hrtimer: interrupt took 40586 ns
================================
WARNING: inconsistent lock state
syzkaller #0 Not tainted
--------------------------------
inconsistent {INITIAL USE} -> {IN-NMI} usage.
syz.1.18/4390 [HC2[2]:SC0[0]:HE0:SE1] takes:
ffffffff8c450338 (kernfs_rename_lock){....}-{2:2}, at: kernfs_path_from_node+0x84/0xb30 fs/kernfs/dir.c:224
{INITIAL USE} state was registered at:
lock_acquire+0x19e/0x400 kernel/locking/lockdep.c:5623
__raw_spin_lock_irq include/linux/spinlock_api_smp.h:128 [inline]
_raw_spin_lock_irq+0xab/0xf0 kernel/locking/spinlock.c:170
spin_lock_irq include/linux/spinlock.h:389 [inline]
kernfs_rename_ns+0x52a/0x930 fs/kernfs/dir.c:1629
sysfs_rename_link_ns+0x171/0x1b0 fs/sysfs/symlink.c:192
device_rename+0x11c/0x1a0 drivers/base/core.c:4267
dev_change_name+0x2dd/0xbf0 net/core/dev.c:1323
do_setlink+0xa4e/0x3d60 net/core/rtnetlink.c:2764
__rtnl_newlink net/core/rtnetlink.c:3455 [inline]
rtnl_newlink+0x1658/0x1a50 net/core/rtnetlink.c:3577
rtnetlink_rcv_msg+0x844/0xf30 net/core/rtnetlink.c:5687
netlink_rcv_skb+0x1f5/0x440 net/netlink/af_netlink.c:2507
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x774/0x920 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x8ba/0xbe0 net/netlink/af_netlink.c:1918
sock_sendmsg_nosec net/socket.c:706 [inline]
__sock_sendmsg net/socket.c:718 [inline]
__sys_sendto+0x46d/0x620 net/socket.c:2072
__do_sys_sendto net/socket.c:2084 [inline]
__se_sys_sendto net/socket.c:2080 [inline]
__x64_sys_sendto+0xda/0xf0 net/socket.c:2080
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x66/0xd0
irq event stamp: 2650
hardirqs last enabled at (2649): [<ffffffff89e00e46>] asm_sysvec_irq_work+0x16/0x20 arch/x86/include/asm/idtentry.h:713
hardirqs last disabled at (2650): [<ffffffff89bcd65f>] irqentry_enter+0xf/0x50 kernel/entry/common.c:332
softirqs last enabled at (2606): [<ffffffff81495b1b>] __do_softirq kernel/softirq.c:610 [inline]
softirqs last enabled at (2606): [<ffffffff81495b1b>] invoke_softirq kernel/softirq.c:450 [inline]
softirqs last enabled at (2606): [<ffffffff81495b1b>] __irq_exit_rcu+0x13b/0x230 kernel/softirq.c:659
softirqs last disabled at (2149): [<ffffffff81495b1b>] __do_softirq kernel/softirq.c:610 [inline]
softirqs last disabled at (2149): [<ffffffff81495b1b>] invoke_softirq kernel/softirq.c:450 [inline]
softirqs last disabled at (2149): [<ffffffff81495b1b>] __irq_exit_rcu+0x13b/0x230 kernel/softirq.c:659
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(kernfs_rename_lock);
<Interrupt>
lock(kernfs_rename_lock);
*** DEADLOCK ***
1 lock held by syz.1.18/4390:
#0: ffffffff8c31f320 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x9/0x30 include/linux/rcupdate.h:313
stack backtrace:
CPU: 1 PID: 4390 Comm: syz.1.18 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
<#DB>
dump_stack_lvl+0x188/0x250 lib/dump_stack.c:106
lock_acquire+0x2c3/0x400 kernel/locking/lockdep.c:5614
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xb0/0x100 kernel/locking/spinlock.c:162
kernfs_path_from_node+0x84/0xb30 fs/kernfs/dir.c:224
kernfs_path include/linux/kernfs.h:547 [inline]
cgroup_path include/linux/cgroup.h:663 [inline]
get_mm_memcg_path+0xba/0x330 mm/mmap_lock.c:82
__mmap_lock_do_trace_start_locking+0xe2/0x2f0 mm/mmap_lock.c:95
__mmap_lock_trace_start_locking include/linux/mmap_lock.h:29 [inline]
mmap_read_trylock include/linux/mmap_lock.h:135 [inline]
stack_map_get_build_id_offset+0x562/0x860 kernel/bpf/stackmap.c:185
__bpf_get_stackid+0x55d/0x920 kernel/bpf/stackmap.c:294
bpf_prog_12712c88fd19bd5b+0x21/0x37c
bpf_dispatcher_nop_func include/linux/bpf.h:888 [inline]
__bpf_prog_run include/linux/filter.h:628 [inline]
bpf_prog_run include/linux/filter.h:635 [inline]
bpf_overflow_handler+0x1c2/0x4a0 kernel/events/core.c:10297
__perf_event_overflow+0x364/0x530 kernel/events/core.c:9515
perf_bp_event+0x276/0x320 kernel/events/core.c:10484
hw_breakpoint_handler arch/x86/kernel/hw_breakpoint.c:555 [inline]
hw_breakpoint_exceptions_notify+0x152/0x470 arch/x86/kernel/hw_breakpoint.c:586
notifier_call_chain kernel/notifier.c:83 [inline]
atomic_notifier_call_chain+0x15d/0x280 kernel/notifier.c:198
notify_die+0x141/0x1a0 kernel/notifier.c:529
notify_debug+0x20/0x30 arch/x86/kernel/traps.c:872
exc_debug_kernel arch/x86/kernel/traps.c:929 [inline]
exc_debug+0xcf/0x130 arch/x86/kernel/traps.c:1029
asm_exc_debug+0x1a/0x40 arch/x86/include/asm/idtentry.h:642
RIP: 0010:__get_user_nocheck_8+0x9/0x13 arch/x86/lib/getuser.S:160
Code: 90 0f 01 cb 0f ae e8 0f b7 10 31 c0 0f 01 ca c3 90 0f 01 cb 0f ae e8 8b 10 31 c0 0f 01 ca c3 90 90 0f 01 cb 0f ae e8 48 8b 10 <31> c0 0f 01 ca c3 90 0f 01 ca 31 d2 48 c7 c0 f2 ff ff ff c3 00 00
RSP: 0000:ffffc9000334f640 EFLAGS: 00040806
RAX: 0000200000000300 RBX: 0000000000000000 RCX: ffff888020390000
RDX: 00006370692f736e RSI: 0000200000000300 RDI: 00007fffffffeff0
RBP: 0000000000000001 R08: 0000000000000003 R09: 0000000000000000
R10: dffffc0000000000 R11: fffff52000669f27 R12: 0000200000000300
R13: 00007fffffffeff0 R14: 00000000ffffffff R15: dffffc0000000000
</#DB>
<TASK>
perf_callchain_user+0x40e/0xfd0 arch/x86/events/core.c:2900
get_perf_callchain+0x33d/0x460 kernel/events/callchain.c:221
perf_callchain kernel/events/core.c:7606 [inline]
perf_prepare_sample+0x352/0x1cd0 kernel/events/core.c:7633
__perf_event_output kernel/events/core.c:7802 [inline]
perf_event_output_forward+0x185/0x2e0 kernel/events/core.c:7822
__perf_event_overflow+0x364/0x530 kernel/events/core.c:9515
perf_swevent_hrtimer+0x41b/0x5b0 kernel/events/core.c:10934
__run_hrtimer kernel/time/hrtimer.c:1685 [inline]
__hrtimer_run_queues+0x4b4/0xb70 kernel/time/hrtimer.c:1749
hrtimer_interrupt+0x3bb/0x8d0 kernel/time/hrtimer.c:1811
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1097 [inline]
__sysvec_apic_timer_interrupt+0x137/0x4a0 arch/x86/kernel/apic/apic.c:1114
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1108 [inline]
sysvec_apic_timer_interrupt+0x4d/0xc0 arch/x86/kernel/apic/apic.c:1108
asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:676
RIP: 0033:0x7f7efecdcbfd
Code: 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 89 f8 48 89 fa c5 f9 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 27 01 00 00 c5 fd 74 0f <c5> fd d7 c1 85 c0 74 5b f3 0f bc c0 e9 30 01 00 00 66 90 f3 0f bc
RSP: 002b:00007fffa8dcd478 EFLAGS: 00000283
RAX: 0000000000000300 RBX: 00007fffa8dcd9b0 RCX: 2f666c65732f636f
RDX: 0000200000000300 RSI: 00007f7efedbe0c0 RDI: 0000200000000300
RBP: 0000200000000300 R08: 00007fffa8dcdbe0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000073 R14: 00007f7efed930dd R15: 00007fffa8dcda70
</TASK>
----------------
Code disassembly (best guess):
0: 90 nop
1: 0f 01 cb stac
4: 0f ae e8 lfence
7: 0f b7 10 movzwl (%rax),%edx
a: 31 c0 xor %eax,%eax
c: 0f 01 ca clac
f: c3 ret
10: 90 nop
11: 0f 01 cb stac
14: 0f ae e8 lfence
17: 8b 10 mov (%rax),%edx
19: 31 c0 xor %eax,%eax
1b: 0f 01 ca clac
1e: c3 ret
1f: 90 nop
20: 90 nop
21: 0f 01 cb stac
24: 0f ae e8 lfence
27: 48 8b 10 mov (%rax),%rdx
* 2a: 31 c0 xor %eax,%eax <-- trapping instruction
2c: 0f 01 ca clac
2f: c3 ret
30: 90 nop
31: 0f 01 ca clac
34: 31 d2 xor %edx,%edx
36: 48 c7 c0 f2 ff ff ff mov $0xfffffffffffffff2,%rax
3d: c3 ret