===================================================== WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected 6.8.0-syzkaller-05236-g443574b03387 #0 Not tainted ----------------------------------------------------- syz-executor.0/6883 [HC0[0]:SC1[3]:HE0:SE0] is trying to acquire: ffff88802e59d820 (&htab->buckets[i].lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline] ffff88802e59d820 (&htab->buckets[i].lock){+.-.}-{2:2}, at: sock_hash_delete_elem+0xb0/0x300 net/core/sock_map.c:939 and this task is already holding: ffff888014ca0018 (&pool->lock){-.-.}-{2:2}, at: __queue_work+0x6ec/0xec0 which would create a new lock dependency: (&pool->lock){-.-.}-{2:2} -> (&htab->buckets[i].lock){+.-.}-{2:2} but this new dependency connects a HARDIRQ-irq-safe lock: (&pool->lock){-.-.}-{2:2} ... which became HARDIRQ-irq-safe at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 wq_worker_tick+0x207/0x440 kernel/workqueue.c:1501 scheduler_tick+0x375/0x6e0 kernel/sched/core.c:5699 update_process_times+0x202/0x230 kernel/time/timer.c:2481 tick_periodic+0x190/0x220 kernel/time/tick-common.c:100 tick_handle_periodic+0x4a/0x160 kernel/time/tick-common.c:112 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline] __sysvec_apic_timer_interrupt+0x107/0x3a0 arch/x86/kernel/apic/apic.c:1049 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 kasan_mem_to_shadow include/linux/kasan.h:61 [inline] memory_is_poisoned_n mm/kasan/generic.c:129 [inline] memory_is_poisoned mm/kasan/generic.c:161 [inline] check_region_inline mm/kasan/generic.c:180 [inline] kasan_check_range+0x3a/0x290 mm/kasan/generic.c:189 __asan_memset+0x23/0x50 mm/kasan/shadow.c:84 unwind_next_frame+0x13ab/0x2a00 arch/x86/kernel/unwind_orc.c:592 arch_stack_walk+0x151/0x1b0 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x118/0x1d0 kernel/stacktrace.c:122 save_stack+0xfb/0x1f0 mm/page_owner.c:129 __set_page_owner+0x29/0x380 mm/page_owner.c:195 set_page_owner include/linux/page_owner.h:31 [inline] post_alloc_hook+0x1ea/0x210 mm/page_alloc.c:1533 prep_new_page mm/page_alloc.c:1540 [inline] get_page_from_freelist+0x33ea/0x3580 mm/page_alloc.c:3311 __alloc_pages+0x256/0x680 mm/page_alloc.c:4569 alloc_pages_mpol+0x3de/0x650 mm/mempolicy.c:2133 __get_free_pages+0xc/0x30 mm/page_alloc.c:4616 kasan_populate_vmalloc_pte+0x38/0xe0 mm/kasan/shadow.c:311 apply_to_pte_range mm/memory.c:2619 [inline] apply_to_pmd_range mm/memory.c:2663 [inline] apply_to_pud_range mm/memory.c:2699 [inline] apply_to_p4d_range mm/memory.c:2735 [inline] __apply_to_page_range+0x8ec/0xe40 mm/memory.c:2769 pcpu_get_vm_areas+0x3749/0x4fb0 mm/vmalloc.c:4232 pcpu_create_chunk+0x69a/0xbc0 mm/percpu-vm.c:342 pcpu_balance_populated mm/percpu.c:2101 [inline] pcpu_balance_workfn+0xc4d/0xd40 mm/percpu.c:2238 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0xa00/0x1770 kernel/workqueue.c:3335 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416 kthread+0x2f0/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 to a HARDIRQ-irq-unsafe lock: (&htab->buckets[i].lock){+.-.}-{2:2} ... which became HARDIRQ-irq-unsafe at: ... lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_hash_update_common+0x20c/0xa30 net/core/sock_map.c:1007 sock_map_update_elem_sys+0x5a4/0x910 net/core/sock_map.c:581 map_update_elem+0x53a/0x6f0 kernel/bpf/syscall.c:1641 __sys_bpf+0x76f/0x810 kernel/bpf/syscall.c:5619 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline] __se_sys_bpf kernel/bpf/syscall.c:5736 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&htab->buckets[i].lock); local_irq_disable(); lock(&pool->lock); lock(&htab->buckets[i].lock); lock(&pool->lock); *** DEADLOCK *** 5 locks held by syz-executor.0/6883: #0: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline] #0: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline] #0: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: page_ext_get+0x20/0x2a0 mm/page_ext.c:508 #1: ffff88805db87690 (&ei->i_completed_io_lock){..-.}-{2:2}, at: ext4_add_complete_io fs/ext4/page-io.c:232 [inline] #1: ffff88805db87690 (&ei->i_completed_io_lock){..-.}-{2:2}, at: ext4_put_io_end_defer+0x1b2/0x330 fs/ext4/page-io.c:297 #2: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline] #2: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline] #2: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: __queue_work+0x198/0xec0 kernel/workqueue.c:2324 #3: ffff888014ca0018 (&pool->lock){-.-.}-{2:2}, at: __queue_work+0x6ec/0xec0 #4: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline] #4: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline] #4: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2380 [inline] #4: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run3+0x14a/0x460 kernel/trace/bpf_trace.c:2421 the dependencies between HARDIRQ-irq-safe lock and the holding lock: -> (&pool->lock){-.-.}-{2:2} { IN-HARDIRQ-W at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 wq_worker_tick+0x207/0x440 kernel/workqueue.c:1501 scheduler_tick+0x375/0x6e0 kernel/sched/core.c:5699 update_process_times+0x202/0x230 kernel/time/timer.c:2481 tick_periodic+0x190/0x220 kernel/time/tick-common.c:100 tick_handle_periodic+0x4a/0x160 kernel/time/tick-common.c:112 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline] __sysvec_apic_timer_interrupt+0x107/0x3a0 arch/x86/kernel/apic/apic.c:1049 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 kasan_mem_to_shadow include/linux/kasan.h:61 [inline] memory_is_poisoned_n mm/kasan/generic.c:129 [inline] memory_is_poisoned mm/kasan/generic.c:161 [inline] check_region_inline mm/kasan/generic.c:180 [inline] kasan_check_range+0x3a/0x290 mm/kasan/generic.c:189 __asan_memset+0x23/0x50 mm/kasan/shadow.c:84 unwind_next_frame+0x13ab/0x2a00 arch/x86/kernel/unwind_orc.c:592 arch_stack_walk+0x151/0x1b0 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x118/0x1d0 kernel/stacktrace.c:122 save_stack+0xfb/0x1f0 mm/page_owner.c:129 __set_page_owner+0x29/0x380 mm/page_owner.c:195 set_page_owner include/linux/page_owner.h:31 [inline] post_alloc_hook+0x1ea/0x210 mm/page_alloc.c:1533 prep_new_page mm/page_alloc.c:1540 [inline] get_page_from_freelist+0x33ea/0x3580 mm/page_alloc.c:3311 __alloc_pages+0x256/0x680 mm/page_alloc.c:4569 alloc_pages_mpol+0x3de/0x650 mm/mempolicy.c:2133 __get_free_pages+0xc/0x30 mm/page_alloc.c:4616 kasan_populate_vmalloc_pte+0x38/0xe0 mm/kasan/shadow.c:311 apply_to_pte_range mm/memory.c:2619 [inline] apply_to_pmd_range mm/memory.c:2663 [inline] apply_to_pud_range mm/memory.c:2699 [inline] apply_to_p4d_range mm/memory.c:2735 [inline] __apply_to_page_range+0x8ec/0xe40 mm/memory.c:2769 pcpu_get_vm_areas+0x3749/0x4fb0 mm/vmalloc.c:4232 pcpu_create_chunk+0x69a/0xbc0 mm/percpu-vm.c:342 pcpu_balance_populated mm/percpu.c:2101 [inline] pcpu_balance_workfn+0xc4d/0xd40 mm/percpu.c:2238 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0xa00/0x1770 kernel/workqueue.c:3335 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416 kthread+0x2f0/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 IN-SOFTIRQ-W at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 __queue_work+0x6ec/0xec0 call_timer_fn+0x17e/0x600 kernel/time/timer.c:1792 expire_timers kernel/time/timer.c:1838 [inline] __run_timers kernel/time/timer.c:2408 [inline] __run_timer_base+0x695/0x8e0 kernel/time/timer.c:2419 run_timer_base kernel/time/timer.c:2428 [inline] run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2438 __do_softirq+0x2bc/0x943 kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633 irq_exit_rcu+0x9/0x30 kernel/softirq.c:645 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline] arch_safe_halt arch/x86/include/asm/irqflags.h:86 [inline] default_idle+0x13/0x20 arch/x86/kernel/process.c:742 default_idle_call+0x74/0xb0 kernel/sched/idle.c:117 cpuidle_idle_call kernel/sched/idle.c:191 [inline] do_idle+0x22f/0x5d0 kernel/sched/idle.c:332 cpu_startup_entry+0x42/0x60 kernel/sched/idle.c:430 rest_init+0x2e0/0x300 init/main.c:730 arch_call_rest_init+0xe/0x10 init/main.c:831 start_kernel+0x47a/0x500 init/main.c:1077 x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:509 x86_64_start_kernel+0x99/0xa0 arch/x86/kernel/head64.c:490 common_startup_64+0x13e/0x147 INITIAL USE at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 __queue_work+0x6ec/0xec0 queue_work_on+0x14f/0x250 kernel/workqueue.c:2435 queue_work include/linux/workqueue.h:605 [inline] start_poll_synchronize_rcu_expedited+0xf7/0x150 kernel/rcu/tree_exp.h:1017 rcu_init+0xea/0x140 kernel/rcu/tree.c:5240 start_kernel+0x1f7/0x500 init/main.c:969 x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:509 x86_64_start_kernel+0x99/0xa0 arch/x86/kernel/head64.c:490 common_startup_64+0x13e/0x147 } ... key at: [] init_worker_pool.__key+0x0/0x20 the dependencies between the lock to be acquired and HARDIRQ-irq-unsafe lock: -> (&htab->buckets[i].lock){+.-.}-{2:2} { HARDIRQ-ON-W at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_hash_update_common+0x20c/0xa30 net/core/sock_map.c:1007 sock_map_update_elem_sys+0x5a4/0x910 net/core/sock_map.c:581 map_update_elem+0x53a/0x6f0 kernel/bpf/syscall.c:1641 __sys_bpf+0x76f/0x810 kernel/bpf/syscall.c:5619 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline] __se_sys_bpf kernel/bpf/syscall.c:5736 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 IN-SOFTIRQ-W at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_hash_delete_elem+0xb0/0x300 net/core/sock_map.c:939 bpf_prog_2c29ac5cdc6b1842+0x42/0x46 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run3+0x238/0x460 kernel/trace/bpf_trace.c:2421 trace_workqueue_queue_work include/trace/events/workqueue.h:23 [inline] __queue_work+0xe5b/0xec0 kernel/workqueue.c:2382 queue_work_on+0x14f/0x250 kernel/workqueue.c:2435 queue_work include/linux/workqueue.h:605 [inline] ext4_add_complete_io fs/ext4/page-io.c:235 [inline] ext4_put_io_end_defer+0x222/0x330 fs/ext4/page-io.c:297 req_bio_endio block/blk-mq.c:791 [inline] blk_update_request+0x55d/0x1050 block/blk-mq.c:936 scsi_end_request+0x88/0x8c0 drivers/scsi/scsi_lib.c:539 scsi_io_completion+0x1bd/0x430 drivers/scsi/scsi_lib.c:977 blk_complete_reqs block/blk-mq.c:1134 [inline] blk_done_softirq+0x100/0x150 block/blk-mq.c:1139 __do_softirq+0x2bc/0x943 kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633 irq_exit_rcu+0x9/0x30 kernel/softirq.c:645 common_interrupt+0xaa/0xd0 arch/x86/kernel/irq.c:247 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 stack_depot_save_flags+0x15f/0x860 lib/stackdepot.c:659 save_stack+0x109/0x1f0 mm/page_owner.c:130 __reset_page_owner+0x44/0x2d0 mm/page_owner.c:150 reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1140 [inline] free_unref_page_prepare+0x968/0xa90 mm/page_alloc.c:2346 free_unref_page+0x37/0x3f0 mm/page_alloc.c:2486 mm_free_pgd kernel/fork.c:803 [inline] __mmdrop+0xb9/0x3d0 kernel/fork.c:919 exit_mm+0x220/0x310 kernel/exit.c:569 do_exit+0x99e/0x27e0 kernel/exit.c:865 do_group_exit+0x207/0x2c0 kernel/exit.c:1027 get_signal+0x176e/0x1850 kernel/signal.c:2907 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:310 exit_to_user_mode_loop kernel/entry/common.c:105 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:201 [inline] syscall_exit_to_user_mode+0xc9/0x360 kernel/entry/common.c:212 do_syscall_64+0x10a/0x240 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x6d/0x75 INITIAL USE at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_hash_update_common+0x20c/0xa30 net/core/sock_map.c:1007 sock_map_update_elem_sys+0x5a4/0x910 net/core/sock_map.c:581 map_update_elem+0x53a/0x6f0 kernel/bpf/syscall.c:1641 __sys_bpf+0x76f/0x810 kernel/bpf/syscall.c:5619 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline] __se_sys_bpf kernel/bpf/syscall.c:5736 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 } ... key at: [] sock_hash_alloc.__key+0x0/0x20 ... acquired at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_hash_delete_elem+0xb0/0x300 net/core/sock_map.c:939 bpf_prog_2c29ac5cdc6b1842+0x42/0x46 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run3+0x238/0x460 kernel/trace/bpf_trace.c:2421 trace_workqueue_queue_work include/trace/events/workqueue.h:23 [inline] __queue_work+0xe5b/0xec0 kernel/workqueue.c:2382 queue_work_on+0x14f/0x250 kernel/workqueue.c:2435 queue_work include/linux/workqueue.h:605 [inline] ext4_add_complete_io fs/ext4/page-io.c:235 [inline] ext4_put_io_end_defer+0x222/0x330 fs/ext4/page-io.c:297 req_bio_endio block/blk-mq.c:791 [inline] blk_update_request+0x55d/0x1050 block/blk-mq.c:936 scsi_end_request+0x88/0x8c0 drivers/scsi/scsi_lib.c:539 scsi_io_completion+0x1bd/0x430 drivers/scsi/scsi_lib.c:977 blk_complete_reqs block/blk-mq.c:1134 [inline] blk_done_softirq+0x100/0x150 block/blk-mq.c:1139 __do_softirq+0x2bc/0x943 kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633 irq_exit_rcu+0x9/0x30 kernel/softirq.c:645 common_interrupt+0xaa/0xd0 arch/x86/kernel/irq.c:247 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 stack_depot_save_flags+0x15f/0x860 lib/stackdepot.c:659 save_stack+0x109/0x1f0 mm/page_owner.c:130 __reset_page_owner+0x44/0x2d0 mm/page_owner.c:150 reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1140 [inline] free_unref_page_prepare+0x968/0xa90 mm/page_alloc.c:2346 free_unref_page+0x37/0x3f0 mm/page_alloc.c:2486 mm_free_pgd kernel/fork.c:803 [inline] __mmdrop+0xb9/0x3d0 kernel/fork.c:919 exit_mm+0x220/0x310 kernel/exit.c:569 do_exit+0x99e/0x27e0 kernel/exit.c:865 do_group_exit+0x207/0x2c0 kernel/exit.c:1027 get_signal+0x176e/0x1850 kernel/signal.c:2907 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:310 exit_to_user_mode_loop kernel/entry/common.c:105 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:201 [inline] syscall_exit_to_user_mode+0xc9/0x360 kernel/entry/common.c:212 do_syscall_64+0x10a/0x240 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x6d/0x75 stack backtrace: CPU: 1 PID: 6883 Comm: syz-executor.0 Not tainted 6.8.0-syzkaller-05236-g443574b03387 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106 print_bad_irq_dependency kernel/locking/lockdep.c:2626 [inline] check_irq_usage kernel/locking/lockdep.c:2865 [inline] check_prev_add kernel/locking/lockdep.c:3138 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline] validate_chain+0x4dc7/0x58e0 kernel/locking/lockdep.c:3869 __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137 lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_hash_delete_elem+0xb0/0x300 net/core/sock_map.c:939 bpf_prog_2c29ac5cdc6b1842+0x42/0x46 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run3+0x238/0x460 kernel/trace/bpf_trace.c:2421 trace_workqueue_queue_work include/trace/events/workqueue.h:23 [inline] __queue_work+0xe5b/0xec0 kernel/workqueue.c:2382 queue_work_on+0x14f/0x250 kernel/workqueue.c:2435 queue_work include/linux/workqueue.h:605 [inline] ext4_add_complete_io fs/ext4/page-io.c:235 [inline] ext4_put_io_end_defer+0x222/0x330 fs/ext4/page-io.c:297 req_bio_endio block/blk-mq.c:791 [inline] blk_update_request+0x55d/0x1050 block/blk-mq.c:936 scsi_end_request+0x88/0x8c0 drivers/scsi/scsi_lib.c:539 scsi_io_completion+0x1bd/0x430 drivers/scsi/scsi_lib.c:977 blk_complete_reqs block/blk-mq.c:1134 [inline] blk_done_softirq+0x100/0x150 block/blk-mq.c:1139 __do_softirq+0x2bc/0x943 kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633 irq_exit_rcu+0x9/0x30 kernel/softirq.c:645 common_interrupt+0xaa/0xd0 arch/x86/kernel/irq.c:247 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 RIP: 0010:find_stack lib/stackdepot.c:593 [inline] RIP: 0010:stack_depot_save_flags+0x15f/0x860 lib/stackdepot.c:659 Code: de c1 c3 18 41 29 de 48 8b 05 ad 08 9f 0f 8b 0d 9f 08 9f 0f 44 21 f1 48 c1 e1 04 48 8d 14 08 65 ff 05 ad ef 25 7b 4c 8b 3c 08 <49> 39 d7 8b 6c 24 0c 0f 84 95 00 00 00 45 89 cd eb 0c 4d 8b 3f 49 RSP: 0018:ffffc90004947700 EFLAGS: 00000282 RAX: ffff88823ac00000 RBX: 00000000ca62e533 RCX: 0000000000133130 RDX: ffff88823ad33130 RSI: 0000000000000001 RDI: 000000009daaa5b2 RBP: 000000006167df7e R08: ffffc900049477a0 R09: 000000000000000b R10: dffffc0000000000 R11: fffffbfff1f0d5ce R12: dffffc0000000000 R13: 1ffff92000928ef0 R14: 00000000cba13313 R15: ffff88807f027080 save_stack+0x109/0x1f0 mm/page_owner.c:130 __reset_page_owner+0x44/0x2d0 mm/page_owner.c:150 reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1140 [inline] free_unref_page_prepare+0x968/0xa90 mm/page_alloc.c:2346 free_unref_page+0x37/0x3f0 mm/page_alloc.c:2486 mm_free_pgd kernel/fork.c:803 [inline] __mmdrop+0xb9/0x3d0 kernel/fork.c:919 exit_mm+0x220/0x310 kernel/exit.c:569 do_exit+0x99e/0x27e0 kernel/exit.c:865 do_group_exit+0x207/0x2c0 kernel/exit.c:1027 get_signal+0x176e/0x1850 kernel/signal.c:2907 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:310 exit_to_user_mode_loop kernel/entry/common.c:105 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:201 [inline] syscall_exit_to_user_mode+0xc9/0x360 kernel/entry/common.c:212 do_syscall_64+0x10a/0x240 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x6d/0x75 RIP: 0033:0x7f817327dea9 Code: Unable to access opcode bytes at 0x7f817327de7f. RSP: 002b:00007f8174038178 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00007f81733abf88 RCX: 00007f817327dea9 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f81733abf88 RBP: 00007f81733abf80 R08: 00007f81740386c0 R09: 00007f81740386c0 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f81733abf8c R13: 000000000000000b R14: 00007ffd825f7110 R15: 00007ffd825f71f8 ------------[ cut here ]------------ raw_local_irq_restore() called with IRQs enabled WARNING: CPU: 1 PID: 6883 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x29/0x40 kernel/locking/irqflag-debug.c:10 Modules linked in: CPU: 1 PID: 6883 Comm: syz-executor.0 Not tainted 6.8.0-syzkaller-05236-g443574b03387 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:warn_bogus_irq_restore+0x29/0x40 kernel/locking/irqflag-debug.c:10 Code: 90 f3 0f 1e fa 90 80 3d de 59 01 04 00 74 06 90 c3 cc cc cc cc c6 05 cf 59 01 04 01 90 48 c7 c7 20 ba aa 8b e8 f8 d5 e7 f5 90 <0f> 0b 90 90 90 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f RSP: 0018:ffffc90000a08b38 EFLAGS: 00010246 RAX: 806bf00c1e9e9c00 RBX: 0000000000000200 RCX: ffff88807a811e00 RDX: 0000000000000102 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc90000a08c08 R08: ffffffff8157cc12 R09: 1ffff920001410bc R10: dffffc0000000000 R11: fffff520001410bd R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000246 R15: 1ffff9200014116c FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020754000 CR3: 0000000026f68000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: queue_work_on+0x1ea/0x250 kernel/workqueue.c:2439 queue_work include/linux/workqueue.h:605 [inline] ext4_add_complete_io fs/ext4/page-io.c:235 [inline] ext4_put_io_end_defer+0x222/0x330 fs/ext4/page-io.c:297 req_bio_endio block/blk-mq.c:791 [inline] blk_update_request+0x55d/0x1050 block/blk-mq.c:936 scsi_end_request+0x88/0x8c0 drivers/scsi/scsi_lib.c:539 scsi_io_completion+0x1bd/0x430 drivers/scsi/scsi_lib.c:977 blk_complete_reqs block/blk-mq.c:1134 [inline] blk_done_softirq+0x100/0x150 block/blk-mq.c:1139 __do_softirq+0x2bc/0x943 kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633 irq_exit_rcu+0x9/0x30 kernel/softirq.c:645 common_interrupt+0xaa/0xd0 arch/x86/kernel/irq.c:247 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 RIP: 0010:find_stack lib/stackdepot.c:593 [inline] RIP: 0010:stack_depot_save_flags+0x15f/0x860 lib/stackdepot.c:659 Code: de c1 c3 18 41 29 de 48 8b 05 ad 08 9f 0f 8b 0d 9f 08 9f 0f 44 21 f1 48 c1 e1 04 48 8d 14 08 65 ff 05 ad ef 25 7b 4c 8b 3c 08 <49> 39 d7 8b 6c 24 0c 0f 84 95 00 00 00 45 89 cd eb 0c 4d 8b 3f 49 RSP: 0018:ffffc90004947700 EFLAGS: 00000282 RAX: ffff88823ac00000 RBX: 00000000ca62e533 RCX: 0000000000133130 RDX: ffff88823ad33130 RSI: 0000000000000001 RDI: 000000009daaa5b2 RBP: 000000006167df7e R08: ffffc900049477a0 R09: 000000000000000b R10: dffffc0000000000 R11: fffffbfff1f0d5ce R12: dffffc0000000000 R13: 1ffff92000928ef0 R14: 00000000cba13313 R15: ffff88807f027080 save_stack+0x109/0x1f0 mm/page_owner.c:130 __reset_page_owner+0x44/0x2d0 mm/page_owner.c:150 reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1140 [inline] free_unref_page_prepare+0x968/0xa90 mm/page_alloc.c:2346 free_unref_page+0x37/0x3f0 mm/page_alloc.c:2486 mm_free_pgd kernel/fork.c:803 [inline] __mmdrop+0xb9/0x3d0 kernel/fork.c:919 exit_mm+0x220/0x310 kernel/exit.c:569 do_exit+0x99e/0x27e0 kernel/exit.c:865 do_group_exit+0x207/0x2c0 kernel/exit.c:1027 get_signal+0x176e/0x1850 kernel/signal.c:2907 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:310 exit_to_user_mode_loop kernel/entry/common.c:105 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:201 [inline] syscall_exit_to_user_mode+0xc9/0x360 kernel/entry/common.c:212 do_syscall_64+0x10a/0x240 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x6d/0x75 RIP: 0033:0x7f817327dea9 Code: Unable to access opcode bytes at 0x7f817327de7f. RSP: 002b:00007f8174038178 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00007f81733abf88 RCX: 00007f817327dea9 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f81733abf88 RBP: 00007f81733abf80 R08: 00007f81740386c0 R09: 00007f81740386c0 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f81733abf8c R13: 000000000000000b R14: 00007ffd825f7110 R15: 00007ffd825f71f8 ---------------- Code disassembly (best guess): 0: de c1 faddp %st,%st(1) 2: c3 ret 3: 18 41 29 sbb %al,0x29(%rcx) 6: de 48 8b fimuls -0x75(%rax) 9: 05 ad 08 9f 0f add $0xf9f08ad,%eax e: 8b 0d 9f 08 9f 0f mov 0xf9f089f(%rip),%ecx # 0xf9f08b3 14: 44 21 f1 and %r14d,%ecx 17: 48 c1 e1 04 shl $0x4,%rcx 1b: 48 8d 14 08 lea (%rax,%rcx,1),%rdx 1f: 65 ff 05 ad ef 25 7b incl %gs:0x7b25efad(%rip) # 0x7b25efd3 26: 4c 8b 3c 08 mov (%rax,%rcx,1),%r15 * 2a: 49 39 d7 cmp %rdx,%r15 <-- trapping instruction 2d: 8b 6c 24 0c mov 0xc(%rsp),%ebp 31: 0f 84 95 00 00 00 je 0xcc 37: 45 89 cd mov %r9d,%r13d 3a: eb 0c jmp 0x48 3c: 4d 8b 3f mov (%r15),%r15 3f: 49 rex.WB