loop4: detected capacity change from 0 to 40 loop6: detected capacity change from 0 to 40 ======================================================== WARNING: possible irq lock inversion dependency detected 6.13.0-rc2-next-20241213 #1 Not tainted -------------------------------------------------------- modprobe/27699 just changed the state of lock: ffff88802e696048 (&new_timer->it_lock){-...}-{3:3}, at: posix_timer_fn+0x27/0x60 but this lock took another, HARDIRQ-unsafe lock in the past: (&sighand->siglock){+.+.}-{3:3} and interrupts could create inverse lock ordering between them. other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&sighand->siglock); local_irq_disable(); lock(&new_timer->it_lock); lock(&sighand->siglock); lock(&new_timer->it_lock); *** DEADLOCK *** 1 lock held by modprobe/27699: #0: ffff888016f68b60 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x15b/0x390 the shortest dependencies between 2nd lock and 1st lock: -> (&sighand->siglock){+.+.}-{3:3} { HARDIRQ-ON-W at: lockdep_hardirqs_on_prepare+0x12b/0x3f0 trace_hardirqs_on+0x36/0x40 _raw_spin_unlock_irq+0x23/0x40 mtree_erase+0x15c/0x1f0 free_pid+0x32/0x270 __change_pid+0x38e/0x580 release_task+0xf72/0x1600 wait_consider_task+0x2ef0/0x3c50 __do_wait+0x7af/0x8f0 do_wait+0x19a/0x530 kernel_wait+0xa0/0x160 call_usermodehelper_exec_work+0xf9/0x180 process_one_work+0x8ee/0x1a10 worker_thread+0x674/0xe70 kthread+0x3ab/0x720 ret_from_fork+0x48/0x80 ret_from_fork_asm+0x1a/0x30 SOFTIRQ-ON-W at: lockdep_hardirqs_on_prepare+0x262/0x3f0 trace_hardirqs_on+0x36/0x40 _raw_spin_unlock_irq+0x23/0x40 mtree_erase+0x15c/0x1f0 free_pid+0x32/0x270 __change_pid+0x38e/0x580 release_task+0xf72/0x1600 wait_consider_task+0x2ef0/0x3c50 __do_wait+0x7af/0x8f0 do_wait+0x19a/0x530 kernel_wait+0xa0/0x160 call_usermodehelper_exec_work+0xf9/0x180 process_one_work+0x8ee/0x1a10 worker_thread+0x674/0xe70 kthread+0x3ab/0x720 ret_from_fork+0x48/0x80 ret_from_fork_asm+0x1a/0x30 INITIAL USE at: lock_acquire.part.0+0xeb/0x320 _raw_spin_lock_irq+0x33/0x50 calculate_sigpending+0x44/0xa0 ret_from_fork+0x23/0x80 ret_from_fork_asm+0x1a/0x30 } ... key at: [] __key.300+0x0/0x40 ... acquired at: _raw_spin_lock+0x2b/0x40 __do_sys_timer_delete+0x14e/0x670 do_syscall_64+0xbf/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> (&new_timer->it_lock){-...}-{3:3} { IN-HARDIRQ-W at: lock_acquire.part.0+0xeb/0x320 _raw_spin_lock_irqsave+0x3a/0x60 posix_timer_fn+0x27/0x60 __hrtimer_run_queues+0x1ab/0xa80 hrtimer_interrupt+0x369/0x830 __sysvec_apic_timer_interrupt+0xc2/0x330 sysvec_apic_timer_interrupt+0x6b/0x80 asm_sysvec_apic_timer_interrupt+0x1a/0x20 memset_orig+0x3e/0xb0 __unwind_start+0x2e/0x7c0 arch_stack_walk+0x63/0xf0 stack_trace_save+0x8f/0xc0 kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 __kasan_slab_alloc+0x59/0x70 kmem_cache_alloc_noprof+0x13d/0x3d0 vm_area_alloc+0x20/0x290 __mmap_region+0xceb/0x21e0 mmap_region+0x133/0x300 do_mmap+0xd12/0x1100 vm_mmap_pgoff+0x1fe/0x390 ksys_mmap_pgoff+0x3d7/0x520 __x64_sys_mmap+0x127/0x190 do_syscall_64+0xbf/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f INITIAL USE at: lock_acquire.part.0+0xeb/0x320 _raw_spin_lock_irqsave+0x3a/0x60 __lock_timer+0x1c9/0x4d0 __do_sys_timer_delete+0x69/0x670 do_syscall_64+0xbf/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f } ... key at: [] __key.0+0x0/0x40 ... acquired at: __lock_acquire+0x1595/0x4360 lock_acquire.part.0+0xeb/0x320 _raw_spin_lock_irqsave+0x3a/0x60 posix_timer_fn+0x27/0x60 __hrtimer_run_queues+0x1ab/0xa80 hrtimer_interrupt+0x369/0x830 __sysvec_apic_timer_interrupt+0xc2/0x330 sysvec_apic_timer_interrupt+0x6b/0x80 asm_sysvec_apic_timer_interrupt+0x1a/0x20 memset_orig+0x3e/0xb0 __unwind_start+0x2e/0x7c0 arch_stack_walk+0x63/0xf0 stack_trace_save+0x8f/0xc0 kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 __kasan_slab_alloc+0x59/0x70 kmem_cache_alloc_noprof+0x13d/0x3d0 vm_area_alloc+0x20/0x290 __mmap_region+0xceb/0x21e0 mmap_region+0x133/0x300 do_mmap+0xd12/0x1100 vm_mmap_pgoff+0x1fe/0x390 ksys_mmap_pgoff+0x3d7/0x520 __x64_sys_mmap+0x127/0x190 do_syscall_64+0xbf/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f stack backtrace: CPU: 0 UID: 0 PID: 27699 Comm: modprobe Not tainted 6.13.0-rc2-next-20241213 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Call Trace: dump_stack_lvl+0xca/0x120 print_irq_inversion_bug.part.0+0x3e2/0x580 mark_lock+0x8e1/0xed0 __lock_acquire+0x1595/0x4360 lock_acquire.part.0+0xeb/0x320 _raw_spin_lock_irqsave+0x3a/0x60 posix_timer_fn+0x27/0x60 __hrtimer_run_queues+0x1ab/0xa80 hrtimer_interrupt+0x369/0x830 __sysvec_apic_timer_interrupt+0xc2/0x330 sysvec_apic_timer_interrupt+0x6b/0x80 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:memset_orig+0x3e/0xb0 Code: 01 48 0f af c1 41 89 f9 41 83 e1 07 75 70 48 89 d1 48 c1 e9 06 74 35 0f 1f 44 00 00 48 ff c9 48 89 07 48 89 47 08 48 89 47 10 <48> 89 47 18 48 89 47 20 48 89 47 28 48 89 47 30 48 89 47 38 48 8d RSP: 0018:ffff8880388374a0 EFLAGS: 00000247 RAX: 0000000000000000 RBX: ffff888038837590 RCX: 0000000000000000 RDX: 0000000000000070 RSI: 0000000000000000 RDI: ffff8880388374f8 RBP: ffff88801514d340 R08: 0000000000000001 R09: 0000000000000000 R10: ffff8880388374f8 R11: 0000000000000000 R12: 0000000000000000 R13: ffff888038837520 R14: ffff88801514d340 R15: ffff8880388374f8 __unwind_start+0x2e/0x7c0 arch_stack_walk+0x63/0xf0 stack_trace_save+0x8f/0xc0 kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 __kasan_slab_alloc+0x59/0x70 kmem_cache_alloc_noprof+0x13d/0x3d0 vm_area_alloc+0x20/0x290 __mmap_region+0xceb/0x21e0 mmap_region+0x133/0x300 do_mmap+0xd12/0x1100 vm_mmap_pgoff+0x1fe/0x390 ksys_mmap_pgoff+0x3d7/0x520 __x64_sys_mmap+0x127/0x190 do_syscall_64+0xbf/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fbf9d2b0d82 Code: eb aa 66 0f 1f 44 00 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 33 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 56 5b 5d c3 0f 1f 00 c7 05 ae 03 01 00 16 00 RSP: 002b:00007ffe92a01fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fbf9d2b0d82 RDX: 0000000000000001 RSI: 00000000000031ca RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000002 R11: 0000000000000246 R12: ffffffffffffffff R13: 0000000000000001 R14: 00007fbf9d2c0060 R15: 00007fbf9d2c1538 ---------------- Code disassembly (best guess): 0: 01 48 0f add %ecx,0xf(%rax) 3: af scas %es:(%rdi),%eax 4: c1 41 89 f9 roll $0xf9,-0x77(%rcx) 8: 41 83 e1 07 and $0x7,%r9d c: 75 70 jne 0x7e e: 48 89 d1 mov %rdx,%rcx 11: 48 c1 e9 06 shr $0x6,%rcx 15: 74 35 je 0x4c 17: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 1c: 48 ff c9 dec %rcx 1f: 48 89 07 mov %rax,(%rdi) 22: 48 89 47 08 mov %rax,0x8(%rdi) 26: 48 89 47 10 mov %rax,0x10(%rdi) * 2a: 48 89 47 18 mov %rax,0x18(%rdi) <-- trapping instruction 2e: 48 89 47 20 mov %rax,0x20(%rdi) 32: 48 89 47 28 mov %rax,0x28(%rdi) 36: 48 89 47 30 mov %rax,0x30(%rdi) 3a: 48 89 47 38 mov %rax,0x38(%rdi) 3e: 48 rex.W 3f: 8d .byte 0x8d