================================ WARNING: inconsistent lock state 6.10.0-syzkaller-04559-g7d30b8aa4fc3 #0 Not tainted -------------------------------- inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage. syz.2.22/5377 [HC0[0]:SC0[0]:HE1:SE1] takes: ffff8880b9338798 (lock#10){?...}-{2:2}, at: local_lock_acquire include/linux/local_lock_internal.h:29 [inline] ffff8880b9338798 (lock#10){?...}-{2:2}, at: __mmap_lock_do_trace_released+0x83/0x620 mm/mmap_lock.c:243 {IN-HARDIRQ-W} state was registered at: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5753 local_lock_acquire include/linux/local_lock_internal.h:29 [inline] __mmap_lock_do_trace_released+0x9c/0x620 mm/mmap_lock.c:243 __mmap_lock_trace_released include/linux/mmap_lock.h:42 [inline] mmap_read_unlock_non_owner include/linux/mmap_lock.h:176 [inline] do_mmap_read_unlock+0x5d/0x60 kernel/bpf/task_iter.c:1046 irq_work_single+0xe2/0x240 kernel/irq_work.c:221 irq_work_run_list kernel/irq_work.c:252 [inline] irq_work_run+0x18b/0x350 kernel/irq_work.c:261 __sysvec_irq_work+0xb8/0x430 arch/x86/kernel/irq_work.c:22 instr_sysvec_irq_work arch/x86/kernel/irq_work.c:17 [inline] sysvec_irq_work+0x9e/0xc0 arch/x86/kernel/irq_work.c:17 asm_sysvec_irq_work+0x1a/0x20 arch/x86/include/asm/idtentry.h:738 put_flush_tlb_info arch/x86/mm/tlb.c:994 [inline] flush_tlb_mm_range+0x3e7/0x5c0 arch/x86/mm/tlb.c:1035 flush_tlb_page arch/x86/include/asm/tlbflush.h:254 [inline] ptep_clear_flush+0x11a/0x170 mm/pgtable-generic.c:101 wp_page_copy mm/memory.c:3351 [inline] do_wp_page+0x1bf0/0x52f0 mm/memory.c:3677 handle_pte_fault+0x117e/0x7090 mm/memory.c:5397 __handle_mm_fault mm/memory.c:5524 [inline] handle_mm_fault+0x10df/0x1ba0 mm/memory.c:5689 do_user_addr_fault arch/x86/mm/fault.c:1338 [inline] handle_page_fault arch/x86/mm/fault.c:1481 [inline] exc_page_fault+0x459/0x8c0 arch/x86/mm/fault.c:1539 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 irq event stamp: 1841 hardirqs last enabled at (1841): [] mod_objcg_state+0x583/0x930 mm/memcontrol.c:3534 hardirqs last disabled at (1840): [] mod_objcg_state+0xe6/0x930 mm/memcontrol.c:3481 softirqs last enabled at (1174): [] __do_softirq kernel/softirq.c:588 [inline] softirqs last enabled at (1174): [] invoke_softirq kernel/softirq.c:428 [inline] softirqs last enabled at (1174): [] __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637 softirqs last disabled at (1081): [] __do_softirq kernel/softirq.c:588 [inline] softirqs last disabled at (1081): [] invoke_softirq kernel/softirq.c:428 [inline] softirqs last disabled at (1081): [] __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(lock#10); lock(lock#10); *** DEADLOCK *** 2 locks held by syz.2.22/5377: #0: ffff88801cbec2f8 (&vma->vm_lock->lock){++++}-{3:3}, at: vma_start_read include/linux/mm.h:683 [inline] #0: ffff88801cbec2f8 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x2f9/0x6e0 mm/memory.c:5845 #1: ffff88801e84ea18 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:163 [inline] #1: ffff88801e84ea18 (&mm->mmap_lock){++++}-{3:3}, at: vmf_anon_prepare mm/memory.c:3234 [inline] #1: ffff88801e84ea18 (&mm->mmap_lock){++++}-{3:3}, at: do_anonymous_page mm/memory.c:4451 [inline] #1: ffff88801e84ea18 (&mm->mmap_lock){++++}-{3:3}, at: do_pte_missing mm/memory.c:3895 [inline] #1: ffff88801e84ea18 (&mm->mmap_lock){++++}-{3:3}, at: handle_pte_fault+0x57ad/0x7090 mm/memory.c:5381 stack backtrace: CPU: 1 PID: 5377 Comm: syz.2.22 Not tainted 6.10.0-syzkaller-04559-g7d30b8aa4fc3 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 valid_state+0x13a/0x1c0 kernel/locking/lockdep.c:4012 mark_lock_irq+0xbb/0xc20 kernel/locking/lockdep.c:4215 mark_lock+0x223/0x350 kernel/locking/lockdep.c:4677 mark_usage kernel/locking/lockdep.c:4586 [inline] __lock_acquire+0x112d/0x1fd0 kernel/locking/lockdep.c:5090 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5753 local_lock_acquire include/linux/local_lock_internal.h:29 [inline] __mmap_lock_do_trace_released+0x9c/0x620 mm/mmap_lock.c:243 __mmap_lock_trace_released include/linux/mmap_lock.h:42 [inline] mmap_read_unlock include/linux/mmap_lock.h:170 [inline] vmf_anon_prepare mm/memory.c:3242 [inline] do_anonymous_page mm/memory.c:4451 [inline] do_pte_missing mm/memory.c:3895 [inline] handle_pte_fault+0x6fa4/0x7090 mm/memory.c:5381 __handle_mm_fault mm/memory.c:5524 [inline] handle_mm_fault+0x10df/0x1ba0 mm/memory.c:5689 do_user_addr_fault arch/x86/mm/fault.c:1338 [inline] handle_page_fault arch/x86/mm/fault.c:1481 [inline] exc_page_fault+0x459/0x8c0 arch/x86/mm/fault.c:1539 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 RIP: 0033:0x7f6eefa4b1a0 Code: ff ff ff 01 64 48 8b 04 25 00 00 00 00 48 8d b8 c8 fe ff ff e8 a1 78 0c 00 85 c0 75 14 48 8b 44 24 78 48 8b b4 24 98 00 00 00 <48> 89 b0 00 00 00 20 64 f0 83 2c 25 90 ff ff ff 01 48 8b 44 24 70 RSP: 002b:00007fffcdd58520 EFLAGS: 00010246 RAX: 0000000000001400 RBX: 0000000000000002 RCX: ffffffffffffffff RDX: 2f9c7b6e6690b7e9 RSI: 0000000020000000 RDI: 00005555774c23c8 RBP: 00007fffcdd585f0 R08: 00007f6eefa00000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000032 R13: 00007fffcdd58610 R14: 00007fffcdd58630 R15: fffffffffffffffe