===================================================== WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted ----------------------------------------------------- syz-executor.2/7521 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire: ffff88805af9c200 (&stab->lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline] ffff88805af9c200 (&stab->lock){+...}-{2:2}, at: __sock_map_delete net/core/sock_map.c:414 [inline] ffff88805af9c200 (&stab->lock){+...}-{2:2}, at: sock_map_delete_elem+0x97/0x140 net/core/sock_map.c:446 and this task is already holding: ffff888016ebf020 ((worker)->lock){....}-{2:2}, at: kthread_queue_work+0x27/0x180 kernel/kthread.c:1019 which would create a new lock dependency: ((worker)->lock){....}-{2:2} -> (&stab->lock){+...}-{2:2} but this new dependency connects a HARDIRQ-irq-safe lock: (&pool->lock){-.-.}-{2:2} ... which became HARDIRQ-irq-safe at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 __queue_work+0x6ec/0xec0 queue_work_on+0x14f/0x250 kernel/workqueue.c:2435 hrtimer_switch_to_hres kernel/time/hrtimer.c:750 [inline] hrtimer_run_queues+0x154/0x460 kernel/time/hrtimer.c:1918 run_local_timers kernel/time/timer.c:2453 [inline] update_process_times+0x80/0x230 kernel/time/timer.c:2475 tick_periodic+0x190/0x220 kernel/time/tick-common.c:100 tick_handle_periodic+0x4a/0x160 kernel/time/tick-common.c:112 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline] __sysvec_apic_timer_interrupt+0x107/0x3a0 arch/x86/kernel/apic/apic.c:1049 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 console_flush_all+0xaad/0xfd0 console_unlock+0x13b/0x4d0 kernel/printk/printk.c:3042 vprintk_emit+0x5a6/0x770 kernel/printk/printk.c:2342 _printk+0xd5/0x120 kernel/printk/printk.c:2367 __clocksource_select+0x2f2/0x350 kernel/time/clocksource.c:1046 clocksource_select kernel/time/clocksource.c:1061 [inline] clocksource_done_booting+0x36/0x50 kernel/time/clocksource.c:1085 do_one_initcall+0x238/0x830 init/main.c:1241 do_initcall_level+0x157/0x210 init/main.c:1303 do_initcalls+0x3f/0x80 init/main.c:1319 kernel_init_freeable+0x435/0x5d0 init/main.c:1550 kernel_init+0x1d/0x2a0 init/main.c:1439 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 to a HARDIRQ-irq-unsafe lock: (&stab->lock){+...}-{2:2} ... which became HARDIRQ-irq-unsafe at: ... lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] __sock_map_delete net/core/sock_map.c:414 [inline] sock_map_delete_elem+0x97/0x140 net/core/sock_map.c:446 bpf_prog_d247abf228e51871+0x69/0x6d bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x204/0x420 kernel/trace/bpf_trace.c:2420 trace_sys_enter+0x75/0xb0 include/trace/events/syscalls.h:18 syscall_trace_enter+0xff/0x150 kernel/entry/common.c:61 syscall_enter_from_user_mode_work include/linux/entry-common.h:168 [inline] syscall_enter_from_user_mode include/linux/entry-common.h:198 [inline] do_syscall_64+0xcc/0x240 arch/x86/entry/common.c:79 entry_SYSCALL_64_after_hwframe+0x6d/0x75 other info that might help us debug this: Chain exists of: &pool->lock --> (worker)->lock --> &stab->lock Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&stab->lock); local_irq_disable(); lock(&pool->lock); lock((worker)->lock); lock(&pool->lock); *** DEADLOCK *** 4 locks held by syz-executor.2/7521: #0: ffffffff8f37b588 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline] #0: ffffffff8f37b588 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x10d0 net/core/rtnetlink.c:6592 #1: ffffffff8e1373b8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:291 [inline] #1: ffffffff8e1373b8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x39a/0x820 kernel/rcu/tree_exp.h:939 #2: ffff888016ebf020 ((worker)->lock){....}-{2:2}, at: kthread_queue_work+0x27/0x180 kernel/kthread.c:1019 #3: ffffffff8e132020 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline] #3: ffffffff8e132020 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline] #3: ffffffff8e132020 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2380 [inline] #3: ffffffff8e132020 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x114/0x420 kernel/trace/bpf_trace.c:2420 the dependencies between HARDIRQ-irq-safe lock and the holding lock: -> (&pool->lock){-.-.}-{2:2} { IN-HARDIRQ-W at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 __queue_work+0x6ec/0xec0 queue_work_on+0x14f/0x250 kernel/workqueue.c:2435 hrtimer_switch_to_hres kernel/time/hrtimer.c:750 [inline] hrtimer_run_queues+0x154/0x460 kernel/time/hrtimer.c:1918 run_local_timers kernel/time/timer.c:2453 [inline] update_process_times+0x80/0x230 kernel/time/timer.c:2475 tick_periodic+0x190/0x220 kernel/time/tick-common.c:100 tick_handle_periodic+0x4a/0x160 kernel/time/tick-common.c:112 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline] __sysvec_apic_timer_interrupt+0x107/0x3a0 arch/x86/kernel/apic/apic.c:1049 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 console_flush_all+0xaad/0xfd0 console_unlock+0x13b/0x4d0 kernel/printk/printk.c:3042 vprintk_emit+0x5a6/0x770 kernel/printk/printk.c:2342 _printk+0xd5/0x120 kernel/printk/printk.c:2367 __clocksource_select+0x2f2/0x350 kernel/time/clocksource.c:1046 clocksource_select kernel/time/clocksource.c:1061 [inline] clocksource_done_booting+0x36/0x50 kernel/time/clocksource.c:1085 do_one_initcall+0x238/0x830 init/main.c:1241 do_initcall_level+0x157/0x210 init/main.c:1303 do_initcalls+0x3f/0x80 init/main.c:1319 kernel_init_freeable+0x435/0x5d0 init/main.c:1550 kernel_init+0x1d/0x2a0 init/main.c:1439 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 IN-SOFTIRQ-W at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 __queue_work+0x6ec/0xec0 call_timer_fn+0x17e/0x600 kernel/time/timer.c:1792 expire_timers kernel/time/timer.c:1838 [inline] __run_timers kernel/time/timer.c:2408 [inline] __run_timer_base+0x695/0x8e0 kernel/time/timer.c:2419 run_timer_base kernel/time/timer.c:2428 [inline] run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2438 __do_softirq+0x2bc/0x943 kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633 irq_exit_rcu+0x9/0x30 kernel/softirq.c:645 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline] arch_safe_halt arch/x86/include/asm/irqflags.h:86 [inline] default_idle+0x13/0x20 arch/x86/kernel/process.c:742 default_idle_call+0x74/0xb0 kernel/sched/idle.c:117 cpuidle_idle_call kernel/sched/idle.c:191 [inline] do_idle+0x22f/0x5d0 kernel/sched/idle.c:332 cpu_startup_entry+0x42/0x60 kernel/sched/idle.c:430 rest_init+0x2e0/0x300 init/main.c:730 arch_call_rest_init+0xe/0x10 init/main.c:831 start_kernel+0x47a/0x500 init/main.c:1077 x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:509 x86_64_start_kernel+0x99/0xa0 arch/x86/kernel/head64.c:490 common_startup_64+0x13e/0x147 INITIAL USE at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 __queue_work+0x6ec/0xec0 queue_work_on+0x14f/0x250 kernel/workqueue.c:2435 queue_work include/linux/workqueue.h:605 [inline] start_poll_synchronize_rcu_expedited+0xf7/0x150 kernel/rcu/tree_exp.h:1017 rcu_init+0xea/0x140 kernel/rcu/tree.c:5240 start_kernel+0x1f7/0x500 init/main.c:969 x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:509 x86_64_start_kernel+0x99/0xa0 arch/x86/kernel/head64.c:490 common_startup_64+0x13e/0x147 } ... key at: [] init_worker_pool.__key+0x0/0x20 -> ((worker)->lock){....}-{2:2} { INITIAL USE at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_irq include/linux/spinlock_api_smp.h:119 [inline] _raw_spin_lock_irq+0xd3/0x120 kernel/locking/spinlock.c:170 kthread_worker_fn+0x236/0xab0 kernel/kthread.c:828 kthread+0x2f0/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 } ... key at: [] __kthread_create_worker.__key+0x0/0x20 ... acquired at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 kthread_queue_work+0x27/0x180 kernel/kthread.c:1019 put_pwq kernel/workqueue.c:1642 [inline] put_pwq_unlocked+0x12a/0x190 kernel/workqueue.c:1659 apply_wqattrs_cleanup kernel/workqueue.c:5098 [inline] apply_workqueue_attrs_locked+0x132/0x210 kernel/workqueue.c:5219 apply_workqueue_attrs+0x30/0x50 kernel/workqueue.c:5249 padata_setup_cpumasks kernel/padata.c:435 [inline] padata_alloc+0x22b/0x370 kernel/padata.c:1014 pcrypt_init_padata+0x27/0x100 crypto/pcrypt.c:327 pcrypt_init+0x65/0xe0 crypto/pcrypt.c:352 do_one_initcall+0x238/0x830 init/main.c:1241 do_initcall_level+0x157/0x210 init/main.c:1303 do_initcalls+0x3f/0x80 init/main.c:1319 kernel_init_freeable+0x435/0x5d0 init/main.c:1550 kernel_init+0x1d/0x2a0 init/main.c:1439 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 the dependencies between the lock to be acquired and HARDIRQ-irq-unsafe lock: -> (&stab->lock){+...}-{2:2} { HARDIRQ-ON-W at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] __sock_map_delete net/core/sock_map.c:414 [inline] sock_map_delete_elem+0x97/0x140 net/core/sock_map.c:446 bpf_prog_d247abf228e51871+0x69/0x6d bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x204/0x420 kernel/trace/bpf_trace.c:2420 trace_sys_enter+0x75/0xb0 include/trace/events/syscalls.h:18 syscall_trace_enter+0xff/0x150 kernel/entry/common.c:61 syscall_enter_from_user_mode_work include/linux/entry-common.h:168 [inline] syscall_enter_from_user_mode include/linux/entry-common.h:198 [inline] do_syscall_64+0xcc/0x240 arch/x86/entry/common.c:79 entry_SYSCALL_64_after_hwframe+0x6d/0x75 INITIAL USE at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] __sock_map_delete net/core/sock_map.c:414 [inline] sock_map_delete_elem+0x97/0x140 net/core/sock_map.c:446 bpf_prog_d247abf228e51871+0x69/0x6d bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x204/0x420 kernel/trace/bpf_trace.c:2420 trace_sys_enter+0x75/0xb0 include/trace/events/syscalls.h:18 syscall_trace_enter+0xff/0x150 kernel/entry/common.c:61 syscall_enter_from_user_mode_work include/linux/entry-common.h:168 [inline] syscall_enter_from_user_mode include/linux/entry-common.h:198 [inline] do_syscall_64+0xcc/0x240 arch/x86/entry/common.c:79 entry_SYSCALL_64_after_hwframe+0x6d/0x75 } ... key at: [] sock_map_alloc.__key+0x0/0x20 ... acquired at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] __sock_map_delete net/core/sock_map.c:414 [inline] sock_map_delete_elem+0x97/0x140 net/core/sock_map.c:446 bpf_prog_d247abf228e51871+0x69/0x6d bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x204/0x420 kernel/trace/bpf_trace.c:2420 trace_sched_kthread_work_queue_work include/trace/events/sched.h:64 [inline] kthread_insert_work+0x3f4/0x460 kernel/kthread.c:993 kthread_queue_work+0xff/0x180 kernel/kthread.c:1021 synchronize_rcu_expedited_queue_work kernel/rcu/tree_exp.h:469 [inline] synchronize_rcu_expedited+0x593/0x820 kernel/rcu/tree_exp.h:949 synchronize_net net/core/dev.c:11004 [inline] netif_set_real_num_tx_queues+0x4e7/0x900 net/core/dev.c:2906 veth_init_queues drivers/net/veth.c:1772 [inline] veth_newlink+0x915/0xcd0 drivers/net/veth.c:1889 rtnl_newlink_create net/core/rtnetlink.c:3494 [inline] __rtnl_newlink net/core/rtnetlink.c:3714 [inline] rtnl_newlink+0x158f/0x20a0 net/core/rtnetlink.c:3727 rtnetlink_rcv_msg+0x89b/0x10d0 net/core/rtnetlink.c:6595 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2559 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline] netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1361 netlink_sendmsg+0x8e1/0xcb0 net/netlink/af_netlink.c:1905 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:745 __sys_sendto+0x3a4/0x4f0 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [inline] __se_sys_sendto net/socket.c:2199 [inline] __x64_sys_sendto+0xde/0x100 net/socket.c:2199 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 stack backtrace: CPU: 1 PID: 7521 Comm: syz-executor.2 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_bad_irq_dependency kernel/locking/lockdep.c:2626 [inline] check_irq_usage kernel/locking/lockdep.c:2865 [inline] check_prev_add kernel/locking/lockdep.c:3138 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline] validate_chain+0x4dc7/0x58e0 kernel/locking/lockdep.c:3869 __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137 lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] __sock_map_delete net/core/sock_map.c:414 [inline] sock_map_delete_elem+0x97/0x140 net/core/sock_map.c:446 bpf_prog_d247abf228e51871+0x69/0x6d bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x204/0x420 kernel/trace/bpf_trace.c:2420 trace_sched_kthread_work_queue_work include/trace/events/sched.h:64 [inline] kthread_insert_work+0x3f4/0x460 kernel/kthread.c:993 kthread_queue_work+0xff/0x180 kernel/kthread.c:1021 synchronize_rcu_expedited_queue_work kernel/rcu/tree_exp.h:469 [inline] synchronize_rcu_expedited+0x593/0x820 kernel/rcu/tree_exp.h:949 synchronize_net net/core/dev.c:11004 [inline] netif_set_real_num_tx_queues+0x4e7/0x900 net/core/dev.c:2906 veth_init_queues drivers/net/veth.c:1772 [inline] veth_newlink+0x915/0xcd0 drivers/net/veth.c:1889 rtnl_newlink_create net/core/rtnetlink.c:3494 [inline] __rtnl_newlink net/core/rtnetlink.c:3714 [inline] rtnl_newlink+0x158f/0x20a0 net/core/rtnetlink.c:3727 rtnetlink_rcv_msg+0x89b/0x10d0 net/core/rtnetlink.c:6595 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2559 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline] netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1361 netlink_sendmsg+0x8e1/0xcb0 net/netlink/af_netlink.c:1905 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:745 __sys_sendto+0x3a4/0x4f0 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [inline] __se_sys_sendto net/socket.c:2199 [inline] __x64_sys_sendto+0xde/0x100 net/socket.c:2199 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 RIP: 0033:0x7fd45d07fb5c Code: 1a 51 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 60 51 02 00 48 8b RSP: 002b:00007ffd3c6b0500 EFLAGS: 00000293 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007fd45dcd4620 RCX: 00007fd45d07fb5c RDX: 0000000000000064 RSI: 00007fd45dcd4670 RDI: 0000000000000003 RBP: 0000000000000000 R08: 00007ffd3c6b0554 R09: 000000000000000c R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 R13: 0000000000000000 R14: 00007fd45dcd4670 R15: 0000000000000000 ------------[ cut here ]------------ raw_local_irq_restore() called with IRQs enabled WARNING: CPU: 1 PID: 7521 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x29/0x40 kernel/locking/irqflag-debug.c:10 Modules linked in: CPU: 1 PID: 7521 Comm: syz-executor.2 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:warn_bogus_irq_restore+0x29/0x40 kernel/locking/irqflag-debug.c:10 Code: 90 f3 0f 1e fa 90 80 3d bd 16 05 04 00 74 06 90 c3 cc cc cc cc c6 05 ae 16 05 04 01 90 48 c7 c7 e0 b9 aa 8b e8 88 34 ec f5 90 <0f> 0b 90 90 90 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f RSP: 0018:ffffc9000388e9b8 EFLAGS: 00010246 RAX: b719a507c1ab1700 RBX: 1ffff92000711d3c RCX: ffff88802ae79e00 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000388ea50 R08: ffffffff8157cb22 R09: fffffbfff1bf9650 R10: dffffc0000000000 R11: fffffbfff1bf9650 R12: dffffc0000000000 R13: 1ffff92000711d38 R14: ffffc9000388e9e0 R15: 0000000000000246 FS: 000055558c8a1480(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f20e156f440 CR3: 0000000067c6e000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline] _raw_spin_unlock_irqrestore+0x120/0x140 kernel/locking/spinlock.c:194 kthread_queue_work+0x110/0x180 kernel/kthread.c:1024 synchronize_rcu_expedited_queue_work kernel/rcu/tree_exp.h:469 [inline] synchronize_rcu_expedited+0x593/0x820 kernel/rcu/tree_exp.h:949 synchronize_net net/core/dev.c:11004 [inline] netif_set_real_num_tx_queues+0x4e7/0x900 net/core/dev.c:2906 veth_init_queues drivers/net/veth.c:1772 [inline] veth_newlink+0x915/0xcd0 drivers/net/veth.c:1889 rtnl_newlink_create net/core/rtnetlink.c:3494 [inline] __rtnl_newlink net/core/rtnetlink.c:3714 [inline] rtnl_newlink+0x158f/0x20a0 net/core/rtnetlink.c:3727 rtnetlink_rcv_msg+0x89b/0x10d0 net/core/rtnetlink.c:6595 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2559 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline] netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1361 netlink_sendmsg+0x8e1/0xcb0 net/netlink/af_netlink.c:1905 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:745 __sys_sendto+0x3a4/0x4f0 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [inline] __se_sys_sendto net/socket.c:2199 [inline] __x64_sys_sendto+0xde/0x100 net/socket.c:2199 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 RIP: 0033:0x7fd45d07fb5c Code: 1a 51 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 60 51 02 00 48 8b RSP: 002b:00007ffd3c6b0500 EFLAGS: 00000293 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007fd45dcd4620 RCX: 00007fd45d07fb5c RDX: 0000000000000064 RSI: 00007fd45dcd4670 RDI: 0000000000000003 RBP: 0000000000000000 R08: 00007ffd3c6b0554 R09: 000000000000000c R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 R13: 0000000000000000 R14: 00007fd45dcd4670 R15: 0000000000000000