================================
WARNING: inconsistent lock state
6.10.0-rc1-syzkaller-g7d0b3953f6d8 #0 Not tainted
--------------------------------
inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
syz-executor.0/5787 [HC1[1]:SC0[0]:HE0:SE1] takes:
ffff8880b9438828 (lock#10){?.+.}-{2:2}, at: local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
ffff8880b9438828 (lock#10){?.+.}-{2:2}, at: __mmap_lock_do_trace_released+0x83/0x620 mm/mmap_lock.c:243
{HARDIRQ-ON-W} state was registered at:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
__mmap_lock_do_trace_acquire_returned+0xa8/0x630 mm/mmap_lock.c:237
__mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline]
mmap_read_trylock include/linux/mmap_lock.h:164 [inline]
get_mmap_lock_carefully mm/memory.c:5715 [inline]
lock_mm_and_find_vma+0x213/0x2f0 mm/memory.c:5775
do_user_addr_fault arch/x86/mm/fault.c:1361 [inline]
handle_page_fault arch/x86/mm/fault.c:1481 [inline]
exc_page_fault+0x1bf/0x8c0 arch/x86/mm/fault.c:1539
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
strncpy_from_user+0x110/0x2f0 lib/strncpy_from_user.c:139
bpf_prog_load+0xd65/0x20f0 kernel/bpf/syscall.c:2849
__sys_bpf+0x4ee/0x810 kernel/bpf/syscall.c:5687
__do_sys_bpf kernel/bpf/syscall.c:5794 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5792 [inline]
__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5792
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
irq event stamp: 8836
hardirqs last enabled at (8835): [<ffffffff81668b05>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1418 [inline]
hardirqs last enabled at (8835): [<ffffffff81668b05>] finish_lock_switch kernel/sched/core.c:5162 [inline]
hardirqs last enabled at (8835): [<ffffffff81668b05>] finish_task_switch+0x1e5/0x870 kernel/sched/core.c:5280
hardirqs last disabled at (8836): [<ffffffff8b8601ee>] sysvec_irq_work+0xe/0xc0 arch/x86/kernel/irq_work.c:17
softirqs last enabled at (4804): [<ffffffff8136297b>] local_bh_disable include/linux/bottom_half.h:20 [inline]
softirqs last enabled at (4804): [<ffffffff8136297b>] fpregs_lock arch/x86/include/asm/fpu/api.h:72 [inline]
softirqs last enabled at (4804): [<ffffffff8136297b>] fpu_clone+0x25b/0xad0 arch/x86/kernel/fpu/core.c:630
softirqs last disabled at (4802): [<ffffffff8136297b>] local_bh_disable include/linux/bottom_half.h:20 [inline]
softirqs last disabled at (4802): [<ffffffff8136297b>] fpregs_lock arch/x86/include/asm/fpu/api.h:72 [inline]
softirqs last disabled at (4802): [<ffffffff8136297b>] fpu_clone+0x25b/0xad0 arch/x86/kernel/fpu/core.c:630
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(lock#10);
<Interrupt>
lock(lock#10);
*** DEADLOCK ***
no locks held by syz-executor.0/5787.
stack backtrace:
CPU: 0 PID: 5787 Comm: syz-executor.0 Not tainted 6.10.0-rc1-syzkaller-g7d0b3953f6d8 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
valid_state+0x13a/0x1c0 kernel/locking/lockdep.c:4013
mark_lock_irq+0xbb/0xc20 kernel/locking/lockdep.c:4216
mark_lock+0x223/0x350 kernel/locking/lockdep.c:4678
mark_usage kernel/locking/lockdep.c:4564 [inline]
__lock_acquire+0xb8e/0x1fd0 kernel/locking/lockdep.c:5091
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
__mmap_lock_do_trace_released+0x9c/0x620 mm/mmap_lock.c:243
__mmap_lock_trace_released include/linux/mmap_lock.h:42 [inline]
mmap_read_unlock_non_owner include/linux/mmap_lock.h:176 [inline]
do_mmap_read_unlock+0x5d/0x60 kernel/bpf/task_iter.c:1049
irq_work_single+0xe2/0x240 kernel/irq_work.c:221
irq_work_run_list kernel/irq_work.c:252 [inline]
irq_work_run+0x18b/0x350 kernel/irq_work.c:261
__sysvec_irq_work+0xb8/0x430 arch/x86/kernel/irq_work.c:22
instr_sysvec_irq_work arch/x86/kernel/irq_work.c:17 [inline]
sysvec_irq_work+0x9e/0xc0 arch/x86/kernel/irq_work.c:17
</IRQ>
<TASK>
asm_sysvec_irq_work+0x1a/0x20 arch/x86/include/asm/idtentry.h:738
RIP: 0010:finish_task_switch+0x1ea/0x870 kernel/sched/core.c:5282
Code: c9 50 e8 99 c9 0b 00 48 83 c4 08 4c 89 f7 e8 cd 38 00 00 0f 1f 44 00 00 4c 89 f7 e8 d0 86 2a 0a e8 5b f8 36 00 fb 48 8b 5d c0 <48> 8d bb f8 15 00 00 48 89 f8 48 c1 e8 03 49 be 00 00 00 00 00 fc
RSP: 0018:ffffc90002e17988 EFLAGS: 00000282
RAX: 70a82b8cf4ad0e00 RBX: ffff8880214b9e00 RCX: ffffffff947a0603
RDX: dffffc0000000000 RSI: ffffffff8bcaba80 RDI: ffffffff8c1ff240
RBP: ffffc90002e179d0 R08: ffffffff8fad452f R09: 1ffffffff1f5a8a5
R10: dffffc0000000000 R11: fffffbfff1f5a8a6 R12: 1ffff11017287ea7
R13: dffffc0000000000 R14: ffff8880b943e7c0 R15: ffff8880b943f538
context_switch kernel/sched/core.c:5411 [inline]
__schedule+0x17f0/0x4a20 kernel/sched/core.c:6745
__schedule_loop kernel/sched/core.c:6822 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6837
do_nanosleep+0x197/0x600 kernel/time/hrtimer.c:2028
hrtimer_nanosleep+0x227/0x470 kernel/time/hrtimer.c:2081
__do_sys_clock_nanosleep kernel/time/posix-timers.c:1396 [inline]
__se_sys_clock_nanosleep+0x32b/0x3c0 kernel/time/posix-timers.c:1373
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd3dbea82f5
Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 b9 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 4f ba ff ff 48 8b 04 24 48 83 c4 28 f7 d8
RSP: 002b:00007ffe1bc0bf60 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
RAX: ffffffffffffffda RBX: 00007fd3dbfb3fa0 RCX: 00007fd3dbea82f5
RDX: 00007ffe1bc0bfa0 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007fd3dbfb59a0 R08: 0000000000000000 R09: 7fffffffffffffff
R10: 0000000000000000 R11: 0000000000000293 R12: 000000000001675b
R13: 00007fd3dbfb421c R14: 0000000000000032 R15: 00007fd3dbfb59a0
</TASK>
----------------
Code disassembly (best guess):
0: c9 leave
1: 50 push %rax
2: e8 99 c9 0b 00 call 0xbc9a0
7: 48 83 c4 08 add $0x8,%rsp
b: 4c 89 f7 mov %r14,%rdi
e: e8 cd 38 00 00 call 0x38e0
13: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
18: 4c 89 f7 mov %r14,%rdi
1b: e8 d0 86 2a 0a call 0xa2a86f0
20: e8 5b f8 36 00 call 0x36f880
25: fb sti
26: 48 8b 5d c0 mov -0x40(%rbp),%rbx
* 2a: 48 8d bb f8 15 00 00 lea 0x15f8(%rbx),%rdi <-- trapping instruction
31: 48 89 f8 mov %rdi,%rax
34: 48 c1 e8 03 shr $0x3,%rax
38: 49 rex.WB
39: be 00 00 00 00 mov $0x0,%esi
3e: 00 fc add %bh,%ah