syzbot

================================
WARNING: inconsistent lock state
syzkaller #0 Not tainted
--------------------------------
inconsistent {INITIAL USE} -> {IN-NMI} usage.
syz.0.17/4421 [HC1[1]:SC0[0]:HE0:SE1] takes:
ffff88807b7aba38 (&trie->lock){....}-{2:2}, at: trie_delete_elem+0x90/0x690 kernel/bpf/lpm_trie.c:467
{INITIAL USE} state was registered at:
  lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662
  __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
  _raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162
  trie_delete_elem+0x90/0x690 kernel/bpf/lpm_trie.c:467
  bpf_prog_2c29ac5cdc6b1842+0x3a/0x3e
  bpf_dispatcher_nop_func include/linux/bpf.h:1012 [inline]
  __bpf_prog_run include/linux/filter.h:607 [inline]
  bpf_prog_run include/linux/filter.h:614 [inline]
  bpf_overflow_handler+0x514/0x7a0 kernel/events/core.c:10286
  __perf_event_overflow+0x448/0x610 kernel/events/core.c:9496
  perf_swevent_overflow kernel/events/core.c:9572 [inline]
  perf_swevent_event+0x4ad/0x530 kernel/events/core.c:9610
  perf_bp_event+0x23a/0x2a0 kernel/events/core.c:10478
  hw_breakpoint_handler arch/x86/kernel/hw_breakpoint.c:555 [inline]
  hw_breakpoint_exceptions_notify+0x152/0x470 arch/x86/kernel/hw_breakpoint.c:586
  notifier_call_chain kernel/notifier.c:87 [inline]
  atomic_notifier_call_chain+0x17a/0x2b0 kernel/notifier.c:225
  notify_die+0x12d/0x180 kernel/notifier.c:593
  notify_debug+0x20/0x30 arch/x86/kernel/traps.c:1018
  exc_debug_user arch/x86/kernel/traps.c:1144 [inline]
  noist_exc_debug+0x73/0x120 arch/x86/kernel/traps.c:1181
  asm_exc_debug+0x2f/0x40 arch/x86/include/asm/idtentry.h:648
irq event stamp: 2306
hardirqs last  enabled at (2305): [<ffffffff8a110050>] exc_debug_kernel arch/x86/kernel/traps.c:1093 [inline]
hardirqs last  enabled at (2305): [<ffffffff8a110050>] exc_debug+0xf0/0x130 arch/x86/kernel/traps.c:1175
hardirqs last disabled at (2306): [<ffffffff8a10ffce>] exc_debug_kernel arch/x86/kernel/traps.c:1039 [inline]
hardirqs last disabled at (2306): [<ffffffff8a10ffce>] exc_debug+0x6e/0x130 arch/x86/kernel/traps.c:1175
softirqs last  enabled at (2012): [<ffffffff818f3cef>] bpf_prog_load+0x117f/0x15a0 kernel/bpf/syscall.c:2677
softirqs last disabled at (2010): [<ffffffff818d8009>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (2010): [<ffffffff818d8009>] bpf_ksym_add+0x29/0x340 kernel/bpf/core.c:649

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&trie->lock);
  <Interrupt>
    lock(&trie->lock);

 *** DEADLOCK ***

no locks held by syz.0.17/4421.

stack backtrace:
CPU: 0 PID: 4421 Comm: syz.0.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
 <#DB>
 dump_stack_lvl+0x168/0x22e lib/dump_stack.c:106
 lock_acquire+0x2ce/0x490 kernel/locking/lockdep.c:5653
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162
 trie_delete_elem+0x90/0x690 kernel/bpf/lpm_trie.c:467
 bpf_prog_2c29ac5cdc6b1842+0x3a/0x3e
 bpf_dispatcher_nop_func include/linux/bpf.h:1012 [inline]
 __bpf_prog_run include/linux/filter.h:607 [inline]
 bpf_prog_run include/linux/filter.h:614 [inline]
 bpf_overflow_handler+0x514/0x7a0 kernel/events/core.c:10286
 __perf_event_overflow+0x448/0x610 kernel/events/core.c:9496
 perf_swevent_overflow kernel/events/core.c:9572 [inline]
 perf_swevent_event+0x4ad/0x530 kernel/events/core.c:9610
 perf_bp_event+0x23a/0x2a0 kernel/events/core.c:10478
 hw_breakpoint_handler arch/x86/kernel/hw_breakpoint.c:555 [inline]
 hw_breakpoint_exceptions_notify+0x152/0x470 arch/x86/kernel/hw_breakpoint.c:586
 notifier_call_chain kernel/notifier.c:87 [inline]
 atomic_notifier_call_chain+0x17a/0x2b0 kernel/notifier.c:225
 notify_die+0x12d/0x180 kernel/notifier.c:593
 notify_debug+0x20/0x30 arch/x86/kernel/traps.c:1018
 exc_debug_kernel arch/x86/kernel/traps.c:1075 [inline]
 exc_debug+0xd9/0x130 arch/x86/kernel/traps.c:1175
 asm_exc_debug+0x1a/0x40 arch/x86/include/asm/idtentry.h:648
RIP: 0010:copy_user_short_string+0x24/0x40 arch/x86/lib/copy_user_64.S:243
Code: 90 90 90 90 90 90 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 4c 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a 06 <88> 07 48 ff c6 48 ff c7 ff c9 75 f2 31 c0 0f 01 ca c3 8d 14 ca eb
RSP: 0018:ffffc900033e7cb0 EFLAGS: 00040206
RAX: ffffffff84077400 RBX: 0000000000000004 RCX: 0000000000000003
RDX: 0000000000000004 RSI: 0000200000000301 RDI: ffff88807ae84a51
RBP: 0000000000000000 R08: 0000000000000004 R09: 0000000000000003
R10: ffffed100f5d094a R11: 1ffff1100f5d094a R12: 00007fffffffeffc
R13: ffff888078292a00 R14: ffff88807ae84a50 R15: 0000200000000300
 </#DB>
 <TASK>
 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline]
 raw_copy_from_user arch/x86/include/asm/uaccess_64.h:52 [inline]
 _copy_from_user+0xf4/0x170 lib/usercopy.c:23
 copy_from_user include/linux/uaccess.h:161 [inline]
 copy_from_bpfptr_offset include/linux/bpfptr.h:53 [inline]
 copy_from_bpfptr include/linux/bpfptr.h:59 [inline]
 kvmemdup_bpfptr include/linux/bpfptr.h:74 [inline]
 ___bpf_copy_key+0xb0/0x100 kernel/bpf/syscall.c:1344
 map_update_elem+0x2a9/0x680 kernel/bpf/syscall.c:1460
 __sys_bpf+0x454/0x6d0 kernel/bpf/syscall.c:5018
 __do_sys_bpf kernel/bpf/syscall.c:5134 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5132 [inline]
 __x64_sys_bpf+0x78/0x90 kernel/bpf/syscall.c:5132
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f17bdd8f749
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc6e7ea1f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f17bdfe5fa0 RCX: 00007f17bdd8f749
RDX: 0000000000000020 RSI: 0000200000004080 RDI: 0000000000000002
RBP: 00007f17bde13f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f17bdfe5fa0 R14: 00007f17bdfe5fa0 R15: 0000000000000003
 </TASK>
----------------
Code disassembly (best guess):
   0:	90                   	nop
   1:	90                   	nop
   2:	90                   	nop
   3:	90                   	nop
   4:	90                   	nop
   5:	90                   	nop
   6:	89 d1                	mov    %edx,%ecx
   8:	83 e2 07             	and    $0x7,%edx
   b:	c1 e9 03             	shr    $0x3,%ecx
   e:	74 12                	je     0x22
  10:	4c 8b 06             	mov    (%rsi),%r8
  13:	4c 89 07             	mov    %r8,(%rdi)
  16:	48 8d 76 08          	lea    0x8(%rsi),%rsi
  1a:	48 8d 7f 08          	lea    0x8(%rdi),%rdi
  1e:	ff c9                	dec    %ecx
  20:	75 ee                	jne    0x10
  22:	21 d2                	and    %edx,%edx
  24:	74 10                	je     0x36
  26:	89 d1                	mov    %edx,%ecx
  28:	8a 06                	mov    (%rsi),%al
* 2a:	88 07                	mov    %al,(%rdi) <-- trapping instruction
  2c:	48 ff c6             	inc    %rsi
  2f:	48 ff c7             	inc    %rdi
  32:	ff c9                	dec    %ecx
  34:	75 f2                	jne    0x28
  36:	31 c0                	xor    %eax,%eax
  38:	0f 01 ca             	clac
  3b:	c3                   	ret
  3c:	8d 14 ca             	lea    (%rdx,%rcx,8),%edx
  3f:	eb                   	.byte 0xeb