syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1327]
Subsystems
🐞 Fixed [7155]
🐞 Invalid [18915]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

inconsistent lock state in __mmap_lock_do_trace_acquire_returned

Status: upstream: reported C repro on 2024/04/04 00:21
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+76f802bc1dee8ba28a6e@syzkaller.appspotmail.com
First crash: 804d, last: 693d
Cause bisection: failed (error log, bisect log)
  
Fix bisection: the issue occurs on the latest tested release (bisect log)
  
✨ AI Jobs (3)
ID Workflow Result Correct Bug Created Started Finished Revision Error
0c3242d0-969c-459e-aab0-5a6b48c4ff9e assessment-security 💥 inconsistent lock state in __mmap_lock_do_trace_acquire_returned 2026/06/09 15:14 2026/06/09 15:14 2026/06/09 15:34 c36c07f6c1f2230a36374cbd22235f635e8f9284 failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "32" "ARCH=x86_64" "CC=ccache clang" "LD=ld.lld" "O=/app/workdir/cache/build/b9de75c0dc50ce8e57f29cf8573e551b51460d7a" "-s" "bzImage" "compile_commands.json"]: exit status 2 Root cause: include/linux/thread_info.h:244:4: error: call to '__bad_copy_from' declared with 'error' attribute: copy source size is too small drivers/nvme/target/fc.c:151:2: warning: 'counted_by' should not be applied to an array with element of unknown size because 'struct nvmet_fc_fcp_iod' is a struct type with a flexible array member. This will be an error in a future compiler version [-Wbounds-safety-counted-by-elt-type-unknown-size] * * Restart config... * * * General architecture-dependent options * Kprobes (KPROBES) [N/y/?] n Optimize very unlikely/likely branches (JUMP_LABEL) [Y/n/?] y Static key selftest (STATIC_KEYS_SELFTEST) [N/y/?] n Static call selftest (STATIC_CALL_SELFTEST) [N/y/?] n Enable seccomp to safely execute untrusted bytecode (SECCOMP) [Y/n/?] y Show seccomp filter cache status in /proc/pid/seccomp_cache (SECCOMP_CACHE_DEBUG) [N/y/?] n Link Time Optimization (LTO) > 1. None (LTO_NONE) choice[1]: 1 Use Clang's Control Flow Integrity (CFI) (CFI_CLANG) [N/y/?] (NEW) Error in reading or end of file. Number of bits to use for ASLR of mmap base address (ARCH_MMAP_RND_BITS) [28] 28 Number of bits to use for ASLR of mmap base address for compatible applications (ARCH_MMAP_RND_COMPAT_BITS) [8] 8 MMU page size > 1. 4KiB pages (PAGE_SIZE_4KB) choice[1]: 1 Provide system calls for 32-bit time_t (COMPAT_32BIT_TIME) [Y/n/?] y Use a virtually-mapped stack (VMAP_STACK) [Y/n/?] y Support for randomizing kernel stack offset on syscall entry (RANDOMIZE_KSTACK_OFFSET) [Y/n/?] y Default state of kernel stack offset randomization (RANDOMIZE_KSTACK_OFFSET_DEFAULT) [N/y/?] n Locking event counts collection (LOCK_EVENT_COUNTS) [N/y/?] n * * Kernel hardening options * Randomize layout of sensitive kernel structures > 1. Disable structure layout randomization (RANDSTRUCT_NONE) 2. Fully randomize structure layout (RANDSTRUCT_FULL) (NEW) choice[1-2?]: Error in reading or end of file. * * Compile-time checks and compiler options * Debug information 1. Disable debug information (DEBUG_INFO_NONE) 2. Rely on the toolchain's implicit default DWARF version (DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT) > 3. Generate DWARF Version 4 debuginfo (DEBUG_INFO_DWARF4) 4. Generate DWARF Version 5 debuginfo (DEBUG_INFO_DWARF5) choice[1-4?]: 3 Reduce debugging information (DEBUG_INFO_REDUCED) [N/y/?] n Compressed Debug information > 1. Don't compress debug information (DEBUG_INFO_COMPRESSED_NONE) 2. Compress debugging information with zlib (DEBUG_INFO_COMPRESSED_ZLIB) 3. Compress debugging information with zstd (DEBUG_INFO_COMPRESSED_ZSTD) (NEW) choice[1-3?]: Error in reading or end of file. Produce split debuginfo in .dwo files (DEBUG_INFO_SPLIT) [N/y/?] n Generate BTF typeinfo (DEBUG_INFO_BTF) [N/y/?] n Provide GDB scripts for kernel debugging (GDB_SCRIPTS) [N/y/?] n Warn for stack frames larger than (FRAME_WARN) [2048] 2048 Strip assembler-generated symbols during link (STRIP_ASM_SYMS) [N/y/?] n Install uapi headers to usr/include (HEADERS_INSTALL) [N/y/?] n Make section mismatch errors non-fatal (SECTION_MISMATCH_WARN_ONLY) [Y/n/?] y Force all function address 64B aligned (DEBUG_FORCE_FUNCTION_ALIGN_64B) [N/y/?] n Generate vmlinux.map file when linking (VMLINUX_MAP) [N/y/?] n Force weak per-cpu definitions (DEBUG_FORCE_WEAK_PER_CPU) [N/y/?] n In file included from /app/workdir/cache/src/95fa6f7a6956f1037fc8aca8c68a554737230d67/arch/x86/kernel/asm-offsets.c:14: In file included from /app/workdir/cache/src/95fa6f7a6956f1037fc8aca8c68a554737230d67/include/linux/suspend.h:5: In file included from /app/workdir/cache/src/95fa6f7a6956f1037fc8aca8c68a554737230d67/include/linux/swap.h:9: In file included from /app/workdir/cache/src/95fa6f7a6956f1037fc8aca8c68a554737230d67/include/linux/memcontrol.h:20: In file included from /app/workdir/cache/src/95fa6f7a6956
33765e9e-210e-4050-b39b-55a9327f7f0d assessment-security 💥 inconsistent lock state in __mmap_lock_do_trace_acquire_returned 2026/06/02 08:33 2026/06/02 08:33 2026/06/02 08:57 1095583bae1d2729a3b4be301cb6ddc85ced9e38 failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "32" "ARCH=x86_64" "CC=ccache clang" "LD=ld.lld" "O=/app/workdir/cache/build/b9de75c0dc50ce8e57f29cf8573e551b51460d7a" "-s" "bzImage" "compile_commands.json"]: exit status 2 Root cause: include/linux/thread_info.h:244:4: error: call to '__bad_copy_from' declared with 'error' attribute: copy source size is too small drivers/nvme/target/fc.c:151:2: warning: 'counted_by' should not be applied to an array with element of unknown size because 'struct nvmet_fc_fcp_iod' is a struct type with a flexible array member. This will be an error in a future compiler version [-Wbounds-safety-counted-by-elt-type-unknown-size] * * Restart config... * * * General architecture-dependent options * Kprobes (KPROBES) [N/y/?] n Optimize very unlikely/likely branches (JUMP_LABEL) [Y/n/?] y Static key selftest (STATIC_KEYS_SELFTEST) [N/y/?] n Static call selftest (STATIC_CALL_SELFTEST) [N/y/?] n Enable seccomp to safely execute untrusted bytecode (SECCOMP) [Y/n/?] y Show seccomp filter cache status in /proc/pid/seccomp_cache (SECCOMP_CACHE_DEBUG) [N/y/?] n Link Time Optimization (LTO) > 1. None (LTO_NONE) choice[1]: 1 Use Clang's Control Flow Integrity (CFI) (CFI_CLANG) [N/y/?] (NEW) Error in reading or end of file. Number of bits to use for ASLR of mmap base address (ARCH_MMAP_RND_BITS) [28] 28 Number of bits to use for ASLR of mmap base address for compatible applications (ARCH_MMAP_RND_COMPAT_BITS) [8] 8 MMU page size > 1. 4KiB pages (PAGE_SIZE_4KB) choice[1]: 1 Provide system calls for 32-bit time_t (COMPAT_32BIT_TIME) [Y/n/?] y Use a virtually-mapped stack (VMAP_STACK) [Y/n/?] y Support for randomizing kernel stack offset on syscall entry (RANDOMIZE_KSTACK_OFFSET) [Y/n/?] y Default state of kernel stack offset randomization (RANDOMIZE_KSTACK_OFFSET_DEFAULT) [N/y/?] n Locking event counts collection (LOCK_EVENT_COUNTS) [N/y/?] n * * Kernel hardening options * Randomize layout of sensitive kernel structures > 1. Disable structure layout randomization (RANDSTRUCT_NONE) 2. Fully randomize structure layout (RANDSTRUCT_FULL) (NEW) choice[1-2?]: Error in reading or end of file. * * Compile-time checks and compiler options * Debug information 1. Disable debug information (DEBUG_INFO_NONE) 2. Rely on the toolchain's implicit default DWARF version (DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT) > 3. Generate DWARF Version 4 debuginfo (DEBUG_INFO_DWARF4) 4. Generate DWARF Version 5 debuginfo (DEBUG_INFO_DWARF5) choice[1-4?]: 3 Reduce debugging information (DEBUG_INFO_REDUCED) [N/y/?] n Compressed Debug information > 1. Don't compress debug information (DEBUG_INFO_COMPRESSED_NONE) 2. Compress debugging information with zlib (DEBUG_INFO_COMPRESSED_ZLIB) 3. Compress debugging information with zstd (DEBUG_INFO_COMPRESSED_ZSTD) (NEW) choice[1-3?]: Error in reading or end of file. Produce split debuginfo in .dwo files (DEBUG_INFO_SPLIT) [N/y/?] n Generate BTF typeinfo (DEBUG_INFO_BTF) [N/y/?] n Provide GDB scripts for kernel debugging (GDB_SCRIPTS) [N/y/?] n Warn for stack frames larger than (FRAME_WARN) [2048] 2048 Strip assembler-generated symbols during link (STRIP_ASM_SYMS) [N/y/?] n Install uapi headers to usr/include (HEADERS_INSTALL) [N/y/?] n Make section mismatch errors non-fatal (SECTION_MISMATCH_WARN_ONLY) [Y/n/?] y Force all function address 64B aligned (DEBUG_FORCE_FUNCTION_ALIGN_64B) [N/y/?] n Generate vmlinux.map file when linking (VMLINUX_MAP) [N/y/?] n Force weak per-cpu definitions (DEBUG_FORCE_WEAK_PER_CPU) [N/y/?] n In file included from /app/workdir/cache/src/95fa6f7a6956f1037fc8aca8c68a554737230d67/arch/x86/kernel/asm-offsets.c:14: In file included from /app/workdir/cache/src/95fa6f7a6956f1037fc8aca8c68a554737230d67/include/linux/suspend.h:5: In file included from /app/workdir/cache/src/95fa6f7a6956f1037fc8aca8c68a554737230d67/include/linux/swap.h:9: In file included from /app/workdir/cache/src/95fa6f7a6956f1037fc8aca8c68a554737230d67/include/linux/memcontrol.h:20: In file included from /app/workdir/cache/src/95fa6f7a6956
4bf0d134-c4d6-4ad2-8a58-21d57a050ec6 assessment-security 💥 inconsistent lock state in __mmap_lock_do_trace_acquire_returned 2026/05/23 18:56 2026/05/23 18:56 2026/05/23 19:11 c69befb30ac10e158cc9d1557b508ee3f0eca1de failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "32" "ARCH=x86_64" "CC=ccache clang" "LD=ld.lld" "O=/app/workdir/cache/build/b9de75c0dc50ce8e57f29cf8573e551b51460d7a" "-s" "bzImage" "compile_commands.json"]: exit status 2 Root cause: include/linux/thread_info.h:244:4: error: call to '__bad_copy_from' declared with 'error' attribute: copy source size is too small drivers/nvme/target/fc.c:151:2: warning: 'counted_by' should not be applied to an array with element of unknown size because 'struct nvmet_fc_fcp_iod' is a struct type with a flexible array member. This will be an error in a future compiler version [-Wbounds-safety-counted-by-elt-type-unknown-size] * * Restart config... * * * General architecture-dependent options * Kprobes (KPROBES) [N/y/?] n Optimize very unlikely/likely branches (JUMP_LABEL) [Y/n/?] y Static key selftest (STATIC_KEYS_SELFTEST) [N/y/?] n Static call selftest (STATIC_CALL_SELFTEST) [N/y/?] n Enable seccomp to safely execute untrusted bytecode (SECCOMP) [Y/n/?] y Show seccomp filter cache status in /proc/pid/seccomp_cache (SECCOMP_CACHE_DEBUG) [N/y/?] n Link Time Optimization (LTO) > 1. None (LTO_NONE) choice[1]: 1 Use Clang's Control Flow Integrity (CFI) (CFI_CLANG) [N/y/?] (NEW) Error in reading or end of file. Number of bits to use for ASLR of mmap base address (ARCH_MMAP_RND_BITS) [28] 28 Number of bits to use for ASLR of mmap base address for compatible applications (ARCH_MMAP_RND_COMPAT_BITS) [8] 8 MMU page size > 1. 4KiB pages (PAGE_SIZE_4KB) choice[1]: 1 Provide system calls for 32-bit time_t (COMPAT_32BIT_TIME) [Y/n/?] y Use a virtually-mapped stack (VMAP_STACK) [Y/n/?] y Support for randomizing kernel stack offset on syscall entry (RANDOMIZE_KSTACK_OFFSET) [Y/n/?] y Default state of kernel stack offset randomization (RANDOMIZE_KSTACK_OFFSET_DEFAULT) [N/y/?] n Locking event counts collection (LOCK_EVENT_COUNTS) [N/y/?] n * * Kernel hardening options * Randomize layout of sensitive kernel structures > 1. Disable structure layout randomization (RANDSTRUCT_NONE) 2. Fully randomize structure layout (RANDSTRUCT_FULL) (NEW) choice[1-2?]: Error in reading or end of file. * * Compile-time checks and compiler options * Debug information 1. Disable debug information (DEBUG_INFO_NONE) 2. Rely on the toolchain's implicit default DWARF version (DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT) > 3. Generate DWARF Version 4 debuginfo (DEBUG_INFO_DWARF4) 4. Generate DWARF Version 5 debuginfo (DEBUG_INFO_DWARF5) choice[1-4?]: 3 Reduce debugging information (DEBUG_INFO_REDUCED) [N/y/?] n Compressed Debug information > 1. Don't compress debug information (DEBUG_INFO_COMPRESSED_NONE) 2. Compress debugging information with zlib (DEBUG_INFO_COMPRESSED_ZLIB) 3. Compress debugging information with zstd (DEBUG_INFO_COMPRESSED_ZSTD) (NEW) choice[1-3?]: Error in reading or end of file. Produce split debuginfo in .dwo files (DEBUG_INFO_SPLIT) [N/y/?] n Generate BTF typeinfo (DEBUG_INFO_BTF) [N/y/?] n Provide GDB scripts for kernel debugging (GDB_SCRIPTS) [N/y/?] n Warn for stack frames larger than (FRAME_WARN) [2048] 2048 Strip assembler-generated symbols during link (STRIP_ASM_SYMS) [N/y/?] n Install uapi headers to usr/include (HEADERS_INSTALL) [N/y/?] n Make section mismatch errors non-fatal (SECTION_MISMATCH_WARN_ONLY) [Y/n/?] y Force all function address 64B aligned (DEBUG_FORCE_FUNCTION_ALIGN_64B) [N/y/?] n Generate vmlinux.map file when linking (VMLINUX_MAP) [N/y/?] n Force weak per-cpu definitions (DEBUG_FORCE_WEAK_PER_CPU) [N/y/?] n In file included from /app/workdir/cache/src/c7f43ad38f4624a916ae6d6e817e3a508ce283e0/arch/x86/kernel/asm-offsets.c:14: In file included from /app/workdir/cache/src/c7f43ad38f4624a916ae6d6e817e3a508ce283e0/include/linux/suspend.h:5: In file included from /app/workdir/cache/src/c7f43ad38f4624a916ae6d6e817e3a508ce283e0/include/linux/swap.h:9: In file included from /app/workdir/cache/src/c7f43ad38f4624a916ae6d6e817e3a508ce283e0/include/linux/memcontrol.h:20: In file included from /app/workdir/cache/src/c7f43ad38f46
Discussions (5)
Title Replies (including bot) Last reply
[syzbot] Monthly mm report (Aug 2024) 0 (1) 2024/08/02 16:15
[syzbot] Monthly mm report (Jul 2024) 0 (1) 2024/07/01 10:28
[syzbot] Monthly mm report (May 2024) 0 (1) 2024/05/31 06:48
[syzbot] Monthly mm report (Apr 2024) 0 (1) 2024/04/29 12:35
[syzbot] [mm?] inconsistent lock state in __mmap_lock_do_trace_acquire_returned 2 (3) 2024/04/04 22:22
Last patch testing requests (10)
Created Duration User Patch Repo Result
2026/05/13 01:54 31m retest repro upstream error
2026/03/03 23:47 2h01m retest repro upstream error
2026/03/03 23:42 1h55m retest repro upstream log
2025/12/23 22:56 32m retest repro upstream log
2025/12/23 22:54 21m retest repro upstream log
2025/10/14 22:25 21m retest repro upstream error
2025/08/05 20:22 25m retest repro upstream log
2025/05/27 06:55 3h24m retest repro upstream report log
2025/03/17 23:13 22m retest repro upstream error
2025/01/06 22:00 34m retest repro upstream report log

Sample crash report:
================================
WARNING: inconsistent lock state
6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted
--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
syz-executor244/5087 [HC0[0]:SC1[1]:HE0:SE0] takes:
ffff8880b9538780 (lock#9){+.?.}-{2:2}, at: local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
ffff8880b9538780 (lock#9){+.?.}-{2:2}, at: __mmap_lock_do_trace_acquire_returned+0x7f/0x760 mm/mmap_lock.c:237
{SOFTIRQ-ON-W} state was registered at:
  lock_acquire kernel/locking/lockdep.c:5754 [inline]
  lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719
  local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
  __mmap_lock_do_trace_acquire_returned+0x97/0x760 mm/mmap_lock.c:237
  __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline]
  mmap_read_lock include/linux/mmap_lock.h:147 [inline]
  process_vm_rw_single_vec mm/process_vm_access.c:105 [inline]
  process_vm_rw_core.constprop.0+0x7d7/0xa10 mm/process_vm_access.c:216
  process_vm_rw+0x301/0x360 mm/process_vm_access.c:284
  __do_sys_process_vm_readv mm/process_vm_access.c:296 [inline]
  __se_sys_process_vm_readv mm/process_vm_access.c:292 [inline]
  __x64_sys_process_vm_readv+0xe2/0x1c0 mm/process_vm_access.c:292
  do_syscall_x64 arch/x86/entry/common.c:52 [inline]
  do_syscall_64+0xd2/0x260 arch/x86/entry/common.c:83
  entry_SYSCALL_64_after_hwframe+0x6d/0x75
irq event stamp: 997
hardirqs last  enabled at (996): [<ffffffff8ad62d96>] __do_softirq+0x1d6/0x8de kernel/softirq.c:538
hardirqs last disabled at (997): [<ffffffff8ad5ff95>] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:117 [inline]
hardirqs last disabled at (997): [<ffffffff8ad5ff95>] _raw_spin_lock_irq+0x45/0x50 kernel/locking/spinlock.c:170
softirqs last  enabled at (896): [<ffffffff819e467f>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last  enabled at (896): [<ffffffff819e467f>] bpf_link_settle kernel/bpf/syscall.c:3181 [inline]
softirqs last  enabled at (896): [<ffffffff819e467f>] bpf_raw_tp_link_attach+0x35f/0x610 kernel/bpf/syscall.c:3842
softirqs last disabled at (995): [<ffffffff8151a149>] invoke_softirq kernel/softirq.c:428 [inline]
softirqs last disabled at (995): [<ffffffff8151a149>] __irq_exit_rcu kernel/softirq.c:633 [inline]
softirqs last disabled at (995): [<ffffffff8151a149>] irq_exit_rcu+0xb9/0x120 kernel/softirq.c:645

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(lock#9);
  <Interrupt>
    lock(lock#9);

 *** DEADLOCK ***

6 locks held by syz-executor244/5087:
 #0: ffff88802247b1e8 (&tsk->futex_exit_mutex){+.+.}-{3:3}, at: futex_cleanup_begin kernel/futex/core.c:1091 [inline]
 #0: ffff88802247b1e8 (&tsk->futex_exit_mutex){+.+.}-{3:3}, at: futex_exit_release+0x2a/0x220 kernel/futex/core.c:1143
 #1: ffffc90000a08cb0 (&(&ipvs->defense_work)->timer){..-.}-{0:0}, at: call_timer_fn+0x11a/0x5b0 kernel/time/timer.c:1789
 #2: ffffffff8d7b08e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
 #2: ffffffff8d7b08e0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline]
 #2: ffffffff8d7b08e0 (rcu_read_lock){....}-{1:2}, at: __queue_work+0xf2/0x1170 kernel/workqueue.c:2324
 #3: ffff8880b953d5d8 (&pool->lock){-.-.}-{2:2}, at: __queue_work+0x39e/0x1170 kernel/workqueue.c:2360
 #4: ffffffff8d7b08e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
 #4: ffffffff8d7b08e0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline]
 #4: ffffffff8d7b08e0 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2380 [inline]
 #4: ffffffff8d7b08e0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run3+0xf8/0x440 kernel/trace/bpf_trace.c:2421
 #5: ffff88807965b120 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:165 [inline]
 #5: ffff88807965b120 (&mm->mmap_lock){++++}-{3:3}, at: stack_map_get_build_id_offset+0x1e8/0x7d0 kernel/bpf/stackmap.c:141

stack backtrace:
CPU: 1 PID: 5087 Comm: syz-executor244 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114
 print_usage_bug kernel/locking/lockdep.c:3971 [inline]
 valid_state kernel/locking/lockdep.c:4013 [inline]
 mark_lock_irq kernel/locking/lockdep.c:4216 [inline]
 mark_lock+0x923/0xc60 kernel/locking/lockdep.c:4678
 mark_usage kernel/locking/lockdep.c:4567 [inline]
 __lock_acquire+0x13d4/0x3b30 kernel/locking/lockdep.c:5091
 lock_acquire kernel/locking/lockdep.c:5754 [inline]
 lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719
 local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
 __mmap_lock_do_trace_acquire_returned+0x97/0x760 mm/mmap_lock.c:237
 __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline]
 mmap_read_trylock include/linux/mmap_lock.h:166 [inline]
 stack_map_get_build_id_offset+0x5df/0x7d0 kernel/bpf/stackmap.c:141
 __bpf_get_stack+0x6bf/0x700 kernel/bpf/stackmap.c:449
 ____bpf_get_stack_raw_tp kernel/trace/bpf_trace.c:1985 [inline]
 bpf_get_stack_raw_tp+0x124/0x160 kernel/trace/bpf_trace.c:1975
 ___bpf_prog_run+0x3e51/0xae80 kernel/bpf/core.c:1997
 __bpf_prog_run32+0xc1/0x100 kernel/bpf/core.c:2236
 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]
 __bpf_prog_run include/linux/filter.h:657 [inline]
 bpf_prog_run include/linux/filter.h:664 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline]
 bpf_trace_run3+0x167/0x440 kernel/trace/bpf_trace.c:2421
 __bpf_trace_workqueue_queue_work+0x101/0x140 include/trace/events/workqueue.h:23
 __traceiter_workqueue_queue_work+0x6c/0xc0 include/trace/events/workqueue.h:23
 trace_workqueue_queue_work include/trace/events/workqueue.h:23 [inline]
 __queue_work+0x627/0x1170 kernel/workqueue.c:2382
 call_timer_fn+0x1a0/0x5b0 kernel/time/timer.c:1792
 expire_timers kernel/time/timer.c:1838 [inline]
 __run_timers+0x567/0xab0 kernel/time/timer.c:2408
 __run_timer_base kernel/time/timer.c:2419 [inline]
 __run_timer_base kernel/time/timer.c:2412 [inline]
 run_timer_base+0x111/0x190 kernel/time/timer.c:2428
 run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2438
 __do_softirq+0x218/0x8de kernel/softirq.c:554
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu kernel/softirq.c:633 [inline]
 irq_exit_rcu+0xb9/0x120 kernel/softirq.c:645
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_acquire+0x1f2/0x540 kernel/locking/lockdep.c:5722
Code: c1 05 ea 37 97 7e 83 f8 01 0f 85 c8 02 00 00 9c 58 f6 c4 02 0f 85 b3 02 00 00 48 85 ed 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c3 48 c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 48 8b 84 24
RSP: 0018:ffffc90003457ba0 EFLAGS: 00000206
RAX: dffffc0000000000 RBX: 1ffff9200068af76 RCX: ffffffff816a5d5e
RDX: 0000000000000001 RSI: ffffffff8b0cba40 RDI: ffffffff8b6e88a0
RBP: 0000000000000200 R08: 0000000000000000 R09: fffffbfff27b4e38
R10: ffffffff93da71c7 R11: 0000000000000000 R12: 0000000000000001
R13: 0000000000000000 R14: ffff88802247b1e8 R15: 0000000000000000
 __mutex_lock_common kernel/locking/mutex.c:608 [inline]
 __mutex_lock+0x175/0x9c0 kernel/locking/mutex.c:752
 futex_cleanup_begin kernel/futex/core.c:1091 [inline]
 futex_exit_release+0x2a/0x220 kernel/futex/core.c:1143
 exit_mm_release+0x19/0x30 kernel/fork.c:1652
 exit_mm kernel/exit.c:542 [inline]
 do_exit+0x865/0x2be0 kernel/exit.c:865
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1027
 __do_sys_exit_group kernel/exit.c:1038 [inline]
 __se_sys_exit_group kernel/exit.c:1036 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1036
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xd2/0x260 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x6d/0x75
RIP: 0033:0x7f44f7223a79
Code: 90 49 c7 c0 b8 ff ff ff be e7 00 00 00 ba 3c 00 00 00 eb 12 0f 1f 44 00 00 89 d0 0f 05 48 3d 00 f0 ff ff 77 1c f4 89 f0 0f 05 <48> 3d 00 f0 ff ff 76 e7 f7 d8 64 41 89 00 eb df 0f 1f 80 00 00 00
RSP: 002b:00007ffd5c6574d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f44f7223a79
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
RBP: 00007f44f729e2b0 R08: ffffffffffffffb8 R09: 00000000000f4240
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f44f729e2b0
R13: 0000000000000000 R14: 00007f44f729ed20 R15: 00007f44f71f4700
 </TASK>
----------------
Code disassembly (best guess):
   0:	c1 05 ea 37 97 7e 83 	roll   $0x83,0x7e9737ea(%rip)        # 0x7e9737f1
   7:	f8                   	clc
   8:	01 0f                	add    %ecx,(%rdi)
   a:	85 c8                	test   %ecx,%eax
   c:	02 00                	add    (%rax),%al
   e:	00 9c 58 f6 c4 02 0f 	add    %bl,0xf02c4f6(%rax,%rbx,2)
  15:	85 b3 02 00 00 48    	test   %esi,0x48000002(%rbx)
  1b:	85 ed                	test   %ebp,%ebp
  1d:	74 01                	je     0x20
  1f:	fb                   	sti
  20:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  27:	fc ff df
* 2a:	48 01 c3             	add    %rax,%rbx <-- trapping instruction
  2d:	48 c7 03 00 00 00 00 	movq   $0x0,(%rbx)
  34:	48 c7 43 08 00 00 00 	movq   $0x0,0x8(%rbx)
  3b:	00
  3c:	48                   	rex.W
  3d:	8b                   	.byte 0x8b
  3e:	84                   	.byte 0x84
  3f:	24                   	.byte 0x24

Crashes (498):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/03/31 01:16 upstream fe46a7dd189e 6baf5069 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/04/29 02:48 upstream e67572cd2204 07b455f9 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/07/06 18:52 upstream 1dd28064d416 bc4ebbb5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/07/06 14:15 upstream 1dd28064d416 bc4ebbb5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/07/05 20:45 upstream 661e504db04c 2a40360c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/06/26 20:45 upstream 55027e689933 880c1ca1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/06/13 18:45 upstream 2ccbdf43d5e7 a9616ff5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/06/02 17:24 upstream 83814698cf48 3113787f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/05/09 19:00 upstream 45db3ab70092 de979bc2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/05/09 17:51 upstream 45db3ab70092 de979bc2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/05/07 12:41 upstream dccb07f2914c cb2dcc0e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/05/06 22:09 upstream ee5b455b0ada c035c6de .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/05/06 08:14 upstream dd5a440a31fa 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/05/05 19:17 upstream b9158815de52 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/05/04 02:09 upstream 3d25a941ea50 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/05/02 21:37 upstream 49a73b1652c5 ddfc15a1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/05/02 18:45 upstream 49a73b1652c5 3ba885bc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/05/02 12:15 upstream 0106679839f7 3ba885bc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/05/02 07:14 upstream 0106679839f7 3ba885bc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/05/02 03:32 upstream 0106679839f7 3ba885bc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/05/02 01:21 upstream 18daea77cca6 3ba885bc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/05/02 01:21 upstream 18daea77cca6 3ba885bc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/05/01 23:42 upstream 18daea77cca6 3ba885bc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/05/01 18:11 upstream 18daea77cca6 3ba885bc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/05/01 18:08 upstream 18daea77cca6 3ba885bc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/05/01 15:47 upstream 18daea77cca6 3ba885bc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/05/01 08:44 upstream 18daea77cca6 9e0e6af1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/05/01 06:52 upstream 50dffbf77180 9e0e6af1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/05/01 03:49 upstream 50dffbf77180 9e0e6af1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/04/30 19:11 upstream 50dffbf77180 9e0e6af1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/04/30 16:07 upstream 98369dccd2f8 9e0e6af1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/04/30 14:24 upstream 98369dccd2f8 27e33c58 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/04/30 08:41 upstream 98369dccd2f8 27e33c58 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/04/30 04:50 upstream b947cc5bf6d7 27e33c58 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/04/30 03:09 upstream b947cc5bf6d7 27e33c58 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/04/29 23:13 upstream b947cc5bf6d7 27e33c58 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/04/29 21:41 upstream b947cc5bf6d7 27e33c58 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/04/29 21:17 upstream b947cc5bf6d7 27e33c58 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/04/29 19:08 upstream b947cc5bf6d7 27e33c58 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/04/29 16:47 upstream e67572cd2204 27e33c58 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/04/29 15:37 upstream e67572cd2204 27e33c58 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/07/16 09:20 upstream 1467b49869df b66b37bd .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/06/03 02:28 upstream c3f38fa61af7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/06/02 05:55 upstream 89be4025b0db c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/05/01 10:28 upstream 18daea77cca6 3ba885bc .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/04/30 23:26 upstream 18daea77cca6 3ba885bc .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/07/19 17:35 upstream 720261cfc732 890ce4f3 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/07/19 12:47 upstream 720261cfc732 ee4e11c8 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/07/18 19:14 upstream f2f6a8e88717 f3eecf69 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/07/18 11:24 upstream b1bc554e009e 0f902625 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/07/18 05:22 upstream b1bc554e009e 0f902625 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/07/17 23:45 upstream 8b0f0bb27c32 877a6ab1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/07/17 21:12 upstream 8b0f0bb27c32 877a6ab1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/07/15 23:56 upstream 5e0497553643 efee4ed2 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/07/14 21:44 upstream 4d145e3f830b eaeb5c15 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/07/06 15:53 upstream 1dd28064d416 bc4ebbb5 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/07/06 13:35 upstream 1dd28064d416 bc4ebbb5 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/06/02 02:22 upstream ec9eeb89e60d c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 inconsistent lock state in __mmap_lock_do_trace_acquire_returned
2024/05/19 08:27 upstream 0cc6f45cecb4 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 inconsistent lock state in __mmap_lock_do_trace_acquire_returned
* Struck through repros no longer work on HEAD.