===================================================== WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected 5.15.153-syzkaller #0 Not tainted ----------------------------------------------------- kworker/1:3/3303 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire: ffff888079c34020 (&htab->buckets[i].lock){+...}-{2:2}, at: sock_hash_delete_elem+0xac/0x2f0 net/core/sock_map.c:937 and this task is already holding: ffff8880b9a3a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140 kernel/sched/core.c:475 which would create a new lock dependency: (&rq->__lock){-.-.}-{2:2} -> (&htab->buckets[i].lock){+...}-{2:2} but this new dependency connects a HARDIRQ-irq-safe lock: (&rq->__lock){-.-.}-{2:2} ... which became HARDIRQ-irq-safe at: lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623 _raw_spin_lock_nested+0x2d/0x40 kernel/locking/spinlock.c:368 raw_spin_rq_lock_nested+0x26/0x140 kernel/sched/core.c:475 raw_spin_rq_lock kernel/sched/sched.h:1326 [inline] rq_lock kernel/sched/sched.h:1621 [inline] scheduler_tick+0x97/0x500 kernel/sched/core.c:5296 update_process_times+0x1ca/0x200 kernel/time/timer.c:1793 tick_periodic+0x197/0x210 kernel/time/tick-common.c:100 tick_handle_periodic+0x46/0x150 kernel/time/tick-common.c:112 timer_interrupt+0x4d/0x60 arch/x86/kernel/time.c:57 __handle_irq_event_percpu+0x292/0xa70 kernel/irq/handle.c:156 handle_irq_event_percpu kernel/irq/handle.c:196 [inline] handle_irq_event+0xff/0x2b0 kernel/irq/handle.c:213 handle_level_irq+0x3ab/0x6c0 kernel/irq/chip.c:653 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq arch/x86/kernel/irq.c:231 [inline] __common_interrupt+0xd7/0x1f0 arch/x86/kernel/irq.c:250 common_interrupt+0x9f/0xc0 arch/x86/kernel/irq.c:240 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:629 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:161 [inline] _raw_spin_unlock_irqrestore+0xd4/0x130 kernel/locking/spinlock.c:194 __setup_irq+0x1302/0x1d90 kernel/irq/manage.c:1817 request_threaded_irq+0x2a7/0x380 kernel/irq/manage.c:2206 request_irq include/linux/interrupt.h:168 [inline] setup_default_timer_irq+0x1f/0x30 arch/x86/kernel/time.c:70 x86_late_time_init+0x51/0x86 arch/x86/kernel/time.c:94 start_kernel+0x40a/0x535 init/main.c:1101 secondary_startup_64_no_verify+0xb1/0xbb to a HARDIRQ-irq-unsafe lock: (&htab->buckets[i].lock){+...}-{2:2} ... which became HARDIRQ-irq-unsafe at: ... lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:178 sock_hash_free+0x14c/0x780 net/core/sock_map.c:1154 process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310 worker_thread+0xaca/0x1280 kernel/workqueue.c:2457 kthread+0x3f6/0x4f0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298 other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&htab->buckets[i].lock); local_irq_disable(); lock(&rq->__lock); lock(&htab->buckets[i].lock); lock(&rq->__lock); *** DEADLOCK *** 3 locks held by kworker/1:3/3303: #0: ffffffff8c91f720 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 #1: ffff8880b9a3a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140 kernel/sched/core.c:475 #2: ffffffff8c91f720 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311 the dependencies between HARDIRQ-irq-safe lock and the holding lock: -> (&rq->__lock){-.-.}-{2:2} { IN-HARDIRQ-W at: lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623 _raw_spin_lock_nested+0x2d/0x40 kernel/locking/spinlock.c:368 raw_spin_rq_lock_nested+0x26/0x140 kernel/sched/core.c:475 raw_spin_rq_lock kernel/sched/sched.h:1326 [inline] rq_lock kernel/sched/sched.h:1621 [inline] scheduler_tick+0x97/0x500 kernel/sched/core.c:5296 update_process_times+0x1ca/0x200 kernel/time/timer.c:1793 tick_periodic+0x197/0x210 kernel/time/tick-common.c:100 tick_handle_periodic+0x46/0x150 kernel/time/tick-common.c:112 timer_interrupt+0x4d/0x60 arch/x86/kernel/time.c:57 __handle_irq_event_percpu+0x292/0xa70 kernel/irq/handle.c:156 handle_irq_event_percpu kernel/irq/handle.c:196 [inline] handle_irq_event+0xff/0x2b0 kernel/irq/handle.c:213 handle_level_irq+0x3ab/0x6c0 kernel/irq/chip.c:653 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq arch/x86/kernel/irq.c:231 [inline] __common_interrupt+0xd7/0x1f0 arch/x86/kernel/irq.c:250 common_interrupt+0x9f/0xc0 arch/x86/kernel/irq.c:240 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:629 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:161 [inline] _raw_spin_unlock_irqrestore+0xd4/0x130 kernel/locking/spinlock.c:194 __setup_irq+0x1302/0x1d90 kernel/irq/manage.c:1817 request_threaded_irq+0x2a7/0x380 kernel/irq/manage.c:2206 request_irq include/linux/interrupt.h:168 [inline] setup_default_timer_irq+0x1f/0x30 arch/x86/kernel/time.c:70 x86_late_time_init+0x51/0x86 arch/x86/kernel/time.c:94 start_kernel+0x40a/0x535 init/main.c:1101 secondary_startup_64_no_verify+0xb1/0xbb IN-SOFTIRQ-W at: lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623 _raw_spin_lock_nested+0x2d/0x40 kernel/locking/spinlock.c:368 raw_spin_rq_lock_nested+0x26/0x140 kernel/sched/core.c:475 raw_spin_rq_lock kernel/sched/sched.h:1326 [inline] rq_lock kernel/sched/sched.h:1621 [inline] ttwu_queue kernel/sched/core.c:3821 [inline] try_to_wake_up+0x6dd/0x1300 kernel/sched/core.c:4146 call_timer_fn+0x16d/0x560 kernel/time/timer.c:1421 expire_timers kernel/time/timer.c:1466 [inline] __run_timers+0x67c/0x890 kernel/time/timer.c:1737 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1750 __do_softirq+0x3b3/0x93a kernel/softirq.c:558 invoke_softirq kernel/softirq.c:432 [inline] __irq_exit_rcu+0x155/0x240 kernel/softirq.c:637 irq_exit_rcu+0x5/0x20 kernel/softirq.c:649 sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1096 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:638 native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline] arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline] default_idle+0xb/0x10 arch/x86/kernel/process.c:717 default_idle_call+0x81/0xc0 kernel/sched/idle.c:112 cpuidle_idle_call kernel/sched/idle.c:194 [inline] do_idle+0x271/0x670 kernel/sched/idle.c:306 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:403 start_kernel+0x48c/0x535 init/main.c:1138 secondary_startup_64_no_verify+0xb1/0xbb INITIAL USE at: lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623 _raw_spin_lock_nested+0x2d/0x40 kernel/locking/spinlock.c:368 raw_spin_rq_lock_nested+0x26/0x140 kernel/sched/core.c:475 raw_spin_rq_lock kernel/sched/sched.h:1326 [inline] _raw_spin_rq_lock_irqsave kernel/sched/sched.h:1345 [inline] rq_attach_root+0xec/0x440 kernel/sched/topology.c:470 sched_init+0x6a4/0xbdd kernel/sched/core.c:9502 start_kernel+0x1b6/0x535 init/main.c:1007 secondary_startup_64_no_verify+0xb1/0xbb } ... key at: [] sched_init.__key+0x0/0x20 the dependencies between the lock to be acquired and HARDIRQ-irq-unsafe lock: -> (&htab->buckets[i].lock){+...}-{2:2} { HARDIRQ-ON-W at: lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:178 sock_hash_free+0x14c/0x780 net/core/sock_map.c:1154 process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310 worker_thread+0xaca/0x1280 kernel/workqueue.c:2457 kthread+0x3f6/0x4f0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298 INITIAL USE at: lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:178 sock_hash_free+0x14c/0x780 net/core/sock_map.c:1154 process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310 worker_thread+0xaca/0x1280 kernel/workqueue.c:2457 kthread+0x3f6/0x4f0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298 } ... key at: [] sock_hash_alloc.__key+0x0/0x20 ... acquired at: lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:178 sock_hash_delete_elem+0xac/0x2f0 net/core/sock_map.c:937 bpf_prog_2e01b746faa822d9+0x42/0x94 bpf_dispatcher_nop_func include/linux/bpf.h:785 [inline] __bpf_prog_run include/linux/filter.h:628 [inline] bpf_prog_run include/linux/filter.h:635 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:1880 [inline] bpf_trace_run2+0x19e/0x340 kernel/trace/bpf_trace.c:1917 trace_sched_migrate_task include/trace/events/sched.h:271 [inline] set_task_cpu+0x40f/0x480 kernel/sched/core.c:3068 detach_task kernel/sched/fair.c:8107 [inline] detach_tasks kernel/sched/fair.c:8244 [inline] load_balance+0x52f0/0x7c60 kernel/sched/fair.c:10237 newidle_balance+0x4d4/0xef0 kernel/sched/fair.c:11212 pick_next_task_fair+0x27d/0x9c0 kernel/sched/fair.c:7608 __pick_next_task kernel/sched/core.c:5650 [inline] pick_next_task kernel/sched/core.c:5758 [inline] __schedule+0x86d/0x45b0 kernel/sched/core.c:6340 schedule+0x11b/0x1f0 kernel/sched/core.c:6459 worker_thread+0xf56/0x1280 kernel/workqueue.c:2478 kthread+0x3f6/0x4f0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298 stack backtrace: CPU: 1 PID: 3303 Comm: kworker/1:3 Not tainted 5.15.153-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 Workqueue: 0x0 (events) Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 print_bad_irq_dependency kernel/locking/lockdep.c:2567 [inline] check_irq_usage kernel/locking/lockdep.c:2806 [inline] check_prev_add kernel/locking/lockdep.c:3057 [inline] check_prevs_add kernel/locking/lockdep.c:3172 [inline] validate_chain+0x4d01/0x5930 kernel/locking/lockdep.c:3788 __lock_acquire+0x1295/0x1ff0 kernel/locking/lockdep.c:5012 lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:178 sock_hash_delete_elem+0xac/0x2f0 net/core/sock_map.c:937 bpf_prog_2e01b746faa822d9+0x42/0x94 bpf_dispatcher_nop_func include/linux/bpf.h:785 [inline] __bpf_prog_run include/linux/filter.h:628 [inline] bpf_prog_run include/linux/filter.h:635 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:1880 [inline] bpf_trace_run2+0x19e/0x340 kernel/trace/bpf_trace.c:1917 trace_sched_migrate_task include/trace/events/sched.h:271 [inline] set_task_cpu+0x40f/0x480 kernel/sched/core.c:3068 detach_task kernel/sched/fair.c:8107 [inline] detach_tasks kernel/sched/fair.c:8244 [inline] load_balance+0x52f0/0x7c60 kernel/sched/fair.c:10237 newidle_balance+0x4d4/0xef0 kernel/sched/fair.c:11212 pick_next_task_fair+0x27d/0x9c0 kernel/sched/fair.c:7608 __pick_next_task kernel/sched/core.c:5650 [inline] pick_next_task kernel/sched/core.c:5758 [inline] __schedule+0x86d/0x45b0 kernel/sched/core.c:6340 schedule+0x11b/0x1f0 kernel/sched/core.c:6459 worker_thread+0xf56/0x1280 kernel/workqueue.c:2478 kthread+0x3f6/0x4f0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298 ------------[ cut here ]------------ raw_local_irq_restore() called with IRQs enabled WARNING: CPU: 1 PID: 3303 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x1d/0x20 kernel/locking/irqflag-debug.c:10 Modules linked in: CPU: 1 PID: 3303 Comm: kworker/1:3 Not tainted 5.15.153-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 Workqueue: 0x0 (events) RIP: 0010:warn_bogus_irq_restore+0x1d/0x20 kernel/locking/irqflag-debug.c:10 Code: 24 48 c7 c7 a0 d1 89 8a e8 6c d1 fe ff 80 3d fc 56 b4 03 00 74 01 c3 c6 05 f2 56 b4 03 01 48 c7 c7 80 0c 8b 8a e8 13 ec 2f f7 <0f> 0b c3 41 56 53 48 83 ec 10 65 48 8b 04 25 28 00 00 00 48 89 44 RSP: 0018:ffffc90002e37378 EFLAGS: 00010246 RAX: 180d489c3696a300 RBX: 1ffff920005c6f20 RCX: ffff88801bf75940 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffffc90002e37a10 R08: ffffffff8166661c R09: fffffbfff1bc72a6 R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc90002e37938 R13: ffffc90002e37978 R14: 0000000000000000 R15: ffff8880b9b3a300 FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005555563a0ca8 CR3: 0000000077301000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: load_balance+0x5b6f/0x7c60 kernel/sched/fair.c:10254 newidle_balance+0x4d4/0xef0 kernel/sched/fair.c:11212 pick_next_task_fair+0x27d/0x9c0 kernel/sched/fair.c:7608 __pick_next_task kernel/sched/core.c:5650 [inline] pick_next_task kernel/sched/core.c:5758 [inline] __schedule+0x86d/0x45b0 kernel/sched/core.c:6340 schedule+0x11b/0x1f0 kernel/sched/core.c:6459 worker_thread+0xf56/0x1280 kernel/workqueue.c:2478 kthread+0x3f6/0x4f0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298