=============================
[ BUG: Invalid wait context ]
6.13.0-rc3-syzkaller-00026-g59dbb9d81adf #0 Not tainted
-----------------------------
syz-executor367/6047 is trying to lock:
ffffffff8e4210f8 (kernfs_rename_lock){....}-{3:3}, at: kernfs_path_from_node+0x29/0x60 fs/kernfs/dir.c:229
other info that might help us debug this:
context-{3:3}
6 locks held by syz-executor367/6047:
 #0: ffffffff8e1bb840 (rcu_read_lock_sched){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #0: ffffffff8e1bb840 (rcu_read_lock_sched){....}-{1:2}, at: rcu_read_lock_sched include/linux/rcupdate.h:941 [inline]
 #0: ffffffff8e1bb840 (rcu_read_lock_sched){....}-{1:2}, at: pfn_valid include/linux/mmzone.h:2048 [inline]
 #0: ffffffff8e1bb840 (rcu_read_lock_sched){....}-{1:2}, at: __virt_addr_valid+0x1a4/0x590 arch/x86/mm/physaddr.c:65
 #1: ffffffff8e1bb7e0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #1: ffffffff8e1bb7e0 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2561 [inline]
 #1: ffffffff8e1bb7e0 (rcu_callback){....}-{0:0}, at: rcu_core+0x741/0x14d0 kernel/rcu/tree.c:2823
 #2: ffffffff8e1bb900 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #2: ffffffff8e1bb900 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #2: ffffffff8e1bb900 (rcu_read_lock){....}-{1:3}, at: __queue_work+0xf2/0x1080 kernel/workqueue.c:2259
 #3: ffff88806a83db18 (&pool->lock){-.-.}-{2:2}, at: __queue_work+0x26b/0x1080 kernel/workqueue.c:2299
 #4: ffffffff8e1bb900 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #4: ffffffff8e1bb900 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #4: ffffffff8e1bb900 (rcu_read_lock){....}-{1:3}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2361 [inline]
 #4: ffffffff8e1bb900 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run3+0x1d1/0x5a0 kernel/trace/bpf_trace.c:2404
 #5: ffff888024151f20 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_trylock include/linux/mmap_lock.h:163 [inline]
 #5: ffff888024151f20 (&mm->mmap_lock){++++}-{4:4}, at: stack_map_get_build_id_offset+0x19a/0x6f0 kernel/bpf/stackmap.c:157
stack backtrace:
CPU: 2 UID: 0 PID: 6047 Comm: syz-executor367 Not tainted 6.13.0-rc3-syzkaller-00026-g59dbb9d81adf #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4826 [inline]
 check_wait_context kernel/locking/lockdep.c:4898 [inline]
 __lock_acquire+0x878/0x3c40 kernel/locking/lockdep.c:5176
 lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5849
 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
 _raw_read_lock_irqsave+0x46/0x90 kernel/locking/spinlock.c:236
 kernfs_path_from_node+0x29/0x60 fs/kernfs/dir.c:229
 kernfs_path include/linux/kernfs.h:598 [inline]
 cgroup_path include/linux/cgroup.h:599 [inline]
 get_mm_memcg_path.constprop.0+0xb7/0x3d0 mm/mmap_lock.c:59
 __mmap_lock_do_trace_acquire_returned.part.0+0x95/0x2d0 mm/mmap_lock.c:79
 __mmap_lock_do_trace_acquire_returned+0x33/0x40 include/trace/events/mmap_lock.h:48
 __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline]
 mmap_read_trylock include/linux/mmap_lock.h:164 [inline]
 stack_map_get_build_id_offset+0x535/0x6f0 kernel/bpf/stackmap.c:157
 __bpf_get_stack+0x308/0xa20 kernel/bpf/stackmap.c:483
 ____bpf_get_stack kernel/bpf/stackmap.c:499 [inline]
 bpf_get_stack+0x32/0x40 kernel/bpf/stackmap.c:496
 ____bpf_get_stack_raw_tp kernel/trace/bpf_trace.c:1944 [inline]
 bpf_get_stack_raw_tp+0x124/0x160 kernel/trace/bpf_trace.c:1934
 bpf_prog_e6cf5f9c69743609+0x43/0x47
 bpf_dispatcher_nop_func include/linux/bpf.h:1290 [inline]
 __bpf_prog_run include/linux/filter.h:701 [inline]
 bpf_prog_run include/linux/filter.h:708 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2362 [inline]
 bpf_trace_run3+0x240/0x5a0 kernel/trace/bpf_trace.c:2404
 __bpf_trace_workqueue_queue_work+0x101/0x140 include/trace/events/workqueue.h:23
 trace_workqueue_queue_work include/trace/events/workqueue.h:23 [inline]
 __queue_work+0x4fa/0x1080 kernel/workqueue.c:2321
 queue_work_on+0x11a/0x140 kernel/workqueue.c:2390
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:561
 __do_softirq kernel/softirq.c:595 [inline]
 invoke_softirq kernel/softirq.c:435 [inline]
 __irq_exit_rcu+0x109/0x170 kernel/softirq.c:662
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_acquire.part.0+0x155/0x380 kernel/locking/lockdep.c:5814
Code: b8 ff ff ff ff 65 0f c1 05 40 c1 8b 7e 83 f8 01 0f 85 d0 01 00 00 9c 58 f6 c4 02 0f 85 e5 01 00 00 48 85 ed 0f 85 b6 01 00 00 <48> b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 00 00 00 48 c7
RSP: 0018:ffffc900048d7bc0 EFLAGS: 00000206
RAX: 0000000000000046 RBX: 1ffff9200091af79 RCX: 00000000521e9cf7
RDX: 0000000000000001 RSI: ffffffff8b6cdb60 RDI: ffffffff8bd1e860
RBP: 0000000000000200 R08: 0000000000000000 R09: fffffbfff2dca198
R10: ffffffff96e50cc7 R11: 0000000000000000 R12: 0000000000000000
R13: ffffffff8e1bb840 R14: 0000000000000000 R15: 0000000000000000
 rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 rcu_read_lock_sched include/linux/rcupdate.h:941 [inline]
 pfn_valid include/linux/mmzone.h:2048 [inline]
 __virt_addr_valid+0x1aa/0x590 arch/x86/mm/physaddr.c:65
 check_heap_object mm/usercopy.c:189 [inline]
 __check_object_size mm/usercopy.c:251 [inline]
 __check_object_size+0x139/0x710 mm/usercopy.c:213
 check_object_size include/linux/thread_info.h:228 [inline]
 strncpy_from_user+0x83/0x2d0 lib/strncpy_from_user.c:124
 getname_flags.part.0+0x8f/0x550 fs/namei.c:150
 getname_flags include/linux/audit.h:322 [inline]
 getname+0x8d/0xe0 fs/namei.c:223
 do_sys_openat2+0x104/0x1e0 fs/open.c:1396
 do_sys_open fs/open.c:1417 [inline]
 __do_sys_openat fs/open.c:1433 [inline]
 __se_sys_openat fs/open.c:1428 [inline]
 __x64_sys_openat+0x175/0x210 fs/open.c:1428
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f144fb22091
Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d fa 8f 07 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25
RSP: 002b:00007ffe37baccb0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000080001 RCX: 00007f144fb22091
RDX: 0000000000080001 RSI: 00007f144fb6c022 RDI: 00000000ffffff9c
RBP: 00007f144fb6c022 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffe37bacd50
R13: 00007ffe37bad22c R14: 00007ffe37bad240 R15: 00007ffe37bad230
 </TASK>
----------------
Code disassembly (best guess):
   0:	b8 ff ff ff ff       	mov    $0xffffffff,%eax
   5:	65 0f c1 05 40 c1 8b 	xadd   %eax,%gs:0x7e8bc140(%rip)        # 0x7e8bc14d
   c:	7e
   d:	83 f8 01             	cmp    $0x1,%eax
  10:	0f 85 d0 01 00 00    	jne    0x1e6
  16:	9c                   	pushf
  17:	58                   	pop    %rax
  18:	f6 c4 02             	test   $0x2,%ah
  1b:	0f 85 e5 01 00 00    	jne    0x206
  21:	48 85 ed             	test   %rbp,%rbp
  24:	0f 85 b6 01 00 00    	jne    0x1e0
* 2a:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax <-- trapping instruction
  31:	fc ff df
  34:	48 01 c3             	add    %rax,%rbx
  37:	48 c7 03 00 00 00 00 	movq   $0x0,(%rbx)
  3e:	48                   	rex.W
  3f:	c7                   	.byte 0xc7