===================================================== WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted ----------------------------------------------------- syz-executor.1/5087 [HC0[0]:SC1[3]:HE0:SE0] is trying to acquire: ffff888057c7e820 (&htab->buckets[i].lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline] ffff888057c7e820 (&htab->buckets[i].lock){+.-.}-{2:2}, at: sock_hash_delete_elem+0xcb/0x260 net/core/sock_map.c:939 and this task is already holding: ffff8880b943d618 (&pool->lock){-.-.}-{2:2}, at: __queue_work+0x39e/0x1170 kernel/workqueue.c:2360 which would create a new lock dependency: (&pool->lock){-.-.}-{2:2} -> (&htab->buckets[i].lock){+.-.}-{2:2} but this new dependency connects a HARDIRQ-irq-safe lock: (&pool->lock){-.-.}-{2:2} ... which became HARDIRQ-irq-safe at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 __queue_work+0x39e/0x1170 kernel/workqueue.c:2360 queue_work_on+0xf4/0x120 kernel/workqueue.c:2435 tick_nohz_activate kernel/time/tick-sched.c:1491 [inline] tick_setup_sched_timer+0x47c/0x790 kernel/time/tick-sched.c:1592 hrtimer_switch_to_hres kernel/time/hrtimer.c:750 [inline] hrtimer_run_queues+0x33c/0x450 kernel/time/hrtimer.c:1918 run_local_timers kernel/time/timer.c:2453 [inline] update_process_times+0xcf/0x220 kernel/time/timer.c:2475 tick_periodic+0x7e/0x230 kernel/time/tick-common.c:100 tick_handle_periodic+0x45/0x120 kernel/time/tick-common.c:112 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline] __sysvec_apic_timer_interrupt+0x112/0x410 arch/x86/kernel/apic/apic.c:1049 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 get_current arch/x86/include/asm/current.h:49 [inline] __sanitizer_cov_trace_pc+0xc/0x60 kernel/kcov.c:206 update_event_printk kernel/trace/trace_events.c:2750 [inline] trace_event_eval_update+0x2dc/0xfe0 kernel/trace/trace_events.c:2922 trace_insert_eval_map kernel/trace/trace.c:6294 [inline] eval_map_work_func+0x3d/0x50 kernel/trace/trace.c:10069 process_one_work+0x9ac/0x1a60 kernel/workqueue.c:3254 process_scheduled_works kernel/workqueue.c:3335 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3416 kthread+0x2c4/0x3a0 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 to a HARDIRQ-irq-unsafe lock: (&htab->buckets[i].lock){+.-.}-{2:2} ... which became HARDIRQ-irq-unsafe at: ... lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_hash_delete_elem+0xcb/0x260 net/core/sock_map.c:939 0xffffffffa00021ce bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run3+0x16a/0x440 kernel/trace/bpf_trace.c:2421 trace_kmem_cache_free include/trace/events/kmem.h:114 [inline] kmem_cache_free+0x1d4/0x360 mm/slub.c:4343 security_file_free+0xae/0xe0 security/security.c:2739 file_free fs/file_table.c:65 [inline] __fput+0x3ea/0xb80 fs/file_table.c:435 __fput_sync+0x47/0x50 fs/file_table.c:507 __do_sys_close fs/open.c:1556 [inline] __se_sys_close fs/open.c:1541 [inline] __x64_sys_close+0x86/0x100 fs/open.c:1541 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd5/0x260 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6d/0x75 other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&htab->buckets[i].lock); local_irq_disable(); lock(&pool->lock); lock(&htab->buckets[i].lock); lock(&pool->lock); *** DEADLOCK *** 4 locks held by syz-executor.1/5087: #0: ffffc90000007cb0 (&(&hwstats->traffic_dw)->timer){..-.}-{0:0}, at: call_timer_fn+0x11a/0x5b0 kernel/time/timer.c:1789 #1: ffffffff8d7b49e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline] #1: ffffffff8d7b49e0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline] #1: ffffffff8d7b49e0 (rcu_read_lock){....}-{1:2}, at: __queue_work+0xf2/0x1170 kernel/workqueue.c:2324 #2: ffff8880b943d618 (&pool->lock){-.-.}-{2:2}, at: __queue_work+0x39e/0x1170 kernel/workqueue.c:2360 #3: ffffffff8d7b49e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline] #3: ffffffff8d7b49e0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline] #3: ffffffff8d7b49e0 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2380 [inline] #3: ffffffff8d7b49e0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run3+0xf8/0x440 kernel/trace/bpf_trace.c:2421 the dependencies between HARDIRQ-irq-safe lock and the holding lock: -> (&pool->lock){-.-.}-{2:2} { IN-HARDIRQ-W at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 __queue_work+0x39e/0x1170 kernel/workqueue.c:2360 queue_work_on+0xf4/0x120 kernel/workqueue.c:2435 tick_nohz_activate kernel/time/tick-sched.c:1491 [inline] tick_setup_sched_timer+0x47c/0x790 kernel/time/tick-sched.c:1592 hrtimer_switch_to_hres kernel/time/hrtimer.c:750 [inline] hrtimer_run_queues+0x33c/0x450 kernel/time/hrtimer.c:1918 run_local_timers kernel/time/timer.c:2453 [inline] update_process_times+0xcf/0x220 kernel/time/timer.c:2475 tick_periodic+0x7e/0x230 kernel/time/tick-common.c:100 tick_handle_periodic+0x45/0x120 kernel/time/tick-common.c:112 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline] __sysvec_apic_timer_interrupt+0x112/0x410 arch/x86/kernel/apic/apic.c:1049 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 get_current arch/x86/include/asm/current.h:49 [inline] __sanitizer_cov_trace_pc+0xc/0x60 kernel/kcov.c:206 update_event_printk kernel/trace/trace_events.c:2750 [inline] trace_event_eval_update+0x2dc/0xfe0 kernel/trace/trace_events.c:2922 trace_insert_eval_map kernel/trace/trace.c:6294 [inline] eval_map_work_func+0x3d/0x50 kernel/trace/trace.c:10069 process_one_work+0x9ac/0x1a60 kernel/workqueue.c:3254 process_scheduled_works kernel/workqueue.c:3335 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3416 kthread+0x2c4/0x3a0 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 IN-SOFTIRQ-W at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 __queue_work+0x39e/0x1170 kernel/workqueue.c:2360 call_timer_fn+0x1a3/0x5b0 kernel/time/timer.c:1792 expire_timers kernel/time/timer.c:1838 [inline] __run_timers+0x567/0xab0 kernel/time/timer.c:2408 __run_timer_base kernel/time/timer.c:2419 [inline] __run_timer_base kernel/time/timer.c:2412 [inline] run_timer_base+0x111/0x190 kernel/time/timer.c:2428 run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2438 __do_softirq+0x21b/0x8de kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:633 [inline] irq_exit_rcu+0xb9/0x120 kernel/softirq.c:645 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline] arch_safe_halt arch/x86/include/asm/irqflags.h:86 [inline] default_idle+0xf/0x20 arch/x86/kernel/process.c:742 default_idle_call+0x6d/0xb0 kernel/sched/idle.c:117 cpuidle_idle_call kernel/sched/idle.c:191 [inline] do_idle+0x32c/0x3f0 kernel/sched/idle.c:332 cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:430 rest_init+0x16f/0x2b0 init/main.c:730 arch_call_rest_init+0x13/0x40 init/main.c:831 start_kernel+0x3a3/0x490 init/main.c:1077 x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:509 x86_64_start_kernel+0xb2/0xc0 arch/x86/kernel/head64.c:490 common_startup_64+0x13e/0x148 INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 __queue_work+0x39e/0x1170 kernel/workqueue.c:2360 queue_work_on+0xf4/0x120 kernel/workqueue.c:2435 queue_work include/linux/workqueue.h:605 [inline] start_poll_synchronize_rcu_expedited+0x147/0x180 kernel/rcu/tree_exp.h:1017 rcu_init+0x1625/0x20c0 kernel/rcu/tree.c:5240 start_kernel+0x19e/0x490 init/main.c:969 x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:509 x86_64_start_kernel+0xb2/0xc0 arch/x86/kernel/head64.c:490 common_startup_64+0x13e/0x148 } ... key at: [] __key.17+0x0/0x40 the dependencies between the lock to be acquired and HARDIRQ-irq-unsafe lock: -> (&htab->buckets[i].lock){+.-.}-{2:2} { HARDIRQ-ON-W at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_hash_delete_elem+0xcb/0x260 net/core/sock_map.c:939 0xffffffffa00021ce bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run3+0x16a/0x440 kernel/trace/bpf_trace.c:2421 trace_kmem_cache_free include/trace/events/kmem.h:114 [inline] kmem_cache_free+0x1d4/0x360 mm/slub.c:4343 security_file_free+0xae/0xe0 security/security.c:2739 file_free fs/file_table.c:65 [inline] __fput+0x3ea/0xb80 fs/file_table.c:435 __fput_sync+0x47/0x50 fs/file_table.c:507 __do_sys_close fs/open.c:1556 [inline] __se_sys_close fs/open.c:1541 [inline] __x64_sys_close+0x86/0x100 fs/open.c:1541 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd5/0x260 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6d/0x75 IN-SOFTIRQ-W at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_hash_delete_elem+0xcb/0x260 net/core/sock_map.c:939 bpf_prog_2c29ac5cdc6b1842+0x42/0x4a bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run3+0x16a/0x440 kernel/trace/bpf_trace.c:2421 __bpf_trace_workqueue_queue_work+0x101/0x140 include/trace/events/workqueue.h:23 trace_workqueue_queue_work include/trace/events/workqueue.h:23 [inline] __queue_work+0x627/0x1170 kernel/workqueue.c:2382 call_timer_fn+0x1a3/0x5b0 kernel/time/timer.c:1792 expire_timers kernel/time/timer.c:1838 [inline] __run_timers+0x567/0xab0 kernel/time/timer.c:2408 __run_timer_base kernel/time/timer.c:2419 [inline] __run_timer_base kernel/time/timer.c:2412 [inline] run_timer_base+0x111/0x190 kernel/time/timer.c:2428 run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2438 __do_softirq+0x21b/0x8de kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:633 [inline] irq_exit_rcu+0xb9/0x120 kernel/softirq.c:645 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 get_current arch/x86/include/asm/current.h:49 [inline] write_comp_data+0x11/0x90 kernel/kcov.c:235 arch_stack_walk+0xef/0x170 arch/x86/kernel/stacktrace.c:27 stack_trace_save+0x95/0xd0 kernel/stacktrace.c:122 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:312 [inline] __kasan_slab_alloc+0x89/0x90 mm/kasan/common.c:338 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3798 [inline] slab_alloc_node mm/slub.c:3845 [inline] kmem_cache_alloc+0x136/0x320 mm/slub.c:3852 kmem_cache_zalloc include/linux/slab.h:739 [inline] lsm_inode_alloc security/security.c:670 [inline] security_inode_alloc+0x3e/0x240 security/security.c:1581 inode_init_always+0xc2f/0xf50 fs/inode.c:232 alloc_inode+0x7d/0x230 fs/inode.c:268 new_inode_pseudo+0x16/0x80 fs/inode.c:1007 sock_alloc+0x40/0x280 net/socket.c:634 __sock_create+0xc0/0x800 net/socket.c:1535 sock_create net/socket.c:1622 [inline] __sys_socket_create net/socket.c:1659 [inline] __sys_socket+0x14f/0x260 net/socket.c:1706 __do_sys_socket net/socket.c:1720 [inline] __se_sys_socket net/socket.c:1718 [inline] __x64_sys_socket+0x72/0xb0 net/socket.c:1718 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd5/0x260 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6d/0x75 INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_hash_delete_elem+0xcb/0x260 net/core/sock_map.c:939 0xffffffffa00021ce bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run3+0x16a/0x440 kernel/trace/bpf_trace.c:2421 trace_kmem_cache_free include/trace/events/kmem.h:114 [inline] kmem_cache_free+0x1d4/0x360 mm/slub.c:4343 putname+0x12e/0x170 fs/namei.c:273 user_path_at_empty+0x4c/0x60 fs/namei.c:2923 user_path_at include/linux/namei.h:57 [inline] do_fchmodat fs/open.c:696 [inline] __do_sys_fchmodat fs/open.c:717 [inline] __se_sys_fchmodat fs/open.c:714 [inline] __x64_sys_fchmodat+0x10d/0x1f0 fs/open.c:714 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd5/0x260 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6d/0x75 } ... key at: [] __key.0+0x0/0x40 ... acquired at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_hash_delete_elem+0xcb/0x260 net/core/sock_map.c:939 bpf_prog_2c29ac5cdc6b1842+0x42/0x4a bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run3+0x16a/0x440 kernel/trace/bpf_trace.c:2421 __bpf_trace_workqueue_queue_work+0x101/0x140 include/trace/events/workqueue.h:23 trace_workqueue_queue_work include/trace/events/workqueue.h:23 [inline] __queue_work+0x627/0x1170 kernel/workqueue.c:2382 call_timer_fn+0x1a3/0x5b0 kernel/time/timer.c:1792 expire_timers kernel/time/timer.c:1838 [inline] __run_timers+0x567/0xab0 kernel/time/timer.c:2408 __run_timer_base kernel/time/timer.c:2419 [inline] __run_timer_base kernel/time/timer.c:2412 [inline] run_timer_base+0x111/0x190 kernel/time/timer.c:2428 run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2438 __do_softirq+0x21b/0x8de kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:633 [inline] irq_exit_rcu+0xb9/0x120 kernel/softirq.c:645 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 get_current arch/x86/include/asm/current.h:49 [inline] write_comp_data+0x11/0x90 kernel/kcov.c:235 arch_stack_walk+0xef/0x170 arch/x86/kernel/stacktrace.c:27 stack_trace_save+0x95/0xd0 kernel/stacktrace.c:122 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:312 [inline] __kasan_slab_alloc+0x89/0x90 mm/kasan/common.c:338 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3798 [inline] slab_alloc_node mm/slub.c:3845 [inline] kmem_cache_alloc+0x136/0x320 mm/slub.c:3852 kmem_cache_zalloc include/linux/slab.h:739 [inline] lsm_inode_alloc security/security.c:670 [inline] security_inode_alloc+0x3e/0x240 security/security.c:1581 inode_init_always+0xc2f/0xf50 fs/inode.c:232 alloc_inode+0x7d/0x230 fs/inode.c:268 new_inode_pseudo+0x16/0x80 fs/inode.c:1007 sock_alloc+0x40/0x280 net/socket.c:634 __sock_create+0xc0/0x800 net/socket.c:1535 sock_create net/socket.c:1622 [inline] __sys_socket_create net/socket.c:1659 [inline] __sys_socket+0x14f/0x260 net/socket.c:1706 __do_sys_socket net/socket.c:1720 [inline] __se_sys_socket net/socket.c:1718 [inline] __x64_sys_socket+0x72/0xb0 net/socket.c:1718 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd5/0x260 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6d/0x75 stack backtrace: CPU: 0 PID: 5087 Comm: syz-executor.1 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114 print_bad_irq_dependency kernel/locking/lockdep.c:2626 [inline] check_irq_usage+0xe3c/0x1490 kernel/locking/lockdep.c:2865 check_prev_add kernel/locking/lockdep.c:3138 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline] validate_chain kernel/locking/lockdep.c:3869 [inline] __lock_acquire+0x248e/0x3b30 kernel/locking/lockdep.c:5137 lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_hash_delete_elem+0xcb/0x260 net/core/sock_map.c:939 bpf_prog_2c29ac5cdc6b1842+0x42/0x4a bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run3+0x16a/0x440 kernel/trace/bpf_trace.c:2421 __bpf_trace_workqueue_queue_work+0x101/0x140 include/trace/events/workqueue.h:23 trace_workqueue_queue_work include/trace/events/workqueue.h:23 [inline] __queue_work+0x627/0x1170 kernel/workqueue.c:2382 call_timer_fn+0x1a3/0x5b0 kernel/time/timer.c:1792 expire_timers kernel/time/timer.c:1838 [inline] __run_timers+0x567/0xab0 kernel/time/timer.c:2408 __run_timer_base kernel/time/timer.c:2419 [inline] __run_timer_base kernel/time/timer.c:2412 [inline] run_timer_base+0x111/0x190 kernel/time/timer.c:2428 run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2438 __do_softirq+0x21b/0x8de kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:633 [inline] irq_exit_rcu+0xb9/0x120 kernel/softirq.c:645 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:26 [inline] RIP: 0010:check_kcov_mode kernel/kcov.c:173 [inline] RIP: 0010:write_comp_data+0x11/0x90 kernel/kcov.c:236 Code: 48 09 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 49 89 d2 49 89 f8 49 89 f1 65 48 8b 15 9f 9e 75 7e <65> 8b 05 a0 9e 75 7e a9 00 01 ff 00 74 0f f6 c4 01 74 59 8b 82 14 RSP: 0018:ffffc90004387948 EFLAGS: 00000246 RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff8133f52f RDX: ffff88806c979e00 RSI: 0000000000000000 RDI: 0000000000000001 RBP: ffffc900043879e8 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: ffffc90004387958 R13: ffffffff817a17d0 R14: ffffc90004387a18 R15: ffff88806c979e00 arch_stack_walk+0xef/0x170 arch/x86/kernel/stacktrace.c:27 stack_trace_save+0x95/0xd0 kernel/stacktrace.c:122 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:312 [inline] __kasan_slab_alloc+0x89/0x90 mm/kasan/common.c:338 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3798 [inline] slab_alloc_node mm/slub.c:3845 [inline] kmem_cache_alloc+0x136/0x320 mm/slub.c:3852 kmem_cache_zalloc include/linux/slab.h:739 [inline] lsm_inode_alloc security/security.c:670 [inline] security_inode_alloc+0x3e/0x240 security/security.c:1581 inode_init_always+0xc2f/0xf50 fs/inode.c:232 alloc_inode+0x7d/0x230 fs/inode.c:268 new_inode_pseudo+0x16/0x80 fs/inode.c:1007 sock_alloc+0x40/0x280 net/socket.c:634 __sock_create+0xc0/0x800 net/socket.c:1535 sock_create net/socket.c:1622 [inline] __sys_socket_create net/socket.c:1659 [inline] __sys_socket+0x14f/0x260 net/socket.c:1706 __do_sys_socket net/socket.c:1720 [inline] __se_sys_socket net/socket.c:1718 [inline] __x64_sys_socket+0x72/0xb0 net/socket.c:1718 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd5/0x260 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6d/0x75 RIP: 0033:0x7fd6fb07fbe7 Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fffa027d8d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000029 RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fd6fb07fbe7 RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000002 RBP: 00007fffa027e02c R08: 0000000000000408 R09: 00007fffa027dd17 R10: 00007fd6fb17a4f0 R11: 0000000000000202 R12: 00007fd6fb17cd00 R13: 00000000000369d6 R14: 00000000000368e2 R15: 00007fd6fb17eec0 ---------------- Code disassembly (best guess), 2 bytes skipped: 0: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 7: 90 nop 8: 90 nop 9: 90 nop a: 90 nop b: 90 nop c: 90 nop d: 90 nop e: 90 nop f: 90 nop 10: 90 nop 11: 90 nop 12: 90 nop 13: 90 nop 14: 90 nop 15: 90 nop 16: 90 nop 17: 49 89 d2 mov %rdx,%r10 1a: 49 89 f8 mov %rdi,%r8 1d: 49 89 f1 mov %rsi,%r9 20: 65 48 8b 15 9f 9e 75 mov %gs:0x7e759e9f(%rip),%rdx # 0x7e759ec7 27: 7e * 28: 65 8b 05 a0 9e 75 7e mov %gs:0x7e759ea0(%rip),%eax # 0x7e759ecf <-- trapping instruction 2f: a9 00 01 ff 00 test $0xff0100,%eax 34: 74 0f je 0x45 36: f6 c4 01 test $0x1,%ah 39: 74 59 je 0x94 3b: 8b .byte 0x8b 3c: 82 .byte 0x82 3d: 14 .byte 0x14