===================================================== WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected 6.8.0-syzkaller-05271-gf99c5f563c17 #0 Not tainted ----------------------------------------------------- kworker/u9:6/5091 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire: ffff88805ec1fa00 (&stab->lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline] ffff88805ec1fa00 (&stab->lock){+.-.}-{2:2}, at: __sock_map_delete net/core/sock_map.c:414 [inline] ffff88805ec1fa00 (&stab->lock){+.-.}-{2:2}, at: sock_map_delete_elem+0x97/0x140 net/core/sock_map.c:446 and this task is already holding: ffff888016eec120 ((worker)->lock){....}-{2:2}, at: kthread_queue_work+0x27/0x180 kernel/kthread.c:1019 which would create a new lock dependency: ((worker)->lock){....}-{2:2} -> (&stab->lock){+.-.}-{2:2} but this new dependency connects a HARDIRQ-irq-safe lock: (&pool->lock){-.-.}-{2:2} ... which became HARDIRQ-irq-safe at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 __queue_work+0x6ec/0xec0 queue_work_on+0x14f/0x250 kernel/workqueue.c:2435 hrtimer_switch_to_hres kernel/time/hrtimer.c:750 [inline] hrtimer_run_queues+0x154/0x460 kernel/time/hrtimer.c:1918 run_local_timers kernel/time/timer.c:2453 [inline] update_process_times+0x80/0x230 kernel/time/timer.c:2475 tick_periodic+0x190/0x220 kernel/time/tick-common.c:100 tick_handle_periodic+0x4a/0x160 kernel/time/tick-common.c:112 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline] __sysvec_apic_timer_interrupt+0x107/0x3a0 arch/x86/kernel/apic/apic.c:1049 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 lock_acquire+0x25b/0x530 kernel/locking/lockdep.c:5758 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] simple_pin_fs+0x31/0x160 fs/libfs.c:1013 tracefs_start_creating+0x3d/0x210 fs/tracefs/inode.c:462 tracefs_create_file+0x9c/0x650 fs/tracefs/inode.c:567 trace_create_file+0x32/0x70 kernel/trace/trace.c:9167 create_event_toplevel_files+0x2e/0x100 kernel/trace/trace_events.c:3864 early_event_add_tracer+0x23/0x80 kernel/trace/trace_events.c:3938 event_trace_init+0xeb/0x170 kernel/trace/trace_events.c:4100 tracer_init_tracefs_work_func+0x11/0x140 kernel/trace/trace.c:10175 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0xa00/0x1770 kernel/workqueue.c:3335 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416 kthread+0x2f0/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 to a HARDIRQ-irq-unsafe lock: (&stab->lock){+.-.}-{2:2} ... which became HARDIRQ-irq-unsafe at: ... lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] __sock_map_delete net/core/sock_map.c:414 [inline] sock_map_delete_elem+0x97/0x140 net/core/sock_map.c:446 0xffffffffa0002052 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:650 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x375/0x420 kernel/trace/bpf_trace.c:2420 trace_kfree include/trace/events/kmem.h:94 [inline] kfree+0x291/0x380 mm/slub.c:4396 do_delayed_call include/linux/delayed_call.h:28 [inline] put_link fs/namei.c:1026 [inline] walk_component+0x17a/0x410 fs/namei.c:2010 link_path_walk+0x728/0xea0 fs/namei.c:2329 path_openat+0x24a/0x3240 fs/namei.c:3796 do_filp_open+0x235/0x490 fs/namei.c:3827 do_sys_openat2+0x13e/0x1d0 fs/open.c:1407 do_sys_open fs/open.c:1422 [inline] __do_sys_openat fs/open.c:1438 [inline] __se_sys_openat fs/open.c:1433 [inline] __x64_sys_openat+0x247/0x2a0 fs/open.c:1433 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 other info that might help us debug this: Chain exists of: &pool->lock --> (worker)->lock --> &stab->lock Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&stab->lock); local_irq_disable(); lock(&pool->lock); lock((worker)->lock); lock(&pool->lock); *** DEADLOCK *** 7 locks held by kworker/u9:6/5091: #0: ffff88802c015948 ((wq_completion)hci3){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3229 [inline] #0: ffff88802c015948 ((wq_completion)hci3){+.+.}-{0:0}, at: process_scheduled_works+0x8e0/0x1770 kernel/workqueue.c:3335 #1: ffffc90003c3fd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3230 [inline] #1: ffffc90003c3fd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x91b/0x1770 kernel/workqueue.c:3335 #2: ffff888069df1060 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 net/bluetooth/hci_sync.c:309 #3: ffff888069df0078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 net/bluetooth/hci_sync.c:5542 #4: ffffffff8e136cb8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:291 [inline] #4: ffffffff8e136cb8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x39a/0x820 kernel/rcu/tree_exp.h:939 #5: ffff888016eec120 ((worker)->lock){....}-{2:2}, at: kthread_queue_work+0x27/0x180 kernel/kthread.c:1019 #6: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline] #6: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline] #6: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2380 [inline] #6: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x114/0x420 kernel/trace/bpf_trace.c:2420 the dependencies between HARDIRQ-irq-safe lock and the holding lock: -> (&pool->lock){-.-.}-{2:2} { IN-HARDIRQ-W at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 __queue_work+0x6ec/0xec0 queue_work_on+0x14f/0x250 kernel/workqueue.c:2435 hrtimer_switch_to_hres kernel/time/hrtimer.c:750 [inline] hrtimer_run_queues+0x154/0x460 kernel/time/hrtimer.c:1918 run_local_timers kernel/time/timer.c:2453 [inline] update_process_times+0x80/0x230 kernel/time/timer.c:2475 tick_periodic+0x190/0x220 kernel/time/tick-common.c:100 tick_handle_periodic+0x4a/0x160 kernel/time/tick-common.c:112 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline] __sysvec_apic_timer_interrupt+0x107/0x3a0 arch/x86/kernel/apic/apic.c:1049 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 lock_acquire+0x25b/0x530 kernel/locking/lockdep.c:5758 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] simple_pin_fs+0x31/0x160 fs/libfs.c:1013 tracefs_start_creating+0x3d/0x210 fs/tracefs/inode.c:462 tracefs_create_file+0x9c/0x650 fs/tracefs/inode.c:567 trace_create_file+0x32/0x70 kernel/trace/trace.c:9167 create_event_toplevel_files+0x2e/0x100 kernel/trace/trace_events.c:3864 early_event_add_tracer+0x23/0x80 kernel/trace/trace_events.c:3938 event_trace_init+0xeb/0x170 kernel/trace/trace_events.c:4100 tracer_init_tracefs_work_func+0x11/0x140 kernel/trace/trace.c:10175 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0xa00/0x1770 kernel/workqueue.c:3335 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416 kthread+0x2f0/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 IN-SOFTIRQ-W at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 __queue_work+0x6ec/0xec0 call_timer_fn+0x17e/0x600 kernel/time/timer.c:1792 expire_timers kernel/time/timer.c:1838 [inline] __run_timers kernel/time/timer.c:2408 [inline] __run_timer_base+0x695/0x8e0 kernel/time/timer.c:2419 run_timer_base kernel/time/timer.c:2428 [inline] run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2438 __do_softirq+0x2bc/0x943 kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633 irq_exit_rcu+0x9/0x30 kernel/softirq.c:645 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline] arch_safe_halt arch/x86/include/asm/irqflags.h:86 [inline] default_idle+0x13/0x20 arch/x86/kernel/process.c:742 default_idle_call+0x74/0xb0 kernel/sched/idle.c:117 cpuidle_idle_call kernel/sched/idle.c:191 [inline] do_idle+0x22f/0x5d0 kernel/sched/idle.c:332 cpu_startup_entry+0x42/0x60 kernel/sched/idle.c:430 rest_init+0x2e0/0x300 init/main.c:730 arch_call_rest_init+0xe/0x10 init/main.c:831 start_kernel+0x47a/0x500 init/main.c:1077 x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:509 x86_64_start_kernel+0x99/0xa0 arch/x86/kernel/head64.c:490 common_startup_64+0x13e/0x147 INITIAL USE at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 __queue_work+0x6ec/0xec0 queue_work_on+0x14f/0x250 kernel/workqueue.c:2435 queue_work include/linux/workqueue.h:605 [inline] start_poll_synchronize_rcu_expedited+0xf7/0x150 kernel/rcu/tree_exp.h:1017 rcu_init+0xea/0x140 kernel/rcu/tree.c:5240 start_kernel+0x1f7/0x500 init/main.c:969 x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:509 x86_64_start_kernel+0x99/0xa0 arch/x86/kernel/head64.c:490 common_startup_64+0x13e/0x147 } ... key at: [] init_worker_pool.__key+0x0/0x20 -> ((worker)->lock){....}-{2:2} { INITIAL USE at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_irq include/linux/spinlock_api_smp.h:119 [inline] _raw_spin_lock_irq+0xd3/0x120 kernel/locking/spinlock.c:170 kthread_worker_fn+0x236/0xab0 kernel/kthread.c:828 kthread+0x2f0/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 } ... key at: [] __kthread_create_worker.__key+0x0/0x20 ... acquired at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 kthread_queue_work+0x27/0x180 kernel/kthread.c:1019 put_pwq kernel/workqueue.c:1642 [inline] put_pwq_unlocked+0x12a/0x190 kernel/workqueue.c:1659 apply_wqattrs_cleanup kernel/workqueue.c:5098 [inline] apply_workqueue_attrs_locked+0x132/0x210 kernel/workqueue.c:5219 apply_workqueue_attrs+0x30/0x50 kernel/workqueue.c:5249 padata_setup_cpumasks kernel/padata.c:435 [inline] padata_alloc+0x22b/0x370 kernel/padata.c:1014 pcrypt_init_padata+0x27/0x100 crypto/pcrypt.c:327 pcrypt_init+0x65/0xe0 crypto/pcrypt.c:352 do_one_initcall+0x238/0x830 init/main.c:1241 do_initcall_level+0x157/0x210 init/main.c:1303 do_initcalls+0x3f/0x80 init/main.c:1319 kernel_init_freeable+0x435/0x5d0 init/main.c:1557 kernel_init+0x1d/0x2a0 init/main.c:1446 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 the dependencies between the lock to be acquired and HARDIRQ-irq-unsafe lock: -> (&stab->lock){+.-.}-{2:2} { HARDIRQ-ON-W at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] __sock_map_delete net/core/sock_map.c:414 [inline] sock_map_delete_elem+0x97/0x140 net/core/sock_map.c:446 0xffffffffa0002052 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:650 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x375/0x420 kernel/trace/bpf_trace.c:2420 trace_kfree include/trace/events/kmem.h:94 [inline] kfree+0x291/0x380 mm/slub.c:4396 do_delayed_call include/linux/delayed_call.h:28 [inline] put_link fs/namei.c:1026 [inline] walk_component+0x17a/0x410 fs/namei.c:2010 link_path_walk+0x728/0xea0 fs/namei.c:2329 path_openat+0x24a/0x3240 fs/namei.c:3796 do_filp_open+0x235/0x490 fs/namei.c:3827 do_sys_openat2+0x13e/0x1d0 fs/open.c:1407 do_sys_open fs/open.c:1422 [inline] __do_sys_openat fs/open.c:1438 [inline] __se_sys_openat fs/open.c:1433 [inline] __x64_sys_openat+0x247/0x2a0 fs/open.c:1433 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 IN-SOFTIRQ-W at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] __sock_map_delete net/core/sock_map.c:414 [inline] sock_map_delete_elem+0x97/0x140 net/core/sock_map.c:446 0xffffffffa0002052 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:650 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x375/0x420 kernel/trace/bpf_trace.c:2420 trace_kfree include/trace/events/kmem.h:94 [inline] kfree+0x291/0x380 mm/slub.c:4396 ieee80211_inform_bss+0xbb2/0x1080 net/mac80211/scan.c:160 rdev_inform_bss net/wireless/rdev-ops.h:418 [inline] cfg80211_inform_single_bss_data+0xfe9/0x2250 net/wireless/scan.c:2268 cfg80211_inform_bss_data+0x3e3/0x57d0 net/wireless/scan.c:3067 cfg80211_inform_bss_frame_data+0x3ac/0x700 net/wireless/scan.c:3157 ieee80211_bss_info_update+0x8a5/0xbc0 net/mac80211/scan.c:226 ieee80211_scan_rx+0x526/0x9c0 net/mac80211/scan.c:340 __ieee80211_rx_handle_packet net/mac80211/rx.c:5210 [inline] ieee80211_rx_list+0x2b00/0x3780 net/mac80211/rx.c:5447 ieee80211_rx_napi+0x18a/0x3c0 net/mac80211/rx.c:5470 ieee80211_rx include/net/mac80211.h:5083 [inline] ieee80211_tasklet_handler+0xeb/0x1f0 net/mac80211/main.c:438 tasklet_action_common+0x321/0x4d0 kernel/softirq.c:781 __do_softirq+0x2bc/0x943 kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633 irq_exit_rcu+0x9/0x30 kernel/softirq.c:645 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 unwind_next_frame+0x1ef/0x2a00 arch/x86/kernel/unwind_orc.c:494 __unwind_start+0x641/0x7c0 arch/x86/kernel/unwind_orc.c:760 unwind_start arch/x86/include/asm/unwind.h:64 [inline] arch_stack_walk+0x103/0x1b0 arch/x86/kernel/stacktrace.c:24 stack_trace_save+0x118/0x1d0 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:589 poison_slab_object+0xa6/0xe0 mm/kasan/common.c:240 __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2121 [inline] slab_free mm/slub.c:4299 [inline] kmem_cache_free+0x102/0x2a0 mm/slub.c:4363 nsim_dev_trap_report drivers/net/netdevsim/dev.c:821 [inline] nsim_dev_trap_report_work+0x765/0xaa0 drivers/net/netdevsim/dev.c:850 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0xa00/0x1770 kernel/workqueue.c:3335 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416 kthread+0x2f0/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 INITIAL USE at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] __sock_map_delete net/core/sock_map.c:414 [inline] sock_map_delete_elem+0x97/0x140 net/core/sock_map.c:446 0xffffffffa0002052 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:650 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x375/0x420 kernel/trace/bpf_trace.c:2420 trace_kfree include/trace/events/kmem.h:94 [inline] kfree+0x291/0x380 mm/slub.c:4396 do_delayed_call include/linux/delayed_call.h:28 [inline] put_link fs/namei.c:1026 [inline] walk_component+0x17a/0x410 fs/namei.c:2010 link_path_walk+0x728/0xea0 fs/namei.c:2329 path_openat+0x24a/0x3240 fs/namei.c:3796 do_filp_open+0x235/0x490 fs/namei.c:3827 do_sys_openat2+0x13e/0x1d0 fs/open.c:1407 do_sys_open fs/open.c:1422 [inline] __do_sys_openat fs/open.c:1438 [inline] __se_sys_openat fs/open.c:1433 [inline] __x64_sys_openat+0x247/0x2a0 fs/open.c:1433 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 } ... key at: [] sock_map_alloc.__key+0x0/0x20 ... acquired at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] __sock_map_delete net/core/sock_map.c:414 [inline] sock_map_delete_elem+0x97/0x140 net/core/sock_map.c:446 bpf_prog_d247abf228e51871+0x69/0x6d bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:650 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x375/0x420 kernel/trace/bpf_trace.c:2420 trace_sched_kthread_work_queue_work include/trace/events/sched.h:64 [inline] kthread_insert_work+0x3f4/0x460 kernel/kthread.c:993 kthread_queue_work+0xff/0x180 kernel/kthread.c:1021 synchronize_rcu_expedited_queue_work kernel/rcu/tree_exp.h:469 [inline] synchronize_rcu_expedited+0x593/0x820 kernel/rcu/tree_exp.h:949 synchronize_rcu+0x136/0x3e0 kernel/rcu/tree.c:3611 hci_conn_unlink+0x4f6/0x630 net/bluetooth/hci_conn.c:1075 hci_conn_del+0x61/0xc80 net/bluetooth/hci_conn.c:1091 hci_abort_conn_sync+0x583/0xde0 net/bluetooth/hci_sync.c:5561 hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:310 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0xa00/0x1770 kernel/workqueue.c:3335 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416 kthread+0x2f0/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 stack backtrace: CPU: 1 PID: 5091 Comm: kworker/u9:6 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Workqueue: hci3 hci_cmd_sync_work Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106 print_bad_irq_dependency kernel/locking/lockdep.c:2626 [inline] check_irq_usage kernel/locking/lockdep.c:2865 [inline] check_prev_add kernel/locking/lockdep.c:3138 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline] validate_chain+0x4dc7/0x58e0 kernel/locking/lockdep.c:3869 __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137 lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] __sock_map_delete net/core/sock_map.c:414 [inline] sock_map_delete_elem+0x97/0x140 net/core/sock_map.c:446 bpf_prog_d247abf228e51871+0x69/0x6d bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:650 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x375/0x420 kernel/trace/bpf_trace.c:2420 trace_sched_kthread_work_queue_work include/trace/events/sched.h:64 [inline] kthread_insert_work+0x3f4/0x460 kernel/kthread.c:993 kthread_queue_work+0xff/0x180 kernel/kthread.c:1021 synchronize_rcu_expedited_queue_work kernel/rcu/tree_exp.h:469 [inline] synchronize_rcu_expedited+0x593/0x820 kernel/rcu/tree_exp.h:949 synchronize_rcu+0x136/0x3e0 kernel/rcu/tree.c:3611 hci_conn_unlink+0x4f6/0x630 net/bluetooth/hci_conn.c:1075 hci_conn_del+0x61/0xc80 net/bluetooth/hci_conn.c:1091 hci_abort_conn_sync+0x583/0xde0 net/bluetooth/hci_sync.c:5561 hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:310 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0xa00/0x1770 kernel/workqueue.c:3335 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416 kthread+0x2f0/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 ------------[ cut here ]------------ raw_local_irq_restore() called with IRQs enabled WARNING: CPU: 1 PID: 5091 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x29/0x40 kernel/locking/irqflag-debug.c:10 Modules linked in: CPU: 1 PID: 5091 Comm: kworker/u9:6 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Workqueue: hci3 hci_cmd_sync_work RIP: 0010:warn_bogus_irq_restore+0x29/0x40 kernel/locking/irqflag-debug.c:10 Code: 90 f3 0f 1e fa 90 80 3d de 69 01 04 00 74 06 90 c3 cc cc cc cc c6 05 cf 69 01 04 01 90 48 c7 c7 20 ba aa 8b e8 f8 e5 e7 f5 90 <0f> 0b 90 90 90 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f RSP: 0018:ffffc90003c3f438 EFLAGS: 00010246 RAX: 1c99ff1591479d00 RBX: 1ffff92000787e8c RCX: ffff8880616c8000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc90003c3f4d0 R08: ffffffff8157cc12 R09: 1ffff92000787ddc R10: dffffc0000000000 R11: fffff52000787ddd R12: dffffc0000000000 R13: 1ffff92000787e88 R14: ffffc90003c3f460 R15: 0000000000000246 FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f9c0d7025e0 CR3: 000000002a742000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline] _raw_spin_unlock_irqrestore+0x120/0x140 kernel/locking/spinlock.c:194 kthread_queue_work+0x110/0x180 kernel/kthread.c:1024 synchronize_rcu_expedited_queue_work kernel/rcu/tree_exp.h:469 [inline] synchronize_rcu_expedited+0x593/0x820 kernel/rcu/tree_exp.h:949 synchronize_rcu+0x136/0x3e0 kernel/rcu/tree.c:3611 hci_conn_unlink+0x4f6/0x630 net/bluetooth/hci_conn.c:1075 hci_conn_del+0x61/0xc80 net/bluetooth/hci_conn.c:1091 hci_abort_conn_sync+0x583/0xde0 net/bluetooth/hci_sync.c:5561 hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:310 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0xa00/0x1770 kernel/workqueue.c:3335 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416 kthread+0x2f0/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243