================================
WARNING: inconsistent lock state
5.15.154-syzkaller #0 Not tainted
--------------------------------
inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
syz-executor365/3822 [HC1[1]:SC0[0]:HE0:SE1] takes:
ffff8880b9b35bb8 (lock#8){?.+.}-{2:2}, at: local_lock_acquire+0xd/0x170 include/linux/local_lock_internal.h:28
{HARDIRQ-ON-W} state was registered at:
  lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
  local_lock_acquire+0x29/0x170 include/linux/local_lock_internal.h:29
  __mmap_lock_do_trace_acquire_returned+0x7c/0x340 mm/mmap_lock.c:237
  __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline]
  mmap_read_trylock include/linux/mmap_lock.h:137 [inline]
  do_user_addr_fault arch/x86/mm/fault.c:1329 [inline]
  handle_page_fault arch/x86/mm/fault.c:1476 [inline]
  exc_page_fault+0x59c/0x740 arch/x86/mm/fault.c:1532
  asm_exc_page_fault+0x22/0x30 arch/x86/include/asm/idtentry.h:568
irq event stamp: 1100
hardirqs last  enabled at (1099): [<ffffffff8a400d06>] asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:638
hardirqs last disabled at (1100): [<ffffffff8a1d651f>] common_interrupt+0xf/0xc0 arch/x86/kernel/irq.c:240
softirqs last  enabled at (1002): [<ffffffff818e33ed>] spin_unlock_bh include/linux/spinlock.h:408 [inline]
softirqs last  enabled at (1002): [<ffffffff818e33ed>] bpf_link_settle+0x7d/0x140 kernel/bpf/syscall.c:2612
softirqs last disabled at (1000): [<ffffffff818e3396>] spin_lock_bh include/linux/spinlock.h:368 [inline]
softirqs last disabled at (1000): [<ffffffff818e3396>] bpf_link_settle+0x26/0x140 kernel/bpf/syscall.c:2610

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(lock#8);
  <Interrupt>
    lock(lock#8);

 *** DEADLOCK ***

7 locks held by syz-executor365/3822:
 #0: ffff8880143dcf88 (&tsk->futex_exit_mutex){+.+.}-{3:3}, at: futex_cleanup_begin kernel/futex/core.c:3893 [inline]
 #0: ffff8880143dcf88 (&tsk->futex_exit_mutex){+.+.}-{3:3}, at: futex_exit_release+0x30/0x1e0 kernel/futex/core.c:3945
 #1: ffff88807abac028 (&mm->mmap_lock){++++}-{3:3}, at: __might_fault+0x91/0x110 mm/memory.c:5323
 #2: ffff88801977c120 (&vb->stop_update_lock){-...}-{2:2}, at: spin_lock include/linux/spinlock.h:363 [inline]
 #2: ffff88801977c120 (&vb->stop_update_lock){-...}-{2:2}, at: stats_request+0x63/0xf0 drivers/virtio/virtio_balloon.c:374
 #3: ffffffff8c91fae0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311
 #4: ffff8880b9b39b58 (&pool->lock){-.-.}-{2:2}, at: __queue_work+0x56d/0xd00
 #5: ffffffff8c91fae0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311
 #6: ffff88807abac028 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #6: ffff88807abac028 (&mm->mmap_lock){++++}-{3:3}, at: stack_map_get_build_id_offset+0x23e/0x930 kernel/bpf/stackmap.c:185

stack backtrace:
CPU: 1 PID: 3822 Comm: syz-executor365 Not tainted 5.15.154-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2d0 lib/dump_stack.c:106
 valid_state+0x134/0x1c0 kernel/locking/lockdep.c:3932
 mark_lock_irq+0xa8/0xba0 kernel/locking/lockdep.c:4135
 mark_lock+0x21a/0x340 kernel/locking/lockdep.c:4591
 mark_usage kernel/locking/lockdep.c:4483 [inline]
 __lock_acquire+0xb5c/0x1ff0 kernel/locking/lockdep.c:4966
 lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
 local_lock_acquire+0x29/0x170 include/linux/local_lock_internal.h:29
 __mmap_lock_do_trace_acquire_returned+0x7c/0x340 mm/mmap_lock.c:237
 __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline]
 mmap_read_trylock include/linux/mmap_lock.h:137 [inline]
 stack_map_get_build_id_offset+0x612/0x930 kernel/bpf/stackmap.c:185
 __bpf_get_stack+0x495/0x570 kernel/bpf/stackmap.c:496
 ____bpf_get_stack_raw_tp kernel/trace/bpf_trace.c:1490 [inline]
 bpf_get_stack_raw_tp+0x1b2/0x220 kernel/trace/bpf_trace.c:1480
 bpf_prog_e6cf5f9c69743609+0x3a/0xe0c
 bpf_dispatcher_nop_func include/linux/bpf.h:785 [inline]
 __bpf_prog_run include/linux/filter.h:628 [inline]
 bpf_prog_run include/linux/filter.h:635 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:1880 [inline]
 bpf_trace_run3+0x1d1/0x380 kernel/trace/bpf_trace.c:1918
 __traceiter_workqueue_queue_work+0x79/0xd0 include/trace/events/workqueue.h:23
 trace_workqueue_queue_work include/trace/events/workqueue.h:23 [inline]
 __queue_work+0xc99/0xd00 kernel/workqueue.c:1512
 queue_work_on+0x14b/0x250 kernel/workqueue.c:1559
 queue_work include/linux/workqueue.h:512 [inline]
 stats_request+0xcc/0xf0 drivers/virtio/virtio_balloon.c:376
 vring_interrupt+0x212/0x360 drivers/virtio/virtio_ring.c:2175
 __handle_irq_event_percpu+0x292/0xa70 kernel/irq/handle.c:156
 handle_irq_event_percpu kernel/irq/handle.c:196 [inline]
 handle_irq_event+0xff/0x2b0 kernel/irq/handle.c:213
 handle_edge_irq+0x245/0xbf0 kernel/irq/chip.c:822
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq arch/x86/kernel/irq.c:231 [inline]
 __common_interrupt+0xd7/0x1f0 arch/x86/kernel/irq.c:250
 common_interrupt+0x9f/0xc0 arch/x86/kernel/irq.c:240
 </IRQ>
 <TASK>
 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:629
RIP: 0010:raw_spin_rq_unlock_irq+0x19/0x80 kernel/sched/sched.h:1339
Code: 38 c1 7c cb 4c 89 f7 e8 15 8e 70 00 eb c1 0f 1f 00 41 57 41 56 53 48 89 fb 66 90 48 89 df e8 fe 7a cd 08 e8 a9 49 2d 00 fb 5b <41> 5e 41 5f c3 49 bf 00 00 00 00 00 fc ff df 4c 8d b3 58 0d 00 00
RSP: 0018:ffffc90002da7688 EFLAGS: 00000282
RAX: 3cda2a41cadbd300 RBX: ffff8880b9b3a340 RCX: ffffffff81631878
RDX: dffffc0000000000 RSI: ffffffff8a8b2a00 RDI: ffffffff8ad8f240
RBP: ffffc90002da7870 R08: dffffc0000000000 R09: fffffbfff1f7ec1f
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8880143dbb80
R13: dffffc0000000000 R14: ffff8880143dbb80 R15: ffff8880143dbc00
 __schedule+0x1462/0x45b0 kernel/sched/core.c:6382
 preempt_schedule_irq+0xf7/0x1c0 kernel/sched/core.c:6780
 irqentry_exit+0x53/0x80 kernel/entry/common.c:432
 asm_sysvec_reschedule_ipi+0x16/0x20 arch/x86/include/asm/idtentry.h:643
RIP: 0010:lock_acquire+0x252/0x4f0 kernel/locking/lockdep.c:5627
Code: 2b 00 74 08 4c 89 f7 e8 8c 71 67 00 f6 44 24 61 02 0f 85 84 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
RSP: 0018:ffffc90002da7a00 EFLAGS: 00000206
RAX: 0000000000000001 RBX: 1ffff920005b4f4c RCX: ffffffff81636442
RDX: dffffc0000000000 RSI: ffffffff8a8b3ca0 RDI: ffffffff8ad8f240
RBP: ffffc90002da7b50 R08: dffffc0000000000 R09: fffffbfff1f7ec1f
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff920005b4f48
R13: dffffc0000000000 R14: ffffc90002da7a60 R15: 0000000000000246
 __might_fault+0xb4/0x110 mm/memory.c:5324
 fetch_robust_entry kernel/futex/core.c:3762 [inline]
 exit_robust_list+0x5a/0x300 kernel/futex/core.c:3793
 futex_cleanup kernel/futex/core.c:3845 [inline]
 futex_exit_release+0x140/0x1e0 kernel/futex/core.c:3946
 exit_mm_release+0x16/0x30 kernel/fork.c:1430
 exit_mm+0xad/0x7f0 kernel/exit.c:486
 do_exit+0x626/0x2480 kernel/exit.c:859
 do_group_exit+0x144/0x310 kernel/exit.c:994
 __do_sys_exit_group kernel/exit.c:1005 [inline]
 __se_sys_exit_group kernel/exit.c:1003 [inline]
 __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1003
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f6340c3a0f9
Code: 90 49 c7 c0 b8 ff ff ff be e7 00 00 00 ba 3c 00 00 00 eb 12 0f 1f 44 00 00 89 d0 0f 05 48 3d 00 f0 ff ff 77 1c f4 89 f0 0f 05 <48> 3d 00 f0 ff ff 76 e7 f7 d8 64 41 89 00 eb df 0f 1f 80 00 00 00
RSP: 002b:00007ffe878f18c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6340c3a0f9
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
RBP: 00007f6340cb52b0 R08: ffffffffffffffb8 R09: 00000000000000a0
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6340cb52b0
R13: 0000000000000000 R14: 00007f6340cb5d20 R15: 00007f6340c0b290
 </TASK>
----------------
Code disassembly (best guess):
   0:	38 c1                	cmp    %al,%cl
   2:	7c cb                	jl     0xffffffcf
   4:	4c 89 f7             	mov    %r14,%rdi
   7:	e8 15 8e 70 00       	call   0x708e21
   c:	eb c1                	jmp    0xffffffcf
   e:	0f 1f 00             	nopl   (%rax)
  11:	41 57                	push   %r15
  13:	41 56                	push   %r14
  15:	53                   	push   %rbx
  16:	48 89 fb             	mov    %rdi,%rbx
  19:	66 90                	xchg   %ax,%ax
  1b:	48 89 df             	mov    %rbx,%rdi
  1e:	e8 fe 7a cd 08       	call   0x8cd7b21
  23:	e8 a9 49 2d 00       	call   0x2d49d1
  28:	fb                   	sti
  29:	5b                   	pop    %rbx
* 2a:	41 5e                	pop    %r14 <-- trapping instruction
  2c:	41 5f                	pop    %r15
  2e:	c3                   	ret
  2f:	49 bf 00 00 00 00 00 	movabs $0xdffffc0000000000,%r15
  36:	fc ff df
  39:	4c 8d b3 58 0d 00 00 	lea    0xd58(%rbx),%r14