=====================================
WARNING: bad unlock balance detected!
6.11.0-rc4-next-20240822-syzkaller #0 Not tainted
-------------------------------------
syz.0.12/5352 is trying to release lock (rcu_read_lock) at:
[<ffffffff81a2fa96>] rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
[<ffffffff81a2fa96>] rcu_read_lock include/linux/rcupdate.h:849 [inline]
[<ffffffff81a2fa96>] search_bpf_extables+0x26/0x3f0 kernel/bpf/core.c:788
but there are no more locks to release!
other info that might help us debug this:
2 locks held by syz.0.12/5352:
#0: ffff8880282fa818 (&p->pi_lock){-.-.}-{2:2}, at: class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]
#0: ffff8880282fa818 (&p->pi_lock){-.-.}-{2:2}, at: try_to_wake_up+0xb0/0x1480 kernel/sched/core.c:4150
#1: ffff8880b903ea58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb0/0x140 kernel/sched/core.c:595
stack backtrace:
CPU: 0 UID: 0 PID: 5352 Comm: syz.0.12 Not tainted 6.11.0-rc4-next-20240822-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_unlock_imbalance_bug+0x25b/0x2d0 kernel/locking/lockdep.c:5263
__lock_release kernel/locking/lockdep.c:5502 [inline]
lock_release+0x5cb/0xa30 kernel/locking/lockdep.c:5846
rcu_lock_release include/linux/rcupdate.h:347 [inline]
rcu_read_unlock include/linux/rcupdate.h:880 [inline]
search_bpf_extables+0x39b/0x3f0 kernel/bpf/core.c:797
fixup_exception+0xaf/0x1cc0 arch/x86/mm/extable.c:320
gp_try_fixup_and_notify arch/x86/kernel/traps.c:667 [inline]
__exc_general_protection arch/x86/kernel/traps.c:727 [inline]
exc_general_protection+0x1e8/0x5d0 arch/x86/kernel/traps.c:693
asm_exc_general_protection+0x26/0x30 arch/x86/include/asm/idtentry.h:617
RIP: 0010:vsnprintf+0x10dd/0x1da0 lib/vsprintf.c:2824
Code: f0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 d9 1c 44 f6 49 8b 1e 48 8d 43 08 49 89 06 4c 8b 7c 24 18 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 b4 1c 44 f6 48 8b 13 48 8b 7c 24
RSP: 0018:ffffc900045af160 EFLAGS: 00010006
RAX: 03fffffffe4db7b1 RBX: 1ffffffff26dbd8a RCX: 0000000000040000
RDX: ffffc900045f1000 RSI: 0000000000000152 RDI: 0000000000000153
RBP: ffffc900045af258 R08: ffffffff8bb863b2 R09: ffffffff8bb85b44
R10: 0000000000000012 R11: ffff88802676da00 R12: ffffffff8c0a7e42
R13: dffffc0000000000 R14: ffffc900045af6c8 R15: ffffffff94fba8d2
vscnprintf+0x42/0x90 lib/vsprintf.c:2930
printk_sprint+0x31/0x4b0 kernel/printk/printk.c:2192
vprintk_store+0x984/0x1160 kernel/printk/printk.c:2306
vprintk_emit+0x39b/0xa10 kernel/printk/printk.c:2378
</TASK>
Oops: general protection fault, probably for non-canonical address 0xe3fffbfffe4db7b1: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: maybe wild-memory-access in range [0x1ffffffff26dbd88-0x1ffffffff26dbd8f]
CPU: 0 UID: 0 PID: 5352 Comm: syz.0.12 Not tainted 6.11.0-rc4-next-20240822-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:vsnprintf+0x10dd/0x1da0 lib/vsprintf.c:2824
Code: f0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 d9 1c 44 f6 49 8b 1e 48 8d 43 08 49 89 06 4c 8b 7c 24 18 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 b4 1c 44 f6 48 8b 13 48 8b 7c 24
RSP: 0018:ffffc900045af160 EFLAGS: 00010006
RAX: 03fffffffe4db7b1 RBX: 1ffffffff26dbd8a RCX: 0000000000040000
RDX: ffffc900045f1000 RSI: 0000000000000152 RDI: 0000000000000153
RBP: ffffc900045af258 R08: ffffffff8bb863b2 R09: ffffffff8bb85b44
R10: 0000000000000012 R11: ffff88802676da00 R12: ffffffff8c0a7e42
R13: dffffc0000000000 R14: ffffc900045af6c8 R15: ffffffff94fba8d2
FS: 00007f3efa2b06c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb1f0ce7ab8 CR3: 0000000078862000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
vscnprintf+0x42/0x90 lib/vsprintf.c:2930
printk_sprint+0x31/0x4b0 kernel/printk/printk.c:2192
vprintk_store+0x984/0x1160 kernel/printk/printk.c:2306
vprintk_emit+0x39b/0xa10 kernel/printk/printk.c:2378
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:vsnprintf+0x10dd/0x1da0 lib/vsprintf.c:2824
Code: f0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 d9 1c 44 f6 49 8b 1e 48 8d 43 08 49 89 06 4c 8b 7c 24 18 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 b4 1c 44 f6 48 8b 13 48 8b 7c 24
RSP: 0018:ffffc900045af160 EFLAGS: 00010006
RAX: 03fffffffe4db7b1 RBX: 1ffffffff26dbd8a RCX: 0000000000040000
RDX: ffffc900045f1000 RSI: 0000000000000152 RDI: 0000000000000153
RBP: ffffc900045af258 R08: ffffffff8bb863b2 R09: ffffffff8bb85b44
R10: 0000000000000012 R11: ffff88802676da00 R12: ffffffff8c0a7e42
R13: dffffc0000000000 R14: ffffc900045af6c8 R15: ffffffff94fba8d2
FS: 00007f3efa2b06c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb1f0ce7ab8 CR3: 0000000078862000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: f0 48 c1 e8 03 lock shr $0x3,%rax
5: 42 80 3c 28 00 cmpb $0x0,(%rax,%r13,1)
a: 74 08 je 0x14
c: 4c 89 f7 mov %r14,%rdi
f: e8 d9 1c 44 f6 call 0xf6441ced
14: 49 8b 1e mov (%r14),%rbx
17: 48 8d 43 08 lea 0x8(%rbx),%rax
1b: 49 89 06 mov %rax,(%r14)
1e: 4c 8b 7c 24 18 mov 0x18(%rsp),%r15
23: 48 89 d8 mov %rbx,%rax
26: 48 c1 e8 03 shr $0x3,%rax
* 2a: 42 80 3c 28 00 cmpb $0x0,(%rax,%r13,1) <-- trapping instruction
2f: 74 08 je 0x39
31: 48 89 df mov %rbx,%rdi
34: e8 b4 1c 44 f6 call 0xf6441ced
39: 48 8b 13 mov (%rbx),%rdx
3c: 48 rex.W
3d: 8b .byte 0x8b
3e: 7c 24 jl 0x64