================================ WARNING: inconsistent lock state 6.8.0-syzkaller-05236-g443574b03387 #0 Not tainted -------------------------------- inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage. syz-executor.1/5193 [HC1[1]:SC0[0]:HE0:SE1] takes: ffff8880b9538528 (lock#10){?.+.}-{2:2}, at: local_lock_acquire include/linux/local_lock_internal.h:29 [inline] ffff8880b9538528 (lock#10){?.+.}-{2:2}, at: __mmap_lock_do_trace_acquire_returned+0x8f/0x600 mm/mmap_lock.c:237 {HARDIRQ-ON-W} state was registered at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 local_lock_acquire include/linux/local_lock_internal.h:29 [inline] __mmap_lock_do_trace_acquire_returned+0xa8/0x600 mm/mmap_lock.c:237 __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline] mmap_read_lock include/linux/mmap_lock.h:147 [inline] process_vm_rw_single_vec mm/process_vm_access.c:105 [inline] process_vm_rw_core mm/process_vm_access.c:216 [inline] process_vm_rw+0xa46/0xcf0 mm/process_vm_access.c:284 __do_sys_process_vm_readv mm/process_vm_access.c:296 [inline] __se_sys_process_vm_readv mm/process_vm_access.c:292 [inline] __x64_sys_process_vm_readv+0xe0/0x100 mm/process_vm_access.c:292 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 irq event stamp: 92 hardirqs last enabled at (91): [] lruvec_stat_mod_folio include/linux/vmstat.h:569 [inline] hardirqs last enabled at (91): [] __kmalloc_large_node+0x102/0x1f0 mm/slub.c:3929 hardirqs last disabled at (92): [] sysvec_call_function_single+0xe/0xc0 arch/x86/kernel/smp.c:266 softirqs last enabled at (0): [] rcu_lock_acquire include/linux/rcupdate.h:298 [inline] softirqs last enabled at (0): [] rcu_read_lock include/linux/rcupdate.h:750 [inline] softirqs last enabled at (0): [] copy_process+0xa03/0x3df0 kernel/fork.c:2258 softirqs last disabled at (0): [<0000000000000000>] 0x0 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(lock#10); lock(lock#10); *** DEADLOCK *** 2 locks held by syz-executor.1/5193: #0: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline] #0: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline] #0: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2380 [inline] #0: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x114/0x420 kernel/trace/bpf_trace.c:2420 #1: ffff88801e6201a0 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:165 [inline] #1: ffff88801e6201a0 (&mm->mmap_lock){++++}-{3:3}, at: stack_map_get_build_id_offset+0x237/0x9d0 kernel/bpf/stackmap.c:141 stack backtrace: CPU: 1 PID: 5193 Comm: syz-executor.1 Not tainted 6.8.0-syzkaller-05236-g443574b03387 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106 valid_state+0x13a/0x1c0 kernel/locking/lockdep.c:4013 mark_lock_irq+0xbb/0xc20 kernel/locking/lockdep.c:4216 mark_lock+0x223/0x350 kernel/locking/lockdep.c:4678 mark_usage kernel/locking/lockdep.c:4564 [inline] __lock_acquire+0xb8e/0x1fd0 kernel/locking/lockdep.c:5091 lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 local_lock_acquire include/linux/local_lock_internal.h:29 [inline] __mmap_lock_do_trace_acquire_returned+0xa8/0x600 mm/mmap_lock.c:237 __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline] mmap_read_trylock include/linux/mmap_lock.h:166 [inline] stack_map_get_build_id_offset+0x9b2/0x9d0 kernel/bpf/stackmap.c:141 __bpf_get_stack+0x4ad/0x5a0 kernel/bpf/stackmap.c:449 ____bpf_get_stack_raw_tp kernel/trace/bpf_trace.c:1985 [inline] bpf_get_stack_raw_tp+0x1a3/0x240 kernel/trace/bpf_trace.c:1975 bpf_prog_e6cf5f9c69743609+0x42/0x46 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x204/0x420 kernel/trace/bpf_trace.c:2420 trace_tlb_flush+0xfa/0x120 include/trace/events/tlb.h:38 flush_tlb_func+0x4e7/0x630 arch/x86/mm/tlb.c:895 csd_do_func kernel/smp.c:133 [inline] __flush_smp_call_function_queue+0x3ec/0x15b0 kernel/smp.c:511 __sysvec_call_function_single+0xa8/0x3e0 arch/x86/kernel/smp.c:271 instr_sysvec_call_function_single arch/x86/kernel/smp.c:266 [inline] sysvec_call_function_single+0x9e/0xc0 arch/x86/kernel/smp.c:266 asm_sysvec_call_function_single+0x1a/0x20 arch/x86/include/asm/idtentry.h:709 RIP: 0010:get_current arch/x86/include/asm/current.h:49 [inline] RIP: 0010:preempt_latency_start kernel/sched/core.c:5854 [inline] RIP: 0010:preempt_count_add+0xa1/0x190 kernel/sched/core.c:5877 Code: 8b 05 7b e3 9e 7e 25 ff ff ff 7f 39 d8 75 44 4c 8b 74 24 18 4c 89 f7 e8 dd fd 0d 00 85 c0 74 0a 45 31 f6 31 ff e8 cf fd 0d 00 <65> 48 8b 1c 25 80 ce 03 00 48 81 c3 c0 14 00 00 48 89 d8 48 c1 e8 RSP: 0018:ffffc90004746840 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff8b7ae900 RDX: ffff888019fdda00 RSI: 0000000000000001 RDI: ffffffff81409031 RBP: ffffc900047469a0 R08: ffffffff81409011 R09: 0000000000000000 R10: ffffc900047469a0 R11: fffff520008e8d40 R12: ffffc90004746a38 R13: dffffc0000000000 R14: ffffffff81409031 R15: ---------------- Code disassembly (best guess): 0: 8b 05 7b e3 9e 7e mov 0x7e9ee37b(%rip),%eax # 0x7e9ee381 6: 25 ff ff ff 7f and $0x7fffffff,%eax b: 39 d8 cmp %ebx,%eax d: 75 44 jne 0x53 f: 4c 8b 74 24 18 mov 0x18(%rsp),%r14 14: 4c 89 f7 mov %r14,%rdi 17: e8 dd fd 0d 00 call 0xdfdf9 1c: 85 c0 test %eax,%eax 1e: 74 0a je 0x2a 20: 45 31 f6 xor %r14d,%r14d 23: 31 ff xor %edi,%edi 25: e8 cf fd 0d 00 call 0xdfdf9 * 2a: 65 48 8b 1c 25 80 ce mov %gs:0x3ce80,%rbx <-- trapping instruction 31: 03 00 33: 48 81 c3 c0 14 00 00 add $0x14c0,%rbx 3a: 48 89 d8 mov %rbx,%rax 3d: 48 rex.W 3e: c1 .byte 0xc1 3f: e8 .byte 0xe8