=====================================================
WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted
-----------------------------------------------------
syz-executor.4/5972 [HC0[0]:SC1[3]:HE0:SE0] is trying to acquire:
ffff88802a167200 (&stab->lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff88802a167200 (&stab->lock){+.-.}-{2:2}, at: __sock_map_delete net/core/sock_map.c:414 [inline]
ffff88802a167200 (&stab->lock){+.-.}-{2:2}, at: sock_map_delete_elem+0xc8/0x150 net/core/sock_map.c:446
and this task is already holding:
ffff888015098018 (&pool->lock){-.-.}-{2:2}, at: __queue_work+0x39e/0x1170 kernel/workqueue.c:2360
which would create a new lock dependency:
(&pool->lock){-.-.}-{2:2} -> (&stab->lock){+.-.}-{2:2}
but this new dependency connects a HARDIRQ-irq-safe lock:
(&pool->lock){-.-.}-{2:2}
... which became HARDIRQ-irq-safe at:
lock_acquire kernel/locking/lockdep.c:5754 [inline]
lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
__queue_work+0x39e/0x1170 kernel/workqueue.c:2360
queue_work_on+0xf4/0x120 kernel/workqueue.c:2435
tick_nohz_activate kernel/time/tick-sched.c:1491 [inline]
tick_setup_sched_timer+0x47c/0x790 kernel/time/tick-sched.c:1592
hrtimer_switch_to_hres kernel/time/hrtimer.c:750 [inline]
hrtimer_run_queues+0x33c/0x450 kernel/time/hrtimer.c:1918
run_local_timers kernel/time/timer.c:2453 [inline]
update_process_times+0xcf/0x220 kernel/time/timer.c:2475
tick_periodic+0x7e/0x230 kernel/time/tick-common.c:100
tick_handle_periodic+0x45/0x120 kernel/time/tick-common.c:112
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline]
__sysvec_apic_timer_interrupt+0x112/0x410 arch/x86/kernel/apic/apic.c:1049
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1043
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
lock_acquire+0x1f2/0x540 kernel/locking/lockdep.c:5722
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
d_alloc+0x6a/0x1e0 fs/dcache.c:1707
d_alloc_parallel+0xe9/0x12b0 fs/dcache.c:2462
__lookup_slow+0x194/0x460 fs/namei.c:1677
lookup_one_len+0x181/0x1b0 fs/namei.c:2756
tracefs_start_creating+0x110/0x2a0 fs/tracefs/inode.c:479
tracefs_create_file+0x9d/0x810 fs/tracefs/inode.c:567
trace_create_file+0x33/0x70 kernel/trace/trace.c:9167
event_trace_init+0xe5/0x1f0 kernel/trace/trace_events.c:4097
tracer_init_tracefs_work_func+0x12/0x3c0 kernel/trace/trace.c:10175
process_one_work+0x9ac/0x1a60 kernel/workqueue.c:3254
process_scheduled_works kernel/workqueue.c:3335 [inline]
worker_thread+0x6c8/0xf70 kernel/workqueue.c:3416
kthread+0x2c4/0x3a0 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243
to a HARDIRQ-irq-unsafe lock:
(&stab->lock){+.-.}-{2:2}
... which became HARDIRQ-irq-unsafe at:
...
lock_acquire kernel/locking/lockdep.c:5754 [inline]
lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
__sock_map_delete net/core/sock_map.c:414 [inline]
sock_map_delete_elem+0xc8/0x150 net/core/sock_map.c:446
bpf_prog_2c29ac5cdc6b1842+0x42/0x4a
bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]
__bpf_prog_run include/linux/filter.h:657 [inline]
bpf_prog_run include/linux/filter.h:664 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline]
bpf_trace_run2+0x154/0x420 kernel/trace/bpf_trace.c:2420
__bpf_trace_contention_end+0xca/0x110 include/trace/events/lock.h:122
trace_contention_end+0xce/0x120 include/trace/events/lock.h:122
__mutex_lock_common kernel/locking/mutex.c:617 [inline]
__mutex_lock+0x19c/0x9c0 kernel/locking/mutex.c:752
nf_sockopt_find.constprop.0+0x2a/0x290 net/netfilter/nf_sockopt.c:67
nf_getsockopt+0x2d/0xe0 net/netfilter/nf_sockopt.c:113
ipv6_getsockopt+0x1fd/0x2c0 net/ipv6/ipv6_sockglue.c:1494
tcp_getsockopt+0xa1/0x100 net/ipv4/tcp.c:4373
do_sock_getsockopt+0x2e8/0x760 net/socket.c:2373
__sys_getsockopt+0x1a1/0x270 net/socket.c:2402
__do_sys_getsockopt net/socket.c:2412 [inline]
__se_sys_getsockopt net/socket.c:2409 [inline]
__x64_sys_getsockopt+0xbd/0x160 net/socket.c:2409
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xd5/0x260 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x6d/0x75
other info that might help us debug this:
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&stab->lock);
local_irq_disable();
lock(&pool->lock);
lock(&stab->lock);
<Interrupt>
lock(&pool->lock);
*** DEADLOCK ***
6 locks held by syz-executor.4/5972:
#0: ffff88801f173aa0 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock_killable include/linux/mmap_lock.h:124 [inline]
#0: ffff88801f173aa0 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x160/0x3c0 mm/util.c:571
#1: ffffffff8d7b49e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
#1: ffffffff8d7b49e0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline]
#1: ffffffff8d7b49e0 (rcu_read_lock){....}-{1:2}, at: mt_validate+0xd5/0x4390 lib/maple_tree.c:7578
#2: ffffc90000007cb0 (fs/notify/mark.c:89){..-.}-{0:0}, at: call_timer_fn+0x11a/0x5b0 kernel/time/timer.c:1789
#3: ffffffff8d7b49e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
#3: ffffffff8d7b49e0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline]
#3: ffffffff8d7b49e0 (rcu_read_lock){....}-{1:2}, at: __queue_work+0xf2/0x1170 kernel/workqueue.c:2324
#4: ffff888015098018 (&pool->lock){-.-.}-{2:2}, at: __queue_work+0x39e/0x1170 kernel/workqueue.c:2360
#5: ffffffff8d7b49e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
#5: ffffffff8d7b49e0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline]
#5: ffffffff8d7b49e0 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2380 [inline]
#5: ffffffff8d7b49e0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0xe4/0x420 kernel/trace/bpf_trace.c:2420
the dependencies between HARDIRQ-irq-safe lock and the holding lock:
-> (&pool->lock){-.-.}-{2:2} {
IN-HARDIRQ-W at:
lock_acquire kernel/locking/lockdep.c:5754 [inline]
lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
__queue_work+0x39e/0x1170 kernel/workqueue.c:2360
queue_work_on+0xf4/0x120 kernel/workqueue.c:2435
tick_nohz_activate kernel/time/tick-sched.c:1491 [inline]
tick_setup_sched_timer+0x47c/0x790 kernel/time/tick-sched.c:1592
hrtimer_switch_to_hres kernel/time/hrtimer.c:750 [inline]
hrtimer_run_queues+0x33c/0x450 kernel/time/hrtimer.c:1918
run_local_timers kernel/time/timer.c:2453 [inline]
update_process_times+0xcf/0x220 kernel/time/timer.c:2475
tick_periodic+0x7e/0x230 kernel/time/tick-common.c:100
tick_handle_periodic+0x45/0x120 kernel/time/tick-common.c:112
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline]
__sysvec_apic_timer_interrupt+0x112/0x410 arch/x86/kernel/apic/apic.c:1049
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1043
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
lock_acquire+0x1f2/0x540 kernel/locking/lockdep.c:5722
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
d_alloc+0x6a/0x1e0 fs/dcache.c:1707
d_alloc_parallel+0xe9/0x12b0 fs/dcache.c:2462
__lookup_slow+0x194/0x460 fs/namei.c:1677
lookup_one_len+0x181/0x1b0 fs/namei.c:2756
tracefs_start_creating+0x110/0x2a0 fs/tracefs/inode.c:479
tracefs_create_file+0x9d/0x810 fs/tracefs/inode.c:567
trace_create_file+0x33/0x70 kernel/trace/trace.c:9167
event_trace_init+0xe5/0x1f0 kernel/trace/trace_events.c:4097
tracer_init_tracefs_work_func+0x12/0x3c0 kernel/trace/trace.c:10175
process_one_work+0x9ac/0x1a60 kernel/workqueue.c:3254
process_scheduled_works kernel/workqueue.c:3335 [inline]
worker_thread+0x6c8/0xf70 kernel/workqueue.c:3416
kthread+0x2c4/0x3a0 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243
IN-SOFTIRQ-W at:
lock_acquire kernel/locking/lockdep.c:5754 [inline]
lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
__queue_work+0x39e/0x1170 kernel/workqueue.c:2360
call_timer_fn+0x1a3/0x5b0 kernel/time/timer.c:1792
expire_timers kernel/time/timer.c:1838 [inline]
__run_timers+0x567/0xab0 kernel/time/timer.c:2408
__run_timer_base kernel/time/timer.c:2419 [inline]
__run_timer_base kernel/time/timer.c:2412 [inline]
run_timer_base+0x111/0x190 kernel/time/timer.c:2428
run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2438
__do_softirq+0x21b/0x8de kernel/softirq.c:554
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu kernel/softirq.c:633 [inline]
irq_exit_rcu+0xb9/0x120 kernel/softirq.c:645
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline]
arch_safe_halt arch/x86/include/asm/irqflags.h:86 [inline]
default_idle+0xf/0x20 arch/x86/kernel/process.c:742
default_idle_call+0x6d/0xb0 kernel/sched/idle.c:117
cpuidle_idle_call kernel/sched/idle.c:191 [inline]
do_idle+0x32c/0x3f0 kernel/sched/idle.c:332
cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:430
rest_init+0x16f/0x2b0 init/main.c:730
arch_call_rest_init+0x13/0x40 init/main.c:831
start_kernel+0x3a3/0x490 init/main.c:1077
x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:509
x86_64_start_kernel+0xb2/0xc0 arch/x86/kernel/head64.c:490
common_startup_64+0x13e/0x148
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5754 [inline]
lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
__queue_work+0x39e/0x1170 kernel/workqueue.c:2360
queue_work_on+0xf4/0x120 kernel/workqueue.c:2435
queue_work include/linux/workqueue.h:605 [inline]
start_poll_synchronize_rcu_expedited+0x147/0x180 kernel/rcu/tree_exp.h:1017
rcu_init+0x1625/0x20c0 kernel/rcu/tree.c:5240
start_kernel+0x19e/0x490 init/main.c:969
x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:509
x86_64_start_kernel+0xb2/0xc0 arch/x86/kernel/head64.c:490
common_startup_64+0x13e/0x148
}
... key at: [<ffffffff929eede0>] __key.17+0x0/0x40
the dependencies between the lock to be acquired
and HARDIRQ-irq-unsafe lock:
-> (&stab->lock){+.-.}-{2:2} {
HARDIRQ-ON-W at:
lock_acquire kernel/locking/lockdep.c:5754 [inline]
lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
__sock_map_delete net/core/sock_map.c:414 [inline]
sock_map_delete_elem+0xc8/0x150 net/core/sock_map.c:446
bpf_prog_2c29ac5cdc6b1842+0x42/0x4a
bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]
__bpf_prog_run include/linux/filter.h:657 [inline]
bpf_prog_run include/linux/filter.h:664 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline]
bpf_trace_run2+0x154/0x420 kernel/trace/bpf_trace.c:2420
__bpf_trace_contention_end+0xca/0x110 include/trace/events/lock.h:122
trace_contention_end+0xce/0x120 include/trace/events/lock.h:122
__mutex_lock_common kernel/locking/mutex.c:617 [inline]
__mutex_lock+0x19c/0x9c0 kernel/locking/mutex.c:752
nf_sockopt_find.constprop.0+0x2a/0x290 net/netfilter/nf_sockopt.c:67
nf_getsockopt+0x2d/0xe0 net/netfilter/nf_sockopt.c:113
ipv6_getsockopt+0x1fd/0x2c0 net/ipv6/ipv6_sockglue.c:1494
tcp_getsockopt+0xa1/0x100 net/ipv4/tcp.c:4373
do_sock_getsockopt+0x2e8/0x760 net/socket.c:2373
__sys_getsockopt+0x1a1/0x270 net/socket.c:2402
__do_sys_getsockopt net/socket.c:2412 [inline]
__se_sys_getsockopt net/socket.c:2409 [inline]
__x64_sys_getsockopt+0xbd/0x160 net/socket.c:2409
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xd5/0x260 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x6d/0x75
IN-SOFTIRQ-W at:
lock_acquire kernel/locking/lockdep.c:5754 [inline]
lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
__sock_map_delete net/core/sock_map.c:414 [inline]
sock_map_delete_elem+0xc8/0x150 net/core/sock_map.c:446
bpf_prog_2c29ac5cdc6b1842+0x42/0x4a
bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]
__bpf_prog_run include/linux/filter.h:657 [inline]
bpf_prog_run include/linux/filter.h:664 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline]
bpf_trace_run2+0x154/0x420 kernel/trace/bpf_trace.c:2420
__bpf_trace_contention_end+0xca/0x110 include/trace/events/lock.h:122
trace_contention_end.constprop.0+0xe2/0x140 include/trace/events/lock.h:122
__pv_queued_spin_lock_slowpath+0x266/0xc80 kernel/locking/qspinlock.c:560
pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:584 [inline]
queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline]
queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
do_raw_spin_lock+0x210/0x2c0 kernel/locking/spinlock_debug.c:116
__queue_work+0x39e/0x1170 kernel/workqueue.c:2360
call_timer_fn+0x1a3/0x5b0 kernel/time/timer.c:1792
expire_timers kernel/time/timer.c:1838 [inline]
__run_timers+0x567/0xab0 kernel/time/timer.c:2408
__run_timer_base kernel/time/timer.c:2419 [inline]
__run_timer_base kernel/time/timer.c:2412 [inline]
run_timer_base+0x111/0x190 kernel/time/timer.c:2428
run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2438
__do_softirq+0x21b/0x8de kernel/softirq.c:554
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu kernel/softirq.c:633 [inline]
irq_exit_rcu+0xb9/0x120 kernel/softirq.c:645
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
mt_locked lib/maple_tree.c:781 [inline]
mt_slot lib/maple_tree.c:788 [inline]
mas_slot lib/maple_tree.c:821 [inline]
mt_validate_nulls+0x5a4/0x9e0 lib/maple_tree.c:7547
mt_validate+0x3148/0x4390 lib/maple_tree.c:7601
validate_mm+0x9c/0x4b0 mm/mmap.c:288
mmap_region+0x15e6/0x2aa0 mm/mmap.c:2952
do_mmap+0x8ae/0xf10 mm/mmap.c:1387
vm_mmap_pgoff+0x1ab/0x3c0 mm/util.c:573
ksys_mmap_pgoff+0x425/0x5b0 mm/mmap.c:1433
__do_sys_mmap arch/x86/kernel/sys_x86_64.c:86 [inline]
__se_sys_mmap arch/x86/kernel/sys_x86_64.c:79 [inline]
__x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:79
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xd5/0x260 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x6d/0x75
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5754 [inline]
lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
__sock_map_delete net/core/sock_map.c:414 [inline]
sock_map_delete_elem+0xc8/0x150 net/core/sock_map.c:446
bpf_prog_2c29ac5cdc6b1842+0x42/0x4a
bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]
__bpf_prog_run include/linux/filter.h:657 [inline]
bpf_prog_run include/linux/filter.h:664 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline]
bpf_trace_run2+0x154/0x420 kernel/trace/bpf_trace.c:2420
__bpf_trace_contention_end+0xca/0x110 include/trace/events/lock.h:122
trace_contention_end+0xce/0x120 include/trace/events/lock.h:122
__mutex_lock_common kernel/locking/mutex.c:617 [inline]
__mutex_lock+0x19c/0x9c0 kernel/locking/mutex.c:752
nf_sockopt_find.constprop.0+0x2a/0x290 net/netfilter/nf_sockopt.c:67
nf_getsockopt+0x2d/0xe0 net/netfilter/nf_sockopt.c:113
ipv6_getsockopt+0x1fd/0x2c0 net/ipv6/ipv6_sockglue.c:1494
tcp_getsockopt+0xa1/0x100 net/ipv4/tcp.c:4373
do_sock_getsockopt+0x2e8/0x760 net/socket.c:2373
__sys_getsockopt+0x1a1/0x270 net/socket.c:2402
__do_sys_getsockopt net/socket.c:2412 [inline]
__se_sys_getsockopt net/socket.c:2409 [inline]
__x64_sys_getsockopt+0xbd/0x160 net/socket.c:2409
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xd5/0x260 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x6d/0x75
}
... key at: [<ffffffff949d04c0>] __key.1+0x0/0x40
... acquired at:
lock_acquire kernel/locking/lockdep.c:5754 [inline]
lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
__sock_map_delete net/core/sock_map.c:414 [inline]
sock_map_delete_elem+0xc8/0x150 net/core/sock_map.c:446
bpf_prog_2c29ac5cdc6b1842+0x42/0x4a
bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]
__bpf_prog_run include/linux/filter.h:657 [inline]
bpf_prog_run include/linux/filter.h:664 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline]
bpf_trace_run2+0x154/0x420 kernel/trace/bpf_trace.c:2420
__bpf_trace_contention_end+0xca/0x110 include/trace/events/lock.h:122
trace_contention_end.constprop.0+0xe2/0x140 include/trace/events/lock.h:122
__pv_queued_spin_lock_slowpath+0x266/0xc80 kernel/locking/qspinlock.c:560
pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:584 [inline]
queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline]
queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
do_raw_spin_lock+0x210/0x2c0 kernel/locking/spinlock_debug.c:116
__queue_work+0x39e/0x1170 kernel/workqueue.c:2360
call_timer_fn+0x1a3/0x5b0 kernel/time/timer.c:1792
expire_timers kernel/time/timer.c:1838 [inline]
__run_timers+0x567/0xab0 kernel/time/timer.c:2408
__run_timer_base kernel/time/timer.c:2419 [inline]
__run_timer_base kernel/time/timer.c:2412 [inline]
run_timer_base+0x111/0x190 kernel/time/timer.c:2428
run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2438
__do_softirq+0x21b/0x8de kernel/softirq.c:554
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu kernel/softirq.c:633 [inline]
irq_exit_rcu+0xb9/0x120 kernel/softirq.c:645
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
mt_locked lib/maple_tree.c:781 [inline]
mt_slot lib/maple_tree.c:788 [inline]
mas_slot lib/maple_tree.c:821 [inline]
mt_validate_nulls+0x5a4/0x9e0 lib/maple_tree.c:7547
mt_validate+0x3148/0x4390 lib/maple_tree.c:7601
validate_mm+0x9c/0x4b0 mm/mmap.c:288
mmap_region+0x15e6/0x2aa0 mm/mmap.c:2952
do_mmap+0x8ae/0xf10 mm/mmap.c:1387
vm_mmap_pgoff+0x1ab/0x3c0 mm/util.c:573
ksys_mmap_pgoff+0x425/0x5b0 mm/mmap.c:1433
__do_sys_mmap arch/x86/kernel/sys_x86_64.c:86 [inline]
__se_sys_mmap arch/x86/kernel/sys_x86_64.c:79 [inline]
__x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:79
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xd5/0x260 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x6d/0x75
stack backtrace:
CPU: 0 PID: 5972 Comm: syz-executor.4 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114
print_bad_irq_dependency kernel/locking/lockdep.c:2626 [inline]
check_irq_usage+0xe3c/0x1490 kernel/locking/lockdep.c:2865
check_prev_add kernel/locking/lockdep.c:3138 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain kernel/locking/lockdep.c:3869 [inline]
__lock_acquire+0x248e/0x3b30 kernel/locking/lockdep.c:5137
lock_acquire kernel/locking/lockdep.c:5754 [inline]
lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
__sock_map_delete net/core/sock_map.c:414 [inline]
sock_map_delete_elem+0xc8/0x150 net/core/sock_map.c:446
bpf_prog_2c29ac5cdc6b1842+0x42/0x4a
bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]
__bpf_prog_run include/linux/filter.h:657 [inline]
bpf_prog_run include/linux/filter.h:664 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline]
bpf_trace_run2+0x154/0x420 kernel/trace/bpf_trace.c:2420
__bpf_trace_contention_end+0xca/0x110 include/trace/events/lock.h:122
trace_contention_end.constprop.0+0xe2/0x140 include/trace/events/lock.h:122
__pv_queued_spin_lock_slowpath+0x266/0xc80 kernel/locking/qspinlock.c:560
pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:584 [inline]
queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline]
queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
do_raw_spin_lock+0x210/0x2c0 kernel/locking/spinlock_debug.c:116
__queue_work+0x39e/0x1170 kernel/workqueue.c:2360
call_timer_fn+0x1a3/0x5b0 kernel/time/timer.c:1792
expire_timers kernel/time/timer.c:1838 [inline]
__run_timers+0x567/0xab0 kernel/time/timer.c:2408
__run_timer_base kernel/time/timer.c:2419 [inline]
__run_timer_base kernel/time/timer.c:2412 [inline]
run_timer_base+0x111/0x190 kernel/time/timer.c:2428
run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2438
__do_softirq+0x21b/0x8de kernel/softirq.c:554
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu kernel/softirq.c:633 [inline]
irq_exit_rcu+0xb9/0x120 kernel/softirq.c:645
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:mt_locked lib/maple_tree.c:781 [inline]
RIP: 0010:mt_slot lib/maple_tree.c:788 [inline]
RIP: 0010:mas_slot lib/maple_tree.c:821 [inline]
RIP: 0010:mt_validate_nulls+0x5a4/0x9e0 lib/maple_tree.c:7547
Code: 85 15 04 00 00 48 8b 1b 48 85 db 74 3e e8 74 cb cd f6 be ff ff ff ff 48 89 df e8 47 c3 12 00 31 ff 89 c3 89 c6 e8 3c c6 cd f6 <85> db 75 1d e8 53 cb cd f6 e8 8e 79 b3 f6 31 ff 89 c3 89 c6 e8 23
RSP: 0018:ffffc90017e0f858 EFLAGS: 00000293
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff8ac070d4
RDX: ffff888027198000 RSI: 0000000000000000 RDI: 0000000000000005
RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000003
R13: 0000000000000000 R14: 0000000000000300 R15: ffff88802878bb00
mt_validate+0x3148/0x4390 lib/maple_tree.c:7601
validate_mm+0x9c/0x4b0 mm/mmap.c:288
mmap_region+0x15e6/0x2aa0 mm/mmap.c:2952
do_mmap+0x8ae/0xf10 mm/mmap.c:1387
vm_mmap_pgoff+0x1ab/0x3c0 mm/util.c:573
ksys_mmap_pgoff+0x425/0x5b0 mm/mmap.c:1433
__do_sys_mmap arch/x86/kernel/sys_x86_64.c:86 [inline]
__se_sys_mmap arch/x86/kernel/sys_x86_64.c:79 [inline]
__x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:79
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xd5/0x260 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x6d/0x75
RIP: 0033:0x7f39fec7dea3
Code: f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 89 ca 41 f7 c1 ff 0f 00 00 75 14 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 25 c3 0f 1f 40 00 48 c7 c0 b0 ff ff ff 64 c7
RSP: 002b:00007ffe386bd618 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 0000000000600000 RCX: 00007f39fec7dea3
RDX: 0000000000000003 RSI: 00000000005c0000 RDI: 0000001b31360000
RBP: 0000001b31360000 R08: 0000000000000004 R09: 0000000000040000
R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
</TASK>
----------------
Code disassembly (best guess):
0: 85 15 04 00 00 48 test %edx,0x48000004(%rip) # 0x4800000a
6: 8b 1b mov (%rbx),%ebx
8: 48 85 db test %rbx,%rbx
b: 74 3e je 0x4b
d: e8 74 cb cd f6 call 0xf6cdcb86
12: be ff ff ff ff mov $0xffffffff,%esi
17: 48 89 df mov %rbx,%rdi
1a: e8 47 c3 12 00 call 0x12c366
1f: 31 ff xor %edi,%edi
21: 89 c3 mov %eax,%ebx
23: 89 c6 mov %eax,%esi
25: e8 3c c6 cd f6 call 0xf6cdc666
* 2a: 85 db test %ebx,%ebx <-- trapping instruction
2c: 75 1d jne 0x4b
2e: e8 53 cb cd f6 call 0xf6cdcb86
33: e8 8e 79 b3 f6 call 0xf6b379c6
38: 31 ff xor %edi,%edi
3a: 89 c3 mov %eax,%ebx
3c: 89 c6 mov %eax,%esi
3e: e8 .byte 0xe8
3f: 23 .byte 0x23