================================
WARNING: inconsistent lock state
6.1.94-syzkaller #0 Not tainted
--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
syz-executor.2/3749 [HC0[0]:SC1[1]:HE0:SE0] takes:
ffff8880b9835e90 (lock#10){+.?.}-{2:2}, at: local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
ffff8880b9835e90 (lock#10){+.?.}-{2:2}, at: __mmap_lock_do_trace_acquire_returned+0x84/0x670 mm/mmap_lock.c:237
{SOFTIRQ-ON-W} state was registered at:
  lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
  local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
  __mmap_lock_do_trace_acquire_returned+0x9d/0x670 mm/mmap_lock.c:237
  __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline]
  mmap_write_lock include/linux/mmap_lock.h:72 [inline]
  exit_mmap+0x85d/0x9f0 mm/mmap.c:3235
  __mmput+0x115/0x3c0 kernel/fork.c:1199
  exit_mm+0x226/0x300 kernel/exit.c:563
  do_exit+0x9f6/0x26a0 kernel/exit.c:856
  do_group_exit+0x202/0x2b0 kernel/exit.c:1019
  get_signal+0x16f7/0x17d0 kernel/signal.c:2862
  arch_do_signal_or_restart+0xb0/0x1a10 arch/x86/kernel/signal.c:871
  exit_to_user_mode_loop+0x6a/0x100 kernel/entry/common.c:174
  exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:210
  __syscall_exit_to_user_mode_work kernel/entry/common.c:292 [inline]
  syscall_exit_to_user_mode+0x60/0x270 kernel/entry/common.c:303
  do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:87
  entry_SYSCALL_64_after_hwframe+0x68/0xd2
irq event stamp: 1385
hardirqs last  enabled at (1384): [<ffffffff8154242f>] handle_softirqs+0x1ef/0xa40 kernel/softirq.c:555
hardirqs last disabled at (1385): [<ffffffff8a955ab9>] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:117 [inline]
hardirqs last disabled at (1385): [<ffffffff8a955ab9>] _raw_spin_lock_irq+0xa9/0x110 kernel/locking/spinlock.c:170
softirqs last  enabled at (1096): [<ffffffff8132e410>] __fpu_restore_sig arch/x86/kernel/fpu/signal.c:359 [inline]
softirqs last  enabled at (1096): [<ffffffff8132e410>] fpu__restore_sig+0x510/0x1300 arch/x86/kernel/fpu/signal.c:493
softirqs last disabled at (1383): [<ffffffff81542ee7>] __do_softirq kernel/softirq.c:605 [inline]
softirqs last disabled at (1383): [<ffffffff81542ee7>] invoke_softirq kernel/softirq.c:445 [inline]
softirqs last disabled at (1383): [<ffffffff81542ee7>] __irq_exit_rcu+0x157/0x240 kernel/softirq.c:654

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(lock#10);
  <Interrupt>
    lock(lock#10);

 *** DEADLOCK ***

6 locks held by syz-executor.2/3749:
 #0: ffff88807e8de460 (sb_writers#3){.+.+}-{0:0}, at: mnt_want_write+0x3b/0x80 fs/namespace.c:393
 #1: ffff8880738bf728 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: inode_lock_shared include/linux/fs.h:768 [inline]
 #1: ffff8880738bf728 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: open_last_lookups fs/namei.c:3551 [inline]
 #1: ffff8880738bf728 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: path_openat+0x7a7/0x2e60 fs/namei.c:3782
 #2: ffffffff8d204740 (fs_reclaim){+.+.}-{0:0}, at: might_alloc include/linux/sched/mm.h:271 [inline]
 #2: ffffffff8d204740 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook+0x2a/0x300 mm/slab.h:710
 #3: ffff8880b9828358 (&base->lock){-.-.}-{2:2}, at: __run_timers+0x111/0x890 kernel/time/timer.c:1802
 #4: ffffffff8d12acc0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #4: ffffffff8d12acc0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #4: ffffffff8d12acc0 (rcu_read_lock){....}-{1:2}, at: trace_call_bpf+0xbe/0x6a0 kernel/trace/bpf_trace.c:134
 #5: ffff888073c508d8 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #5: ffff888073c508d8 (&mm->mmap_lock){++++}-{3:3}, at: stack_map_get_build_id_offset+0x232/0x9c0 kernel/bpf/stackmap.c:144

stack backtrace:
CPU: 0 PID: 3749 Comm: syz-executor.2 Not tainted 6.1.94-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 valid_state+0x136/0x1c0 kernel/locking/lockdep.c:3969
 mark_lock_irq+0xa8/0xba0 kernel/locking/lockdep.c:4172
 mark_lock+0x21c/0x340 kernel/locking/lockdep.c:4628
 __lock_acquire+0xb7f/0x1f80 kernel/locking/lockdep.c:5003
 lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
 local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
 __mmap_lock_do_trace_acquire_returned+0x9d/0x670 mm/mmap_lock.c:237
 __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline]
 mmap_read_trylock include/linux/mmap_lock.h:137 [inline]
 stack_map_get_build_id_offset+0x99e/0x9c0 kernel/bpf/stackmap.c:144
 __bpf_get_stack+0x495/0x570 kernel/bpf/stackmap.c:452
 bpf_prog_e6cf5f9c69743609+0x3a/0x3e
 bpf_dispatcher_nop_func include/linux/bpf.h:989 [inline]
 __bpf_prog_run include/linux/filter.h:603 [inline]
 bpf_prog_run include/linux/filter.h:610 [inline]
 bpf_prog_run_array include/linux/bpf.h:1635 [inline]
 trace_call_bpf+0x345/0x6a0 kernel/trace/bpf_trace.c:135
 perf_trace_run_bpf_submit+0x7b/0x1d0 kernel/events/core.c:9924
 perf_trace_timer_class+0x2c8/0x380 include/trace/events/timer.h:12
 trace_timer_cancel include/trace/events/timer.h:138 [inline]
 debug_deactivate kernel/time/timer.c:832 [inline]
 detach_timer+0x2f4/0x380 kernel/time/timer.c:878
 expire_timers kernel/time/timer.c:1538 [inline]
 __run_timers+0x60c/0x890 kernel/time/timer.c:1820
 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1833
 handle_softirqs+0x2ee/0xa40 kernel/softirq.c:571
 __do_softirq kernel/softirq.c:605 [inline]
 invoke_softirq kernel/softirq.c:445 [inline]
 __irq_exit_rcu+0x157/0x240 kernel/softirq.c:654
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:666
 sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1106
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:653
RIP: 0010:check_preemption_disabled+0x49/0x110 lib/smp_processor_id.c:55
Code: 75 65 8b 05 41 3d 77 75 a9 ff ff ff 7f 74 22 65 48 8b 04 25 28 00 00 00 48 3b 44 24 08 0f 85 c7 00 00 00 89 d8 48 83 c4 10 5b <41> 5c 41 5e 41 5f c3 48 c7 04 24 00 00 00 00 9c 8f 04 24 f7 04 24
RSP: 0018:ffffc9000473f4c0 EFLAGS: 00000286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff816a8d27
RDX: 0000000000000000 RSI: ffffffff8b3d4640 RDI: ffffffff8b3d4600
RBP: ffffc9000473f630 R08: dffffc0000000000 R09: fffffbfff1ce7146
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff920008e7eac
R13: ffffffff81e14e11 R14: ffffc9000473f698 R15: dffffc0000000000
 rcu_dynticks_curr_cpu_in_eqs include/linux/context_tracking.h:122 [inline]
 rcu_is_watching+0x11/0xb0 kernel/rcu/tree.c:721
 trace_lock_release include/trace/events/lock.h:69 [inline]
 lock_release+0xd6/0xa20 kernel/locking/lockdep.c:5673
 might_alloc include/linux/sched/mm.h:272 [inline]
 slab_pre_alloc_hook+0x31/0x300 mm/slab.h:710
 slab_alloc_node mm/slub.c:3318 [inline]
 slab_alloc mm/slub.c:3406 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3413 [inline]
 kmem_cache_alloc_lru+0x4a/0x2d0 mm/slub.c:3429
 __d_alloc+0x31/0x710 fs/dcache.c:1770
 d_alloc fs/dcache.c:1850 [inline]
 d_alloc_parallel+0xdd/0x1590 fs/dcache.c:2639
 lookup_open fs/namei.c:3409 [inline]
 open_last_lookups fs/namei.c:3552 [inline]
 path_openat+0x90a/0x2e60 fs/namei.c:3782
 do_filp_open+0x230/0x480 fs/namei.c:3812
 do_sys_openat2+0x13b/0x500 fs/open.c:1318
 do_sys_open fs/open.c:1334 [inline]
 __do_sys_openat fs/open.c:1350 [inline]
 __se_sys_openat fs/open.c:1345 [inline]
 __x64_sys_openat+0x243/0x290 fs/open.c:1345
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fe2ec27bca0
Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 09 82 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 5c 82 02 00 8b 44
RSP: 002b:00007ffdded02c30 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000080001 RCX: 00007fe2ec27bca0
RDX: 0000000000080001 RSI: 00007fe2ec2da7e0 RDI: 00000000ffffff9c
RBP: 00007fe2ec2da7e0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004
R13: 00007ffdded02cd0 R14: 00007ffdded03260 R15: 0000000000000001
 </TASK>
----------------
Code disassembly (best guess):
   0:	75 65                	jne    0x67
   2:	8b 05 41 3d 77 75    	mov    0x75773d41(%rip),%eax        # 0x75773d49
   8:	a9 ff ff ff 7f       	test   $0x7fffffff,%eax
   d:	74 22                	je     0x31
   f:	65 48 8b 04 25 28 00 	mov    %gs:0x28,%rax
  16:	00 00
  18:	48 3b 44 24 08       	cmp    0x8(%rsp),%rax
  1d:	0f 85 c7 00 00 00    	jne    0xea
  23:	89 d8                	mov    %ebx,%eax
  25:	48 83 c4 10          	add    $0x10,%rsp
  29:	5b                   	pop    %rbx
* 2a:	41 5c                	pop    %r12 <-- trapping instruction
  2c:	41 5e                	pop    %r14
  2e:	41 5f                	pop    %r15
  30:	c3                   	ret
  31:	48 c7 04 24 00 00 00 	movq   $0x0,(%rsp)
  38:	00
  39:	9c                   	pushf
  3a:	8f 04 24             	pop    (%rsp)
  3d:	f7                   	.byte 0xf7
  3e:	04 24                	add    $0x24,%al