_one+0x1c/0x150 kernel/sched/swait.c:51
__flush_smp_call_function_queue+0x60c/0xd00 kernel/smp.c:676
__sysvec_call_function_single+0xbb/0x360 arch/x86/kernel/smp.c:267
sysvec_call_function_single+0x89/0xb0 arch/x86/kernel/smp.c:262
asm_sysvec_call_function_single+0x16/0x20 arch/x86/include/asm/idtentry.h:661
clear_page_erms+0x7/0x10 arch/x86/lib/clear_page_64.S:49
clear_page arch/x86/include/asm/page_64.h:57 [inline]
clear_highpage include/linux/highmem.h:242 [inline]
clear_highpage_kasan_tagged include/linux/highmem.h:252 [inline]
kernel_init_pages mm/page_alloc.c:1377 [inline]
post_alloc_hook+0x145/0x1b0 mm/page_alloc.c:2508
prep_new_page mm/page_alloc.c:2520 [inline]
get_page_from_freelist+0x31a1/0x3320 mm/page_alloc.c:4279
__alloc_pages+0x28d/0x770 mm/page_alloc.c:5547
__alloc_pages_node include/linux/gfp.h:237 [inline]
alloc_pages_node include/linux/gfp.h:260 [inline]
alloc_pages_exact_nid+0x115/0x1b9 mm/page_alloc.c:5847
alloc_page_ext+0x1f/0x48 mm/page_ext.c:294
init_section_page_ext+0x101/0x15e mm/page_ext.c:317
page_ext_init+0x5b8/0x782 mm/page_ext.c:511
kernel_init_freeable+0x450/0x60f init/main.c:1623
kernel_init+0x19/0x290 init/main.c:1513
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:307
IN-SOFTIRQ-W at:
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
swake_up_one+0x1c/0x150 kernel/sched/swait.c:51
rcu_report_exp_rdp kernel/rcu/tree_exp.h:260 [inline]
rcu_preempt_deferred_qs_irqrestore+0x22a/0xc50 kernel/rcu/tree_plugin.h:506
rcu_preempt_deferred_qs kernel/rcu/tree_plugin.h:607 [inline]
rcu_core+0x2bc/0x17e0 kernel/rcu/tree.c:2533
__do_softirq+0x2e9/0xa4c kernel/softirq.c:571
run_ksoftirqd+0xc1/0x120 kernel/softirq.c:934
smpboot_thread_fn+0x52c/0xa30 kernel/smpboot.c:164
kthread+0x28d/0x320 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:307
INITIAL USE at:
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
prepare_to_swait_event+0x25/0x350 kernel/sched/swait.c:107
synchronize_rcu_expedited_wait_once kernel/rcu/tree_exp.h:580 [inline]
synchronize_rcu_expedited_wait kernel/rcu/tree_exp.h:631 [inline]
rcu_exp_wait_wake kernel/rcu/tree_exp.h:699 [inline]
rcu_exp_sel_wait_wake+0x746/0x1d50 kernel/rcu/tree_exp.h:733
synchronize_rcu_expedited+0x8e3/0x930 kernel/rcu/tree_exp.h:968
synchronize_rcu+0x11c/0x3f0 kernel/rcu/tree.c:3575
rcu_tasks_wait_gp+0x17f/0xaf0 kernel/rcu/tasks.h:675
rcu_tasks_one_gp+0xc28/0xe30 kernel/rcu/tasks.h:533
rcu_tasks_kthread+0x62/0x90 kernel/rcu/tasks.h:561
kthread+0x28d/0x320 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:307
}
... key at: [<ffffffff91cd4f00>] rcu_init_one.__key.231+0x0/0x20
the dependencies between the lock to be acquired
and HARDIRQ-irq-unsafe lock:
-> (&htab->buckets[i].lock){+...}-{2:2} {
HARDIRQ-ON-W at:
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:178
sock_hash_delete_elem+0xac/0x2f0 net/core/sock_map.c:932
0xffffffffa0001ff2
bpf_dispatcher_nop_func include/linux/bpf.h:989 [inline]
__bpf_prog_run include/linux/filter.h:603 [inline]
bpf_prog_run include/linux/filter.h:610 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2273 [inline]
bpf_trace_run2+0x1fd/0x410 kernel/trace/bpf_trace.c:2312
trace_contention_end+0x12f/0x170 include/trace/events/lock.h:122
__mutex_lock_common kernel/locking/mutex.c:612 [inline]
__mutex_lock+0x2ed/0xd80 kernel/locking/mutex.c:747
futex_cleanup_begin kernel/futex/core.c:1076 [inline]
futex_exit_release+0x30/0x1e0 kernel/futex/core.c:1128
exit_mm_release+0x16/0x30 kernel/fork.c:1505
exit_mm+0xa9/0x300 kernel/exit.c:535
do_exit+0x9f6/0x26a0 kernel/exit.c:856
do_group_exit+0x202/0x2b0 kernel/exit.c:1019
__do_sys_exit_group kernel/exit.c:1030 [inline]
__se_sys_exit_group kernel/exit.c:1028 [inline]
__x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1028
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x63/0xcd
INITIAL USE at:
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:178
sock_hash_delete_elem+0xac/0x2f0 net/core/sock_map.c:932
0xffffffffa0001ff2
bpf_dispatcher_nop_func include/linux/bpf.h:989 [inline]
__bpf_prog_run include/linux/filter.h:603 [inline]
bpf_prog_run include/linux/filter.h:610 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2273 [inline]
bpf_trace_run2+0x1fd/0x410 kernel/trace/bpf_trace.c:2312
trace_contention_end+0x12f/0x170 include/trace/events/lock.h:122
__mutex_lock_common kernel/locking/mutex.c:612 [inline]
__mutex_lock+0x2ed/0xd80 kernel/locking/mutex.c:747
futex_cleanup_begin kernel/futex/core.c:1076 [inline]
futex_exit_release+0x30/0x1e0 kernel/futex/core.c:1128
exit_mm_release+0x16/0x30 kernel/fork.c:1505
exit_mm+0xa9/0x300 kernel/exit.c:535
do_exit+0x9f6/0x26a0 kernel/exit.c:856
do_group_exit+0x202/0x2b0 kernel/exit.c:1019
__do_sys_exit_group kernel/exit.c:1030 [inline]
__se_sys_exit_group kernel/exit.c:1028 [inline]
__x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1028
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x63/0xcd
}
... key at: [<ffffffff920b1340>] sock_hash_alloc.__key+0x0/0x20
... acquired at:
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:178
sock_hash_delete_elem+0xac/0x2f0 net/core/sock_map.c:932
bpf_prog_2c29ac5cdc6b1842+0x3a/0x3e
bpf_dispatcher_nop_func include/linux/bpf.h:989 [inline]
__bpf_prog_run include/linux/filter.h:603 [inline]
bpf_prog_run include/linux/filter.h:610 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2273 [inline]
bpf_trace_run2+0x1fd/0x410 kernel/trace/bpf_trace.c:2312
trace_contention_end+0x14c/0x190 include/trace/events/lock.h:122
__pv_queued_spin_lock_slowpath+0x935/0xc50 kernel/locking/qspinlock.c:560
pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:591 [inline]
queued_spin_lock_slowpath+0x42/0x50 arch/x86/include/asm/qspinlock.h:51
queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
do_raw_spin_lock+0x269/0x370 kernel/locking/spinlock_debug.c:115
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:111 [inline]
_raw_spin_lock_irqsave+0xdd/0x120 kernel/locking/spinlock.c:162
finish_swait+0xc4/0x1e0 kernel/sched/swait.c:139
synchronize_rcu_expedited_wait_once kernel/rcu/tree_exp.h:580 [inline]
synchronize_rcu_expedited_wait kernel/rcu/tree_exp.h:631 [inline]
rcu_exp_wait_wake kernel/rcu/tree_exp.h:699 [inline]
rcu_exp_sel_wait_wake+0x7ba/0x1d50 kernel/rcu/tree_exp.h:733
process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292
worker_thread+0xa47/0x1200 kernel/workqueue.c:2439
kthread+0x28d/0x320 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:307
stack backtrace:
CPU: 0 PID: 7 Comm: kworker/0:0 Not tainted 6.1.84-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Workqueue: rcu_gp wait_rcu_exp_gp
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
print_bad_irq_dependency kernel/locking/lockdep.c:2604 [inline]
check_irq_usage kernel/locking/lockdep.c:2843 [inline]
check_prev_add kernel/locking/lockdep.c:3094 [inline]
check_prevs_add kernel/locking/lockdep.c:3209 [inline]
validate_chain+0x4d16/0x5950 kernel/locking/lockdep.c:3825
__lock_acquire+0x125b/0x1f80 kernel/locking/lockdep.c:5049
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:178
sock_hash_delete_elem+0xac/0x2f0 net/core/sock_map.c:932
bpf_prog_2c29ac5cdc6b1842+0x3a/0x3e
bpf_dispatcher_nop_func include/linux/bpf.h:989 [inline]
__bpf_prog_run include/linux/filter.h:603 [inline]
bpf_prog_run include/linux/filter.h:610 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2273 [inline]
bpf_trace_run2+0x1fd/0x410 kernel/trace/bpf_trace.c:2312
trace_contention_end+0x14c/0x190 include/trace/events/lock.h:122
__pv_queued_spin_lock_slowpath+0x935/0xc50 kernel/locking/qspinlock.c:560
pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:591 [inline]
queued_spin_lock_slowpath+0x42/0x50 arch/x86/include/asm/qspinlock.h:51
queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
do_raw_spin_lock+0x269/0x370 kernel/locking/spinlock_debug.c:115
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:111 [inline]
_raw_spin_lock_irqsave+0xdd/0x120 kernel/locking/spinlock.c:162
finish_swait+0xc4/0x1e0 kernel/sched/swait.c:139
synchronize_rcu_expedited_wait_once kernel/rcu/tree_exp.h:580 [inline]
synchronize_rcu_expedited_wait kernel/rcu/tree_exp.h:631 [inline]
rcu_exp_wait_wake kernel/rcu/tree_exp.h:699 [inline]
rcu_exp_sel_wait_wake+0x7ba/0x1d50 kernel/rcu/tree_exp.h:733
process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292
worker_thread+0xa47/0x1200 kernel/workqueue.c:2439
kthread+0x28d/0x320 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:307
</TASK>
------------[ cut here ]------------
raw_local_irq_restore() called with IRQs enabled
WARNING: CPU: 0 PID: 7 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x1d/0x20 kernel/locking/irqflag-debug.c:10
Modules linked in:
CPU: 0 PID: 7 Comm: kworker/0:0 Not tainted 6.1.84-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Workqueue: rcu_gp wait_rcu_exp_gp
RIP: 0010:warn_bogus_irq_restore+0x1d/0x20 kernel/locking/irqflag-debug.c:10
Code: 24 48 c7 c7 00 bc ea 8a e8 6c f5 fd ff 80 3d 2f 5b d5 03 00 74 01 c3 c6 05 25 5b d5 03 01 48 c7 c7 60 e6 eb 8a e8 23 64 c8 f6 <0f> 0b c3 41 56 53 48 83 ec 10 65 48 8b 04 25 28 00 00 00 48 89 44
RSP: 0018:ffffc900000c7a58 EFLAGS: 00010246
RAX: 7553e30b0eaadc00 RBX: 1ffff92000018f50 RCX: ffff88813fe5bb80
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc900000c7af0 R08: ffffffff81527eae R09: fffff52000018ead
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 1ffff92000018f4c R14: ffffc900000c7a80 R15: 0000000000000246
FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555637cca8 CR3: 000000007b960000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
_raw_spin_unlock_irqrestore+0x118/0x130 kernel/locking/spinlock.c:194
synchronize_rcu_expedited_wait_once kernel/rcu/tree_exp.h:580 [inline]
synchronize_rcu_expedited_wait kernel/rcu/tree_exp.h:631 [inline]
rcu_exp_wait_wake kernel/rcu/tree_exp.h:699 [inline]
rcu_exp_sel_wait_wake+0x7ba/0x1d50 kernel/rcu/tree_exp.h:733
process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292
worker_thread+0xa47/0x1200 kernel/workqueue.c:2439
kthread+0x28d/0x320 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:307
</TASK>