================================
WARNING: inconsistent lock state
6.1.100-syzkaller #0 Not tainted
--------------------------------
inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
syz.4.623/6252 [HC1[1]:SC0[0]:HE0:SE1] takes:
ffff8880b9935e90 (lock#10){?.+.}-{2:2}, at: local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
ffff8880b9935e90 (lock#10){?.+.}-{2:2}, at: __mmap_lock_do_trace_acquire_returned+0x84/0x670 mm/mmap_lock.c:237
{HARDIRQ-ON-W} state was registered at:
  lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
  local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
  __mmap_lock_do_trace_acquire_returned+0x9d/0x670 mm/mmap_lock.c:237
  __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline]
  mmap_read_trylock include/linux/mmap_lock.h:137 [inline]
  get_mmap_lock_carefully mm/memory.c:5304 [inline]
  lock_mm_and_find_vma+0x219/0x2e0 mm/memory.c:5366
  do_user_addr_fault arch/x86/mm/fault.c:1312 [inline]
  handle_page_fault arch/x86/mm/fault.c:1431 [inline]
  exc_page_fault+0x169/0x620 arch/x86/mm/fault.c:1487
  asm_exc_page_fault+0x22/0x30 arch/x86/include/asm/idtentry.h:570
  strncpy_from_user+0x159/0x360 lib/strncpy_from_user.c:139
  strncpy_from_bpfptr include/linux/bpfptr.h:85 [inline]
  bpf_prog_load+0x188/0x1bb0 kernel/bpf/syscall.c:2530
  __sys_bpf+0x382/0x6c0 kernel/bpf/syscall.c:5020
  __do_sys_bpf kernel/bpf/syscall.c:5124 [inline]
  __se_sys_bpf kernel/bpf/syscall.c:5122 [inline]
  __x64_sys_bpf+0x78/0x90 kernel/bpf/syscall.c:5122
  do_syscall_x64 arch/x86/entry/common.c:51 [inline]
  do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81
  entry_SYSCALL_64_after_hwframe+0x68/0xd2
irq event stamp: 18
hardirqs last  enabled at (17): [<ffffffff81e9003e>] folio_memcg_lock+0x1be/0x380 mm/memcontrol.c:2110
hardirqs last disabled at (18): [<ffffffff8a8b4d6a>] sysvec_call_function_single+0xa/0xb0 arch/x86/kernel/smp.c:262
softirqs last  enabled at (0): [<ffffffff8151ccc1>] rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
softirqs last  enabled at (0): [<ffffffff8151ccc1>] rcu_read_lock include/linux/rcupdate.h:791 [inline]
softirqs last  enabled at (0): [<ffffffff8151ccc1>] copy_process+0x9e1/0x4060 kernel/fork.c:2132
softirqs last disabled at (0): [<0000000000000000>] 0x0

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(lock#10);
  <Interrupt>
    lock(lock#10);

 *** DEADLOCK ***

6 locks held by syz.4.623/6252:
 #0: ffff888066f2db58 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff888066f2db58 (&mm->mmap_lock){++++}-{3:3}, at: get_mmap_lock_carefully mm/memory.c:5304 [inline]
 #0: ffff888066f2db58 (&mm->mmap_lock){++++}-{3:3}, at: lock_mm_and_find_vma+0x2e/0x2e0 mm/memory.c:5366
 #1: ffffffff8d12ad40 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #1: ffffffff8d12ad40 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #1: ffffffff8d12ad40 (rcu_read_lock){....}-{1:2}, at: filemap_map_pages+0x277/0x12c0 mm/filemap.c:3415
 #2: ffff888020fed138 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
 #2: ffff888020fed138 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: filemap_map_pages+0x958/0x12c0 mm/filemap.c:3426
 #3: ffffffff8d12ad40 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #3: ffffffff8d12ad40 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #3: ffffffff8d12ad40 (rcu_read_lock){....}-{1:2}, at: folio_memcg_lock+0x85/0x380 mm/memcontrol.c:2098
 #4: ffffffff8d12ad40 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #4: ffffffff8d12ad40 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #4: ffffffff8d12ad40 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2272 [inline]
 #4: ffffffff8d12ad40 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x110/0x410 kernel/trace/bpf_trace.c:2312
 #5: ffff888066f2db58 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #5: ffff888066f2db58 (&mm->mmap_lock){++++}-{3:3}, at: stack_map_get_build_id_offset+0x232/0x9c0 kernel/bpf/stackmap.c:144

stack backtrace:
CPU: 1 PID: 6252 Comm: syz.4.623 Not tainted 6.1.100-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 valid_state+0x136/0x1c0 kernel/locking/lockdep.c:3969
 mark_lock_irq+0xa8/0xba0 kernel/locking/lockdep.c:4172
 mark_lock+0x21c/0x340 kernel/locking/lockdep.c:4628
 mark_usage kernel/locking/lockdep.c:4520 [inline]
 __lock_acquire+0xb40/0x1f80 kernel/locking/lockdep.c:5003
 lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
 local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
 __mmap_lock_do_trace_acquire_returned+0x9d/0x670 mm/mmap_lock.c:237
 __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline]
 mmap_read_trylock include/linux/mmap_lock.h:137 [inline]
 stack_map_get_build_id_offset+0x99e/0x9c0 kernel/bpf/stackmap.c:144
 __bpf_get_stack+0x495/0x570 kernel/bpf/stackmap.c:452
 ____bpf_get_stack_raw_tp kernel/trace/bpf_trace.c:1877 [inline]
 bpf_get_stack_raw_tp+0x1b2/0x220 kernel/trace/bpf_trace.c:1867
 bpf_prog_ec3b2eefa702d8d3+0x3a/0x3e
 bpf_dispatcher_nop_func include/linux/bpf.h:989 [inline]
 __bpf_prog_run include/linux/filter.h:603 [inline]
 bpf_prog_run include/linux/filter.h:610 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2273 [inline]
 bpf_trace_run2+0x1fd/0x410 kernel/trace/bpf_trace.c:2312
 trace_tlb_flush+0x151/0x1a0 include/trace/events/tlb.h:38
 flush_tlb_func+0x4e3/0x620 arch/x86/mm/tlb.c:875
 __flush_smp_call_function_queue+0x2d9/0xd00 kernel/smp.c:641
 __sysvec_call_function_single+0xbb/0x360 arch/x86/kernel/smp.c:267
 sysvec_call_function_single+0x89/0xb0 arch/x86/kernel/smp.c:262
 </IRQ>
 <TASK>
 asm_sysvec_call_function_single+0x16/0x20 arch/x86/include/asm/idtentry.h:661
RIP: 0010:debug_lockdep_rcu_enabled+0x12/0x30 kernel/rcu/update.c:280
Code: 25 ec 8a e8 e0 31 c7 f6 0f 0b eb d0 cc cc cc cc cc cc cc cc cc cc cc cc 31 c0 83 3d f7 25 e8 03 00 74 1d 83 3d 82 59 e8 03 00 <74> 14 65 48 8b 0d d4 0f 77 75 31 c0 83 b9 dc 0a 00 00 00 0f 94 c0
RSP: 0000:ffffc90005777878 EFLAGS: 00000202
RAX: 0000000000000000 RBX: ffffea0001c78840 RCX: 1ffff92000aeee90
RDX: dffffc0000000000 RSI: ffffffff8aec13c0 RDI: ffffffff8b3d48a0
RBP: ffffc90005777948 R08: dffffc0000000000 R09: fffffbfff2093845
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888066f2da00
R13: ffff888021107af8 R14: ffffea0001c78840 R15: 0000000000000000
 rcu_read_lock include/linux/rcupdate.h:792 [inline]
 folio_memcg_lock+0xaf/0x380 mm/memcontrol.c:2098
 page_add_file_rmap+0xe2/0x12f0 mm/rmap.c:1293
 do_set_pte+0x381/0x590 mm/memory.c:4405
 filemap_map_pages+0xc7c/0x12c0 mm/filemap.c:3452
 do_fault_around mm/memory.c:4581 [inline]
 do_read_fault mm/memory.c:4607 [inline]
 do_fault mm/memory.c:4741 [inline]
 handle_pte_fault mm/memory.c:5013 [inline]
 __handle_mm_fault mm/memory.c:5155 [inline]
 handle_mm_fault+0x33e2/0x5340 mm/memory.c:5276
 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline]
 handle_page_fault arch/x86/mm/fault.c:1431 [inline]
 exc_page_fault+0x26f/0x620 arch/x86/mm/fault.c:1487
 asm_exc_page_fault+0x22/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0033:0x7fd84fb0c570
Code: Unable to access opcode bytes at 0x7fd84fb0c546.
RSP: 002b:00007fd8509b1118 EFLAGS: 00010246
RAX: fffffffffffffeb8 RBX: 00007fd8509b16c0 RCX: 00007fd84fba9b29
RDX: 00007fd8509b1d78 RSI: 0000000000000058 RDI: 00007fd8509b16c0
RBP: 0000000000000000 R08: 00007fd8509b16c0 R09: 00007ffc58769327
R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffa8
R13: 000000000000000b R14: 00007ffc58769240 R15: 00007ffc58769328
 </TASK>
----------------
Code disassembly (best guess):
   0:	25 ec 8a e8 e0       	and    $0xe0e88aec,%eax
   5:	31 c7                	xor    %eax,%edi
   7:	f6 0f 0b             	testb  $0xb,(%rdi)
   a:	eb d0                	jmp    0xffffffdc
   c:	cc                   	int3
   d:	cc                   	int3
   e:	cc                   	int3
   f:	cc                   	int3
  10:	cc                   	int3
  11:	cc                   	int3
  12:	cc                   	int3
  13:	cc                   	int3
  14:	cc                   	int3
  15:	cc                   	int3
  16:	cc                   	int3
  17:	cc                   	int3
  18:	31 c0                	xor    %eax,%eax
  1a:	83 3d f7 25 e8 03 00 	cmpl   $0x0,0x3e825f7(%rip)        # 0x3e82618
  21:	74 1d                	je     0x40
  23:	83 3d 82 59 e8 03 00 	cmpl   $0x0,0x3e85982(%rip)        # 0x3e859ac
* 2a:	74 14                	je     0x40 <-- trapping instruction
  2c:	65 48 8b 0d d4 0f 77 	mov    %gs:0x75770fd4(%rip),%rcx        # 0x75771008
  33:	75
  34:	31 c0                	xor    %eax,%eax
  36:	83 b9 dc 0a 00 00 00 	cmpl   $0x0,0xadc(%rcx)
  3d:	0f 94 c0             	sete   %al