syzbot

================================
WARNING: inconsistent lock state
6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0 Not tainted
--------------------------------
inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
syz.7.777/9329 [HC1[1]:SC0[0]:HE0:SE1] takes:
ffff8880b863ea98 (address_handler_list_lock){?.+.}-{2:2}, at: raw_spin_rq_lock_nested+0xb0/0x140 kernel/sched/core.c:606
{HARDIRQ-ON-W} state was registered at:
  lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
  __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
  _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
  spin_lock include/linux/spinlock.h:351 [inline]
  class_spinlock_constructor include/linux/spinlock.h:559 [inline]
  fw_core_add_address_handler+0x13e/0x490 drivers/firewire/core-transaction.c:585
  fw_core_init+0xe0/0x210 drivers/firewire/core-transaction.c:1347
  do_one_initcall+0x24a/0x880 init/main.c:1269
  do_initcall_level+0x157/0x210 init/main.c:1331
  do_initcalls+0x3f/0x80 init/main.c:1347
  kernel_init_freeable+0x435/0x5d0 init/main.c:1580
  kernel_init+0x1d/0x2b0 init/main.c:1469
  ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
irq event stamp: 10460
hardirqs last  enabled at (10459): [<ffffffff8bc74793>] irqentry_exit+0x63/0x90 kernel/entry/common.c:357
hardirqs last disabled at (10460): [<ffffffff8bc7233e>] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1049
softirqs last  enabled at (9626): [<ffffffff81578c44>] __do_softirq kernel/softirq.c:588 [inline]
softirqs last  enabled at (9626): [<ffffffff81578c44>] invoke_softirq kernel/softirq.c:428 [inline]
softirqs last  enabled at (9626): [<ffffffff81578c44>] __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637
softirqs last disabled at (9589): [<ffffffff81578c44>] __do_softirq kernel/softirq.c:588 [inline]
softirqs last disabled at (9589): [<ffffffff81578c44>] invoke_softirq kernel/softirq.c:428 [inline]
softirqs last disabled at (9589): [<ffffffff81578c44>] __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(address_handler_list_lock);
  <Interrupt>
    lock(address_handler_list_lock);

 *** DEADLOCK ***

3 locks held by syz.7.777/9329:
 #0: ffff88807e766098 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock_killable include/linux/mmap_lock.h:122 [inline]
 #0: ffff88807e766098 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x17c/0x3d0 mm/util.c:586
 #1: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #1: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #1: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: __pte_offset_map+0x82/0x380 mm/pgtable-generic.c:287
 #2: ffff888024f7e418 (&p->pi_lock){-.-.}-{2:2}, at: class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]
 #2: ffff888024f7e418 (&p->pi_lock){-.-.}-{2:2}, at: try_to_wake_up+0xbe/0x14b0 kernel/sched/core.c:4165

stack backtrace:
CPU: 0 UID: 0 PID: 9329 Comm: syz.7.777 Not tainted 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_usage_bug+0x62e/0x8b0 kernel/locking/lockdep.c:4038
 valid_state+0x13a/0x1c0 kernel/locking/lockdep.c:4052
 mark_lock_irq+0xbb/0xc20 kernel/locking/lockdep.c:4263
 mark_lock+0x223/0x360 kernel/locking/lockdep.c:4725
 mark_usage kernel/locking/lockdep.c:4611 [inline]
 __lock_acquire+0xbb7/0x2050 kernel/locking/lockdep.c:5156
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
 _raw_spin_lock_nested+0x31/0x40 kernel/locking/spinlock.c:378
 raw_spin_rq_lock_nested+0xb0/0x140 kernel/sched/core.c:606
 raw_spin_rq_lock kernel/sched/sched.h:1505 [inline]
 rq_lock kernel/sched/sched.h:1804 [inline]
 ttwu_queue kernel/sched/core.c:3951 [inline]
 try_to_wake_up+0x81e/0x14b0 kernel/sched/core.c:4281
 hrtimer_wakeup+0x62/0x80 kernel/time/hrtimer.c:1927
 __run_hrtimer kernel/time/hrtimer.c:1691 [inline]
 __hrtimer_run_queues+0x59d/0xd50 kernel/time/hrtimer.c:1755
 hrtimer_interrupt+0x396/0x990 kernel/time/hrtimer.c:1817
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1038 [inline]
 __sysvec_apic_timer_interrupt+0x112/0x420 arch/x86/kernel/apic/apic.c:1055
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:finish_task_switch+0x1ea/0x870 kernel/sched/core.c:5202
Code: c9 50 e8 79 00 0c 00 48 83 c4 08 4c 89 f7 e8 4d 39 00 00 e9 de 04 00 00 4c 89 f7 e8 50 ad 6c 0a e8 0b 5a 38 00 fb 48 8b 5d c0 <48> 8d bb f8 15 00 00 48 89 f8 48 c1 e8 03 49 be 00 00 00 00 00 fc
RSP: 0018:ffffc90004536fa8 EFLAGS: 00000286
RAX: 2804aad994a0e000 RBX: ffff88802b0e0000 RCX: ffffffff8170bffa
RDX: dffffc0000000000 RSI: ffffffff8c0acac0 RDI: ffffffff8c610860
RBP: ffffc90004536ff0 R08: ffffffff942cd837 R09: 1ffffffff2859b06
R10: dffffc0000000000 R11: fffffbfff2859b07 R12: 1ffff110170c7f14
R13: dffffc0000000000 R14: ffff8880b863ea80 R15: ffff8880b863f8a0
 context_switch kernel/sched/core.c:5331 [inline]
 __schedule+0x1857/0x4c30 kernel/sched/core.c:6690
 preempt_schedule_irq+0xfb/0x1c0 kernel/sched/core.c:7012
 irqentry_exit+0x5e/0x90 kernel/entry/common.c:354
 asm_sysvec_reschedule_ipi+0x1a/0x20 arch/x86/include/asm/idtentry.h:707
RIP: 0010:lock_acquire+0x264/0x550 kernel/locking/lockdep.c:5829
Code: 2b 00 74 08 4c 89 f7 e8 8a 56 8e 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
RSP: 0018:ffffc900045373a0 EFLAGS: 00000206
RAX: 0000000000000001 RBX: 1ffff920008a6e80 RCX: 2804aad994a0e000
RDX: dffffc0000000000 RSI: ffffffff8c0adc40 RDI: ffffffff8c610860
RBP: ffffc900045374e8 R08: ffffffff942cd807 R09: 1ffffffff2859b00
R10: dffffc0000000000 R11: fffffbfff2859b01 R12: 1ffff920008a6e7c
R13: dffffc0000000000 R14: ffffc90004537400 R15: 0000000000000246
 rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 rcu_read_lock include/linux/rcupdate.h:849 [inline]
 __pte_offset_map+0x9e/0x380 mm/pgtable-generic.c:287
 __pte_offset_map_lock+0xc7/0x300 mm/pgtable-generic.c:371
 pte_offset_map_lock include/linux/mm.h:3014 [inline]
 __get_locked_pte mm/memory.c:1992 [inline]
 get_locked_pte include/linux/mm.h:2727 [inline]
 insert_page mm/memory.c:2076 [inline]
 vm_insert_page+0x4a9/0x710 mm/memory.c:2229
 kcov_mmap+0xd7/0x140 kernel/kcov.c:506
 call_mmap include/linux/fs.h:2172 [inline]
 mmap_region+0x168b/0x2940 mm/mmap.c:1450
 do_mmap+0x8f0/0x1000 mm/mmap.c:496
 vm_mmap_pgoff+0x1dd/0x3d0 mm/util.c:588
 ksys_mmap_pgoff+0x4eb/0x720 mm/mmap.c:542
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f616ed7e753
Code: f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 89 ca 41 f7 c1 ff 0f 00 00 75 14 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 25 c3 0f 1f 40 00 48 c7 c0 a8 ff ff ff 64 c7
RSP: 002b:00007ffe6f673f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007f616ef362a0 RCX: 00007f616ed7e753
RDX: 0000000000000003 RSI: 0000000000200000 RDI: 00007f616cfb4000
RBP: 00007f616ef36208 R08: 00000000000000db R09: 0000000000000000
R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000003
R13: 00007f616ef36208 R14: 0000000000000003 R15: 000000000000053f
 </TASK>
----------------
Code disassembly (best guess):
   0:	c9                   	leave
   1:	50                   	push   %rax
   2:	e8 79 00 0c 00       	call   0xc0080
   7:	48 83 c4 08          	add    $0x8,%rsp
   b:	4c 89 f7             	mov    %r14,%rdi
   e:	e8 4d 39 00 00       	call   0x3960
  13:	e9 de 04 00 00       	jmp    0x4f6
  18:	4c 89 f7             	mov    %r14,%rdi
  1b:	e8 50 ad 6c 0a       	call   0xa6cad70
  20:	e8 0b 5a 38 00       	call   0x385a30
  25:	fb                   	sti
  26:	48 8b 5d c0          	mov    -0x40(%rbp),%rbx
* 2a:	48 8d bb f8 15 00 00 	lea    0x15f8(%rbx),%rdi <-- trapping instruction
  31:	48 89 f8             	mov    %rdi,%rax
  34:	48 c1 e8 03          	shr    $0x3,%rax
  38:	49                   	rex.WB
  39:	be 00 00 00 00       	mov    $0x0,%esi
  3e:	00 fc                	add    %bh,%ah