===================================================== WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted ----------------------------------------------------- kworker/0:5/5146 [HC0[0]:SC1[3]:HE0:SE0] is trying to acquire: ffff8880619c6468 (&htab->buckets[i].lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline] ffff8880619c6468 (&htab->buckets[i].lock){+.-.}-{2:2}, at: sock_hash_delete_elem+0xcb/0x260 net/core/sock_map.c:939 and this task is already holding: ffff8880b942c9d8 (hrtimer_bases.lock){-.-.}-{2:2}, at: __run_hrtimer kernel/time/hrtimer.c:1696 [inline] ffff8880b942c9d8 (hrtimer_bases.lock){-.-.}-{2:2}, at: __hrtimer_run_queues+0x2c0/0xc20 kernel/time/hrtimer.c:1756 which would create a new lock dependency: (hrtimer_bases.lock){-.-.}-{2:2} -> (&htab->buckets[i].lock){+.-.}-{2:2} but this new dependency connects a HARDIRQ-irq-safe lock: (hrtimer_bases.lock){-.-.}-{2:2} ... which became HARDIRQ-irq-safe at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162 hrtimer_run_queues+0xee/0x450 kernel/time/hrtimer.c:1922 run_local_timers kernel/time/timer.c:2453 [inline] update_process_times+0xcf/0x220 kernel/time/timer.c:2475 tick_periodic+0x7e/0x230 kernel/time/tick-common.c:100 tick_handle_periodic+0x45/0x120 kernel/time/tick-common.c:112 timer_interrupt+0x4e/0x80 arch/x86/kernel/time.c:57 __handle_irq_event_percpu+0x22c/0x750 kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] handle_irq_event+0xab/0x1e0 kernel/irq/handle.c:210 handle_level_irq+0x25d/0x6f0 kernel/irq/chip.c:648 generic_handle_irq_desc include/linux/irqdesc.h:161 [inline] handle_irq arch/x86/kernel/irq.c:238 [inline] __common_interrupt+0xe1/0x250 arch/x86/kernel/irq.c:257 common_interrupt+0xab/0xd0 arch/x86/kernel/irq.c:247 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline] _raw_spin_unlock_irqrestore+0x31/0x80 kernel/locking/spinlock.c:194 __setup_irq+0x1069/0x1e80 kernel/irq/manage.c:1818 request_threaded_irq+0x2b4/0x3e0 kernel/irq/manage.c:2202 request_irq include/linux/interrupt.h:168 [inline] setup_default_timer_irq arch/x86/kernel/time.c:70 [inline] hpet_time_init+0x5b/0x90 arch/x86/kernel/time.c:82 x86_late_time_init+0x51/0xc0 arch/x86/kernel/time.c:94 start_kernel+0x317/0x490 init/main.c:1039 x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:509 x86_64_start_kernel+0xb2/0xc0 arch/x86/kernel/head64.c:490 common_startup_64+0x13e/0x148 to a HARDIRQ-irq-unsafe lock: (&htab->buckets[i].lock){+.-.}-{2:2} ... which became HARDIRQ-irq-unsafe at: ... lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_hash_update_common+0x1fe/0xa60 net/core/sock_map.c:1007 sock_map_update_elem_sys+0x280/0x570 net/core/sock_map.c:581 bpf_map_update_value+0x36c/0x6c0 kernel/bpf/syscall.c:172 map_update_elem+0x623/0x910 kernel/bpf/syscall.c:1641 __sys_bpf+0xab9/0x4b40 kernel/bpf/syscall.c:5619 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline] __se_sys_bpf kernel/bpf/syscall.c:5736 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5736 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd5/0x260 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6d/0x75 other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&htab->buckets[i].lock); local_irq_disable(); lock(hrtimer_bases.lock); lock(&htab->buckets[i].lock); lock(hrtimer_bases.lock); *** DEADLOCK *** 7 locks held by kworker/0:5/5146: #0: ffff888015074948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1296/0x1a60 kernel/workqueue.c:3229 #1: ffffc90004857d80 (pcpu_balance_work){+.+.}-{0:0}, at: process_one_work+0x906/0x1a60 kernel/workqueue.c:3230 #2: ffffffff8d903488 (pcpu_alloc_mutex){+.+.}-{3:3}, at: pcpu_balance_workfn+0x25/0xd00 mm/percpu.c:2233 #3: ffff8880b94445d8 (&pcp->lock){+.+.}-{2:2}, at: spin_trylock include/linux/spinlock.h:361 [inline] #3: ffff8880b94445d8 (&pcp->lock){+.+.}-{2:2}, at: rmqueue_pcplist mm/page_alloc.c:2849 [inline] #3: ffff8880b94445d8 (&pcp->lock){+.+.}-{2:2}, at: rmqueue mm/page_alloc.c:2899 [inline] #3: ffff8880b94445d8 (&pcp->lock){+.+.}-{2:2}, at: get_page_from_freelist+0xb39/0x3780 mm/page_alloc.c:3308 #4: ffff8880b942c9d8 (hrtimer_bases.lock){-.-.}-{2:2}, at: __run_hrtimer kernel/time/hrtimer.c:1696 [inline] #4: ffff8880b942c9d8 (hrtimer_bases.lock){-.-.}-{2:2}, at: __hrtimer_run_queues+0x2c0/0xc20 kernel/time/hrtimer.c:1756 #5: ffffffff8e2400a0 (fill_pool_map-wait-type-override){+.+.}-{3:3}, at: debug_objects_fill_pool lib/debugobjects.c:614 [inline] #5: ffffffff8e2400a0 (fill_pool_map-wait-type-override){+.+.}-{3:3}, at: debug_object_activate+0x13e/0x540 lib/debugobjects.c:704 #6: ffffffff8d7b49e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline] #6: ffffffff8d7b49e0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline] #6: ffffffff8d7b49e0 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2380 [inline] #6: ffffffff8d7b49e0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run4+0x107/0x460 kernel/trace/bpf_trace.c:2422 the dependencies between HARDIRQ-irq-safe lock and the holding lock: -> (hrtimer_bases.lock){-.-.}-{2:2} { IN-HARDIRQ-W at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162 hrtimer_run_queues+0xee/0x450 kernel/time/hrtimer.c:1922 run_local_timers kernel/time/timer.c:2453 [inline] update_process_times+0xcf/0x220 kernel/time/timer.c:2475 tick_periodic+0x7e/0x230 kernel/time/tick-common.c:100 tick_handle_periodic+0x45/0x120 kernel/time/tick-common.c:112 timer_interrupt+0x4e/0x80 arch/x86/kernel/time.c:57 __handle_irq_event_percpu+0x22c/0x750 kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] handle_irq_event+0xab/0x1e0 kernel/irq/handle.c:210 handle_level_irq+0x25d/0x6f0 kernel/irq/chip.c:648 generic_handle_irq_desc include/linux/irqdesc.h:161 [inline] handle_irq arch/x86/kernel/irq.c:238 [inline] __common_interrupt+0xe1/0x250 arch/x86/kernel/irq.c:257 common_interrupt+0xab/0xd0 arch/x86/kernel/irq.c:247 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline] _raw_spin_unlock_irqrestore+0x31/0x80 kernel/locking/spinlock.c:194 __setup_irq+0x1069/0x1e80 kernel/irq/manage.c:1818 request_threaded_irq+0x2b4/0x3e0 kernel/irq/manage.c:2202 request_irq include/linux/interrupt.h:168 [inline] setup_default_timer_irq arch/x86/kernel/time.c:70 [inline] hpet_time_init+0x5b/0x90 arch/x86/kernel/time.c:82 x86_late_time_init+0x51/0xc0 arch/x86/kernel/time.c:94 start_kernel+0x317/0x490 init/main.c:1039 x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:509 x86_64_start_kernel+0xb2/0xc0 arch/x86/kernel/head64.c:490 common_startup_64+0x13e/0x148 IN-SOFTIRQ-W at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162 hrtimer_interrupt+0x10e/0x800 kernel/time/hrtimer.c:1799 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline] __sysvec_apic_timer_interrupt+0x112/0x410 arch/x86/kernel/apic/apic.c:1049 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 rcu_dynticks_curr_cpu_in_eqs include/linux/context_tracking.h:122 [inline] rcu_is_watching+0x19/0xc0 kernel/rcu/tree.c:700 trace_lock_acquire include/trace/events/lock.h:24 [inline] lock_acquire+0x47b/0x540 kernel/locking/lockdep.c:5725 debug_objects_fill_pool lib/debugobjects.c:614 [inline] debug_object_activate+0x14c/0x540 lib/debugobjects.c:704 debug_rcu_head_queue kernel/rcu/rcu.h:227 [inline] __call_rcu_common.constprop.0+0x2c/0x790 kernel/rcu/tree.c:2719 __put_cred+0x110/0x170 kernel/cred.c:110 put_cred_many include/linux/cred.h:267 [inline] put_cred_many include/linux/cred.h:261 [inline] exit_creds+0x19e/0x210 kernel/cred.c:131 __put_task_struct+0x128/0x3d0 kernel/fork.c:977 put_task_struct include/linux/sched/task.h:138 [inline] put_task_struct include/linux/sched/task.h:125 [inline] delayed_put_task_struct+0x22c/0x2d0 kernel/exit.c:229 rcu_do_batch kernel/rcu/tree.c:2196 [inline] rcu_core+0x82b/0x16b0 kernel/rcu/tree.c:2471 __do_softirq+0x21b/0x8de kernel/softirq.c:554 run_ksoftirqd kernel/softirq.c:924 [inline] run_ksoftirqd+0x35/0x60 kernel/softirq.c:916 smpboot_thread_fn+0x664/0xa10 kernel/smpboot.c:164 kthread+0x2c4/0x3a0 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162 hrtimer_run_queues+0xee/0x450 kernel/time/hrtimer.c:1922 run_local_timers kernel/time/timer.c:2453 [inline] update_process_times+0xcf/0x220 kernel/time/timer.c:2475 tick_periodic+0x7e/0x230 kernel/time/tick-common.c:100 tick_handle_periodic+0x45/0x120 kernel/time/tick-common.c:112 timer_interrupt+0x4e/0x80 arch/x86/kernel/time.c:57 __handle_irq_event_percpu+0x22c/0x750 kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] handle_irq_event+0xab/0x1e0 kernel/irq/handle.c:210 handle_level_irq+0x25d/0x6f0 kernel/irq/chip.c:648 generic_handle_irq_desc include/linux/irqdesc.h:161 [inline] handle_irq arch/x86/kernel/irq.c:238 [inline] __common_interrupt+0xe1/0x250 arch/x86/kernel/irq.c:257 common_interrupt+0xab/0xd0 arch/x86/kernel/irq.c:247 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline] _raw_spin_unlock_irqrestore+0x31/0x80 kernel/locking/spinlock.c:194 __setup_irq+0x1069/0x1e80 kernel/irq/manage.c:1818 request_threaded_irq+0x2b4/0x3e0 kernel/irq/manage.c:2202 request_irq include/linux/interrupt.h:168 [inline] setup_default_timer_irq arch/x86/kernel/time.c:70 [inline] hpet_time_init+0x5b/0x90 arch/x86/kernel/time.c:82 x86_late_time_init+0x51/0xc0 arch/x86/kernel/time.c:94 start_kernel+0x317/0x490 init/main.c:1039 x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:509 x86_64_start_kernel+0xb2/0xc0 arch/x86/kernel/head64.c:490 common_startup_64+0x13e/0x148 } ... key at: [] 0xffff8880b942c9d8 the dependencies between the lock to be acquired and HARDIRQ-irq-unsafe lock: -> (&htab->buckets[i].lock){+.-.}-{2:2} { HARDIRQ-ON-W at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_hash_update_common+0x1fe/0xa60 net/core/sock_map.c:1007 sock_map_update_elem_sys+0x280/0x570 net/core/sock_map.c:581 bpf_map_update_value+0x36c/0x6c0 kernel/bpf/syscall.c:172 map_update_elem+0x623/0x910 kernel/bpf/syscall.c:1641 __sys_bpf+0xab9/0x4b40 kernel/bpf/syscall.c:5619 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline] __se_sys_bpf kernel/bpf/syscall.c:5736 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5736 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd5/0x260 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6d/0x75 IN-SOFTIRQ-W at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_hash_delete_elem+0xcb/0x260 net/core/sock_map.c:939 bpf_prog_a8aaa52f2e199321+0x4a/0x52 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run4+0x179/0x460 kernel/trace/bpf_trace.c:2422 trace_mm_page_alloc include/trace/events/kmem.h:177 [inline] __alloc_pages+0x3ad/0x2410 mm/page_alloc.c:4591 alloc_pages_mpol+0x258/0x600 mm/mempolicy.c:2133 __get_free_pages+0xc/0x40 mm/page_alloc.c:4616 genradix_alloc_node lib/generic-radix-tree.c:84 [inline] __genradix_ptr_alloc+0x15d/0x3d0 lib/generic-radix-tree.c:123 __genradix_prealloc+0x5a/0x90 lib/generic-radix-tree.c:293 sctp_stream_alloc_out net/sctp/stream.c:104 [inline] sctp_stream_init+0x31e/0x510 net/sctp/stream.c:149 sctp_association_init net/sctp/associola.c:231 [inline] sctp_association_new+0x14ff/0x2ad0 net/sctp/associola.c:295 sctp_make_temp_asoc+0x97/0x1d0 net/sctp/sm_make_chunk.c:1638 sctp_sf_do_5_1B_init+0x726/0xda0 net/sctp/sm_statefuns.c:409 sctp_do_sm+0x182/0x5c90 net/sctp/sm_sideeffect.c:1166 sctp_endpoint_bh_rcv+0x440/0x880 net/sctp/endpointola.c:407 sctp_inq_push+0x1db/0x270 net/sctp/inqueue.c:88 sctp_rcv+0x1563/0x3d10 net/sctp/input.c:243 sctp6_rcv+0x3c/0x60 net/sctp/ipv6.c:1119 ip6_protocol_deliver_rcu+0xf99/0x1530 net/ipv6/ip6_input.c:438 ip6_input_finish+0x14f/0x2f0 net/ipv6/ip6_input.c:483 NF_HOOK include/linux/netfilter.h:314 [inline] NF_HOOK include/linux/netfilter.h:308 [inline] ip6_input+0xa1/0xd0 net/ipv6/ip6_input.c:492 dst_input include/net/dst.h:460 [inline] ip6_rcv_finish net/ipv6/ip6_input.c:79 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] NF_HOOK include/linux/netfilter.h:308 [inline] ipv6_rcv+0x265/0x680 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core+0x12e/0x1e0 net/core/dev.c:5538 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5652 process_backlog+0x12f/0x6f0 net/core/dev.c:5981 __napi_poll.constprop.0+0xba/0x550 net/core/dev.c:6632 napi_poll net/core/dev.c:6701 [inline] net_rx_action+0x9ad/0xf10 net/core/dev.c:6813 __do_softirq+0x21b/0x8de kernel/softirq.c:554 do_softirq kernel/softirq.c:455 [inline] do_softirq+0xb2/0xf0 kernel/softirq.c:442 __local_bh_enable_ip+0x100/0x120 kernel/softirq.c:382 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:820 [inline] __dev_queue_xmit+0x879/0x3ef0 net/core/dev.c:4362 dev_queue_xmit include/linux/netdevice.h:3091 [inline] neigh_hh_output include/net/neighbour.h:526 [inline] neigh_output include/net/neighbour.h:540 [inline] ip6_finish_output2+0x1100/0x18b0 net/ipv6/ip6_output.c:137 __ip6_finish_output net/ipv6/ip6_output.c:211 [inline] ip6_finish_output+0x3f9/0x1300 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x1eb/0x540 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:450 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] NF_HOOK include/linux/netfilter.h:308 [inline] ip6_xmit+0x125f/0x2030 net/ipv6/ip6_output.c:358 sctp_v6_xmit+0xc1f/0x1110 net/sctp/ipv6.c:248 sctp_packet_transmit+0x1e37/0x2f80 net/sctp/output.c:653 sctp_packet_singleton+0x19f/0x370 net/sctp/outqueue.c:783 sctp_outq_flush_ctrl net/sctp/outqueue.c:914 [inline] sctp_outq_flush+0x54d/0x3360 net/sctp/outqueue.c:1212 sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1818 [inline] sctp_side_effects net/sctp/sm_sideeffect.c:1198 [inline] sctp_do_sm+0x179c/0x5c90 net/sctp/sm_sideeffect.c:1169 sctp_primitive_ASSOCIATE+0x9c/0xd0 net/sctp/primitive.c:73 sctp_sendmsg_to_asoc+0xa40/0x1ab0 net/sctp/socket.c:1841 sctp_sendmsg+0xf0a/0x1eb0 net/sctp/socket.c:2031 inet_sendmsg+0x11c/0x140 net/ipv4/af_inet.c:851 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0xa09/0xc90 net/socket.c:2584 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2638 __sys_sendmmsg+0x1a1/0x450 net/socket.c:2724 __do_sys_sendmmsg net/socket.c:2753 [inline] __se_sys_sendmmsg net/socket.c:2750 [inline] __x64_sys_sendmmsg+0x9c/0x100 net/socket.c:2750 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd5/0x260 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6d/0x75 INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_hash_update_common+0x1fe/0xa60 net/core/sock_map.c:1007 sock_map_update_elem_sys+0x280/0x570 net/core/sock_map.c:581 bpf_map_update_value+0x36c/0x6c0 kernel/bpf/syscall.c:172 map_update_elem+0x623/0x910 kernel/bpf/syscall.c:1641 __sys_bpf+0xab9/0x4b40 kernel/bpf/syscall.c:5619 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline] __se_sys_bpf kernel/bpf/syscall.c:5736 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5736 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd5/0x260 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6d/0x75 } ... key at: [] __key.0+0x0/0x40 ... acquired at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_hash_delete_elem+0xcb/0x260 net/core/sock_map.c:939 bpf_prog_a8aaa52f2e199321+0x4a/0x52 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run4+0x179/0x460 kernel/trace/bpf_trace.c:2422 trace_mm_page_alloc include/trace/events/kmem.h:177 [inline] __alloc_pages+0x3ad/0x2410 mm/page_alloc.c:4591 __alloc_pages_node include/linux/gfp.h:238 [inline] alloc_pages_node include/linux/gfp.h:261 [inline] alloc_slab_page mm/slub.c:2175 [inline] allocate_slab mm/slub.c:2338 [inline] new_slab+0xcc/0x3a0 mm/slub.c:2391 ___slab_alloc+0x66d/0x1790 mm/slub.c:3525 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3610 __slab_alloc_node mm/slub.c:3663 [inline] slab_alloc_node mm/slub.c:3835 [inline] kmem_cache_alloc+0x2e9/0x320 mm/slub.c:3852 kmem_cache_zalloc include/linux/slab.h:739 [inline] fill_pool+0x275/0x5d0 lib/debugobjects.c:168 debug_objects_fill_pool lib/debugobjects.c:615 [inline] debug_object_activate+0x151/0x540 lib/debugobjects.c:704 debug_hrtimer_activate kernel/time/hrtimer.c:423 [inline] debug_activate kernel/time/hrtimer.c:478 [inline] enqueue_hrtimer+0x25/0x390 kernel/time/hrtimer.c:1090 __run_hrtimer kernel/time/hrtimer.c:1709 [inline] __hrtimer_run_queues+0xa15/0xc20 kernel/time/hrtimer.c:1756 hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1773 __do_softirq+0x21b/0x8de kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:633 [inline] irq_exit_rcu+0xb9/0x120 kernel/softirq.c:645 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 lock_acquire+0x1f2/0x540 kernel/locking/lockdep.c:5722 __raw_spin_trylock include/linux/spinlock_api_smp.h:90 [inline] _raw_spin_trylock+0x63/0x80 kernel/locking/spinlock.c:138 spin_trylock include/linux/spinlock.h:361 [inline] rmqueue_pcplist mm/page_alloc.c:2849 [inline] rmqueue mm/page_alloc.c:2899 [inline] get_page_from_freelist+0xb39/0x3780 mm/page_alloc.c:3308 __alloc_pages+0x22b/0x2410 mm/page_alloc.c:4569 alloc_pages_mpol+0x258/0x600 mm/mempolicy.c:2133 __get_free_pages+0xc/0x40 mm/page_alloc.c:4616 kasan_populate_vmalloc_pte+0x2d/0x160 mm/kasan/shadow.c:311 apply_to_pte_range mm/memory.c:2619 [inline] apply_to_pmd_range mm/memory.c:2663 [inline] apply_to_pud_range mm/memory.c:2699 [inline] apply_to_p4d_range mm/memory.c:2735 [inline] __apply_to_page_range+0x581/0xdb0 mm/memory.c:2769 alloc_vmap_area+0x870/0x2080 mm/vmalloc.c:1713 __get_vm_area_node+0x132/0x3e0 mm/vmalloc.c:2667 __vmalloc_node_range+0x279/0x1540 mm/vmalloc.c:3352 __vmalloc_node mm/vmalloc.c:3457 [inline] __vmalloc+0x6d/0x90 mm/vmalloc.c:3471 pcpu_mem_zalloc+0x54/0xb0 mm/percpu.c:512 pcpu_alloc_chunk mm/percpu.c:1469 [inline] pcpu_create_chunk+0x214/0x8c0 mm/percpu-vm.c:338 pcpu_balance_populated mm/percpu.c:2101 [inline] pcpu_balance_workfn+0x3bc/0xd00 mm/percpu.c:2238 process_one_work+0x9ac/0x1a60 kernel/workqueue.c:3254 process_scheduled_works kernel/workqueue.c:3335 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3416 kthread+0x2c4/0x3a0 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 stack backtrace: CPU: 0 PID: 5146 Comm: kworker/0:5 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Workqueue: events pcpu_balance_workfn Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114 print_bad_irq_dependency kernel/locking/lockdep.c:2626 [inline] check_irq_usage+0xe3c/0x1490 kernel/locking/lockdep.c:2865 check_prev_add kernel/locking/lockdep.c:3138 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline] validate_chain kernel/locking/lockdep.c:3869 [inline] __lock_acquire+0x248e/0x3b30 kernel/locking/lockdep.c:5137 lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_hash_delete_elem+0xcb/0x260 net/core/sock_map.c:939 bpf_prog_a8aaa52f2e199321+0x4a/0x52 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run4+0x179/0x460 kernel/trace/bpf_trace.c:2422 trace_mm_page_alloc include/trace/events/kmem.h:177 [inline] __alloc_pages+0x3ad/0x2410 mm/page_alloc.c:4591 __alloc_pages_node include/linux/gfp.h:238 [inline] alloc_pages_node include/linux/gfp.h:261 [inline] alloc_slab_page mm/slub.c:2175 [inline] allocate_slab mm/slub.c:2338 [inline] new_slab+0xcc/0x3a0 mm/slub.c:2391 ___slab_alloc+0x66d/0x1790 mm/slub.c:3525 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3610 __slab_alloc_node mm/slub.c:3663 [inline] slab_alloc_node mm/slub.c:3835 [inline] kmem_cache_alloc+0x2e9/0x320 mm/slub.c:3852 kmem_cache_zalloc include/linux/slab.h:739 [inline] fill_pool+0x275/0x5d0 lib/debugobjects.c:168 debug_objects_fill_pool lib/debugobjects.c:615 [inline] debug_object_activate+0x151/0x540 lib/debugobjects.c:704 debug_hrtimer_activate kernel/time/hrtimer.c:423 [inline] debug_activate kernel/time/hrtimer.c:478 [inline] enqueue_hrtimer+0x25/0x390 kernel/time/hrtimer.c:1090 __run_hrtimer kernel/time/hrtimer.c:1709 [inline] __hrtimer_run_queues+0xa15/0xc20 kernel/time/hrtimer.c:1756 hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1773 __do_softirq+0x21b/0x8de kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:633 [inline] irq_exit_rcu+0xb9/0x120 kernel/softirq.c:645 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:lock_acquire+0x1f2/0x540 kernel/locking/lockdep.c:5722 Code: c1 05 ba f3 95 7e 83 f8 01 0f 85 c8 02 00 00 9c 58 f6 c4 02 0f 85 b3 02 00 00 48 85 ed 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c3 48 c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 48 8b 84 24 RSP: 0018:ffffc90004857200 EFLAGS: 00000206 RAX: dffffc0000000000 RBX: 1ffff9200090ae42 RCX: 00000000a3ce198e RDX: 0000000000000001 RSI: ffffffff8b0ccb80 RDI: ffffffff8b6eb4e0 RBP: 0000000000000200 R08: 0000000000000000 R09: fffffbfff27b7830 R10: ffffffff93dbc187 R11: 0000000000000003 R12: 0000000000000001 R13: 0000000000000001 R14: ffff8880b94445d8 R15: 0000000000000000 __raw_spin_trylock include/linux/spinlock_api_smp.h:90 [inline] _raw_spin_trylock+0x63/0x80 kernel/locking/spinlock.c:138 spin_trylock include/linux/spinlock.h:361 [inline] rmqueue_pcplist mm/page_alloc.c:2849 [inline] rmqueue mm/page_alloc.c:2899 [inline] get_page_from_freelist+0xb39/0x3780 mm/page_alloc.c:3308 __alloc_pages+0x22b/0x2410 mm/page_alloc.c:4569 alloc_pages_mpol+0x258/0x600 mm/mempolicy.c:2133 __get_free_pages+0xc/0x40 mm/page_alloc.c:4616 kasan_populate_vmalloc_pte+0x2d/0x160 mm/kasan/shadow.c:311 apply_to_pte_range mm/memory.c:2619 [inline] apply_to_pmd_range mm/memory.c:2663 [inline] apply_to_pud_range mm/memory.c:2699 [inline] apply_to_p4d_range mm/memory.c:2735 [inline] __apply_to_page_range+0x581/0xdb0 mm/memory.c:2769 alloc_vmap_area+0x870/0x2080 mm/vmalloc.c:1713 __get_vm_area_node+0x132/0x3e0 mm/vmalloc.c:2667 __vmalloc_node_range+0x279/0x1540 mm/vmalloc.c:3352 __vmalloc_node mm/vmalloc.c:3457 [inline] __vmalloc+0x6d/0x90 mm/vmalloc.c:3471 pcpu_mem_zalloc+0x54/0xb0 mm/percpu.c:512 pcpu_alloc_chunk mm/percpu.c:1469 [inline] pcpu_create_chunk+0x214/0x8c0 mm/percpu-vm.c:338 pcpu_balance_populated mm/percpu.c:2101 [inline] pcpu_balance_workfn+0x3bc/0xd00 mm/percpu.c:2238 process_one_work+0x9ac/0x1a60 kernel/workqueue.c:3254 process_scheduled_works kernel/workqueue.c:3335 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3416 kthread+0x2c4/0x3a0 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 ---------------- Code disassembly (best guess): 0: c1 05 ba f3 95 7e 83 roll $0x83,0x7e95f3ba(%rip) # 0x7e95f3c1 7: f8 clc 8: 01 0f add %ecx,(%rdi) a: 85 c8 test %ecx,%eax c: 02 00 add (%rax),%al e: 00 9c 58 f6 c4 02 0f add %bl,0xf02c4f6(%rax,%rbx,2) 15: 85 b3 02 00 00 48 test %esi,0x48000002(%rbx) 1b: 85 ed test %ebp,%ebp 1d: 74 01 je 0x20 1f: fb sti 20: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 27: fc ff df * 2a: 48 01 c3 add %rax,%rbx <-- trapping instruction 2d: 48 c7 03 00 00 00 00 movq $0x0,(%rbx) 34: 48 c7 43 08 00 00 00 movq $0x0,0x8(%rbx) 3b: 00 3c: 48 rex.W 3d: 8b .byte 0x8b 3e: 84 .byte 0x84 3f: 24 .byte 0x24