================================
WARNING: inconsistent lock state
syzkaller #0 Not tainted
--------------------------------
inconsistent {INITIAL USE} -> {IN-NMI} usage.
syz.0.2060/10500 [HC1[1]:SC0[0]:HE0:SE1] takes:
ffff8880240b7aa0 (&htab->lockdep_key){....}-{2:2}, at: htab_lock_bucket kernel/bpf/hashtab.c:183 [inline]
ffff8880240b7aa0 (&htab->lockdep_key){....}-{2:2}, at: htab_map_delete_elem+0x1b2/0x520 kernel/bpf/hashtab.c:1361
{INITIAL USE} state was registered at:
  lock_acquire+0x19e/0x400 kernel/locking/lockdep.c:5623
  __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
  _raw_spin_lock_irqsave+0xb0/0x100 kernel/locking/spinlock.c:162
  htab_lock_bucket kernel/bpf/hashtab.c:183 [inline]
  htab_map_update_elem+0x225/0xa40 kernel/bpf/hashtab.c:1082
  bpf_map_update_value+0x57d/0x650 kernel/bpf/syscall.c:223
  map_update_elem+0x626/0x770 kernel/bpf/syscall.c:1194
  __sys_bpf+0x46b/0x6f0 kernel/bpf/syscall.c:4645
  __do_sys_bpf kernel/bpf/syscall.c:4761 [inline]
  __se_sys_bpf kernel/bpf/syscall.c:4759 [inline]
  __x64_sys_bpf+0x78/0x90 kernel/bpf/syscall.c:4759
  do_syscall_x64 arch/x86/entry/common.c:50 [inline]
  do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
  entry_SYSCALL_64_after_hwframe+0x66/0xd0
irq event stamp: 960
hardirqs last  enabled at (959): [<ffffffff89e00d06>] asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:676
hardirqs last disabled at (960): [<ffffffff89bd56d9>] exc_debug_user arch/x86/kernel/traps.c:972 [inline]
hardirqs last disabled at (960): [<ffffffff89bd56d9>] noist_exc_debug+0x49/0x120 arch/x86/kernel/traps.c:1035
softirqs last  enabled at (798): [<ffffffff81870329>] bpf_prog_load+0x10f9/0x1510 kernel/bpf/syscall.c:2380
softirqs last disabled at (796): [<ffffffff81856529>] spin_lock_bh include/linux/spinlock.h:369 [inline]
softirqs last disabled at (796): [<ffffffff81856529>] bpf_ksym_add+0x29/0x340 kernel/bpf/core.c:633

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&htab->lockdep_key);
  <Interrupt>
    lock(&htab->lockdep_key);

 *** DEADLOCK ***

2 locks held by syz.0.2060/10500:
 #0: ffff88805acb6068 (&p->vtime.seqcount){....}-{0:0}, at: __context_tracking_exit+0x4c/0x80 kernel/context_tracking.c:160
 #1: ffffffff8c31f360 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x9/0x30 include/linux/rcupdate.h:313

stack backtrace:
CPU: 0 PID: 10500 Comm: syz.0.2060 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Call Trace:
 <#DB>
 dump_stack_lvl+0x188/0x250 lib/dump_stack.c:106
 lock_acquire+0x2c3/0x400 kernel/locking/lockdep.c:5614
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0xb0/0x100 kernel/locking/spinlock.c:162
 htab_lock_bucket kernel/bpf/hashtab.c:183 [inline]
 htab_map_delete_elem+0x1b2/0x520 kernel/bpf/hashtab.c:1361
 bpf_prog_2c29ac5cdc6b1842+0x3a/0xb94
 bpf_dispatcher_nop_func include/linux/bpf.h:888 [inline]
 __bpf_prog_run include/linux/filter.h:628 [inline]
 bpf_prog_run include/linux/filter.h:635 [inline]
 bpf_overflow_handler+0x1c2/0x4a0 kernel/events/core.c:10297
 __perf_event_overflow+0x364/0x530 kernel/events/core.c:9515
 perf_bp_event+0x276/0x320 kernel/events/core.c:10484
 hw_breakpoint_handler arch/x86/kernel/hw_breakpoint.c:555 [inline]
 hw_breakpoint_exceptions_notify+0x152/0x470 arch/x86/kernel/hw_breakpoint.c:586
 notifier_call_chain kernel/notifier.c:83 [inline]
 atomic_notifier_call_chain+0x15d/0x280 kernel/notifier.c:198
 notify_die+0x141/0x1a0 kernel/notifier.c:529
 notify_debug+0x20/0x30 arch/x86/kernel/traps.c:872
 exc_debug_kernel arch/x86/kernel/traps.c:929 [inline]
 exc_debug+0xcf/0x130 arch/x86/kernel/traps.c:1029
 asm_exc_debug+0x1a/0x40 arch/x86/include/asm/idtentry.h:642
RIP: 0010:__get_user_nocheck_8+0x9/0x13 arch/x86/lib/getuser.S:160
Code: 90 0f 01 cb 0f ae e8 0f b7 10 31 c0 0f 01 ca c3 90 0f 01 cb 0f ae e8 8b 10 31 c0 0f 01 ca c3 90 90 0f 01 cb 0f ae e8 48 8b 10 <31> c0 0f 01 ca c3 90 0f 01 ca 31 d2 48 c7 c0 f2 ff ff ff c3 00 00
RSP: 0000:ffffc90002fef580 EFLAGS: 00040806
RAX: 0000200000000300 RBX: 0000000000000000 RCX: ffff88805acb5940
RDX: 00006370692f736e RSI: 0000200000000300 RDI: 00007fffffffeff0
RBP: 0000000000000007 R08: ffffffff8d8a06ef R09: 1ffffffff1b140dd
R10: dffffc0000000000 R11: fffffbfff1b140de R12: 0000200000000300
R13: 00007fffffffeff0 R14: 00000000ffffffff R15: dffffc0000000000
 </#DB>
 <TASK>
 perf_callchain_user+0x40e/0xfd0 arch/x86/events/core.c:2900
 get_perf_callchain+0x33d/0x460 kernel/events/callchain.c:221
 perf_callchain kernel/events/core.c:7606 [inline]
 perf_prepare_sample+0x352/0x1cd0 kernel/events/core.c:7633
 __perf_event_output kernel/events/core.c:7802 [inline]
 perf_event_output_forward+0x185/0x2e0 kernel/events/core.c:7822
 __perf_event_overflow+0x364/0x530 kernel/events/core.c:9515
 perf_tp_event+0x383/0xbf0 kernel/events/core.c:10047
 perf_trace_run_bpf_submit+0xf3/0x1c0 kernel/events/core.c:10021
 perf_trace_lock+0x301/0x390 include/trace/events/lock.h:39
 trace_lock_release include/trace/events/lock.h:58 [inline]
 lock_release+0x84a/0x8a0 kernel/locking/lockdep.c:5634
 do_write_seqcount_end include/linux/seqlock.h:565 [inline]
 vtime_user_exit+0x2c8/0x3e0 kernel/sched/cputime.c:732
 __context_tracking_exit+0x4c/0x80 kernel/context_tracking.c:160
 user_exit_irqoff include/linux/context_tracking.h:47 [inline]
 __enter_from_user_mode kernel/entry/common.c:22 [inline]
 irqentry_enter_from_user_mode+0x22/0x40 kernel/entry/common.c:314
 exc_debug_user arch/x86/kernel/traps.c:972 [inline]
 noist_exc_debug+0x49/0x120 arch/x86/kernel/traps.c:1035
 asm_exc_debug+0x2f/0x40 arch/x86/include/asm/idtentry.h:642
RIP: 0033:0x7f074628dbfd
Code: 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 89 f8 48 89 fa c5 f9 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 27 01 00 00 c5 fd 74 0f <c5> fd d7 c1 85 c0 74 5b f3 0f bc c0 e9 30 01 00 00 66 90 f3 0f bc
RSP: 002b:00007f07445078a8 EFLAGS: 00000283
RAX: 0000000000000300 RBX: 00007f0744507de0 RCX: 2f666c65732f636f
RDX: 0000200000000300 RSI: 00007f074636f140 RDI: 0000200000000300
RBP: 0000200000000300 R08: 00007f0744508010 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000073 R14: 00007f07463440dd R15: 00007f0744507ea0
 </TASK>
----------------
Code disassembly (best guess):
   0:	90                   	nop
   1:	0f 01 cb             	stac
   4:	0f ae e8             	lfence
   7:	0f b7 10             	movzwl (%rax),%edx
   a:	31 c0                	xor    %eax,%eax
   c:	0f 01 ca             	clac
   f:	c3                   	ret
  10:	90                   	nop
  11:	0f 01 cb             	stac
  14:	0f ae e8             	lfence
  17:	8b 10                	mov    (%rax),%edx
  19:	31 c0                	xor    %eax,%eax
  1b:	0f 01 ca             	clac
  1e:	c3                   	ret
  1f:	90                   	nop
  20:	90                   	nop
  21:	0f 01 cb             	stac
  24:	0f ae e8             	lfence
  27:	48 8b 10             	mov    (%rax),%rdx
* 2a:	31 c0                	xor    %eax,%eax <-- trapping instruction
  2c:	0f 01 ca             	clac
  2f:	c3                   	ret
  30:	90                   	nop
  31:	0f 01 ca             	clac
  34:	31 d2                	xor    %edx,%edx
  36:	48 c7 c0 f2 ff ff ff 	mov    $0xfffffffffffffff2,%rax
  3d:	c3                   	ret