============================= [ BUG: Invalid wait context ] 6.13.0-syzkaller-gd0d106a2bd21 #0 Not tainted ----------------------------- syz.0.8/5942 is trying to lock: ffffffff8eac2478 (kernfs_rename_lock){....}-{3:3}, at: kernfs_path_from_node+0x92/0xb00 fs/kernfs/dir.c:229 other info that might help us debug this: context-{5:5} 5 locks held by syz.0.8/5942: #0: ffff888028527a90 (&vma->vm_lock->lock){++++}-{4:4}, at: vma_start_read include/linux/mm.h:717 [inline] #0: ffff888028527a90 (&vma->vm_lock->lock){++++}-{4:4}, at: lock_vma_under_rcu+0x34b/0x790 mm/memory.c:6278 #1: ffffffff8e93a120 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline] #1: ffffffff8e93a120 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline] #1: ffffffff8e93a120 (rcu_read_lock){....}-{1:3}, at: count_memcg_events_mm include/linux/memcontrol.h:994 [inline] #1: ffffffff8e93a120 (rcu_read_lock){....}-{1:3}, at: count_memcg_event_mm+0x94/0x420 include/linux/memcontrol.h:1004 #2: ffff8880b873e8d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:598 #3: ffffffff8e93a120 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline] #3: ffffffff8e93a120 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline] #3: ffffffff8e93a120 (rcu_read_lock){....}-{1:3}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2370 [inline] #3: ffffffff8e93a120 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run2+0x1fc/0x540 kernel/trace/bpf_trace.c:2412 #4: ffff8880281de5e0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_trylock include/linux/mmap_lock.h:209 [inline] #4: ffff8880281de5e0 (&mm->mmap_lock){++++}-{4:4}, at: stack_map_get_build_id_offset+0x431/0x870 kernel/bpf/stackmap.c:157 stack backtrace: CPU: 1 UID: 0 PID: 5942 Comm: syz.0.8 Not tainted 6.13.0-syzkaller-gd0d106a2bd21 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_lock_invalid_wait_context kernel/locking/lockdep.c:4828 [inline] check_wait_context kernel/locking/lockdep.c:4900 [inline] __lock_acquire+0x15a8/0x2100 kernel/locking/lockdep.c:5178 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0xdd/0x130 kernel/locking/spinlock.c:236 kernfs_path_from_node+0x92/0xb00 fs/kernfs/dir.c:229 kernfs_path include/linux/kernfs.h:598 [inline] cgroup_path include/linux/cgroup.h:599 [inline] get_mm_memcg_path+0x95/0x350 mm/mmap_lock.c:59 __mmap_lock_do_trace_acquire_returned+0xfc/0x300 mm/mmap_lock.c:79 __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline] mmap_read_trylock include/linux/mmap_lock.h:210 [inline] stack_map_get_build_id_offset+0x84d/0x870 kernel/bpf/stackmap.c:157 __bpf_get_stack+0x8da/0xad0 kernel/bpf/stackmap.c:483 ____bpf_get_stack kernel/bpf/stackmap.c:499 [inline] bpf_get_stack+0x33/0x50 kernel/bpf/stackmap.c:496 ____bpf_get_stack_raw_tp kernel/trace/bpf_trace.c:1948 [inline] bpf_get_stack_raw_tp+0x1a3/0x240 kernel/trace/bpf_trace.c:1938 bpf_prog_ec3b2eefa702d8d3+0x43/0x47 bpf_dispatcher_nop_func include/linux/bpf.h:1290 [inline] __bpf_prog_run include/linux/filter.h:701 [inline] bpf_prog_run include/linux/filter.h:708 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2371 [inline] bpf_trace_run2+0x2ec/0x540 kernel/trace/bpf_trace.c:2412 trace_tlb_flush+0x11c/0x140 include/trace/events/tlb.h:38 switch_mm_irqs_off+0x77a/0xa70 context_switch kernel/sched/core.c:5357 [inline] __schedule+0x10f2/0x4be0 kernel/sched/core.c:6760 preempt_schedule_irq+0xfb/0x1c0 kernel/sched/core.c:7082 irqentry_exit+0x5e/0x90 kernel/entry/common.c:354 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:debug_lockdep_rcu_enabled+0x2a/0x40 kernel/rcu/update.c:321 Code: f3 0f 1e fa 31 c0 83 3d c7 0e 48 04 00 74 1e 83 3d 6a 40 48 04 00 74 15 65 48 8b 0c 25 00 d6 03 00 31 c0 83 b9 dc 0a 00 00 00 <0f> 94 c0 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 RSP: 0000:ffffc900042efb88 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffff888024bd0000 RDX: ffff888024bd0000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffffc900042efc70 R08: ffffffff81ec66f0 R09: 1ffffffff285db08 R10: dffffc0000000000 R11: fffffbfff285db09 R12: ffff888024bd0000 R13: ffffffff81ec6624 R14: dffffc0000000000 R15: 1ffff9200085df78 rcu_read_lock_held_common kernel/rcu/update.c:105 [inline] rcu_read_lock_held+0xa/0x50 kernel/rcu/update.c:349 count_memcg_events_mm include/linux/memcontrol.h:995 [inline] count_memcg_event_mm+0x16e/0x420 include/linux/memcontrol.h:1004 mm_account_fault mm/memory.c:5978 [inline] handle_mm_fault+0x16f4/0x1bb0 mm/memory.c:6138 do_user_addr_fault arch/x86/mm/fault.c:1338 [inline] handle_page_fault arch/x86/mm/fault.c:1481 [inline] exc_page_fault+0x459/0x8b0 arch/x86/mm/fault.c:1539 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 RIP: 0033:0x7fdfdc85f462 Code: Unable to access opcode bytes at 0x7fdfdc85f438. RSP: 002b:00007ffcf9a1cf90 EFLAGS: 00010246 RAX: 00007fdfdcba5fa0 RBX: 00007fdfdcba7ba0 RCX: 0000000000000000 RDX: 0000000000006c07 RSI: 00007fdfdcba6038 RDI: 0000000000000008 RBP: 0000000000006c07 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: 00007fdfdcba6038 R13: 0000000000000000 R14: 0000000000000032 R15: 00000000000156f2 ---------------- Code disassembly (best guess): 0: f3 0f 1e fa endbr64 4: 31 c0 xor %eax,%eax 6: 83 3d c7 0e 48 04 00 cmpl $0x0,0x4480ec7(%rip) # 0x4480ed4 d: 74 1e je 0x2d f: 83 3d 6a 40 48 04 00 cmpl $0x0,0x448406a(%rip) # 0x4484080 16: 74 15 je 0x2d 18: 65 48 8b 0c 25 00 d6 mov %gs:0x3d600,%rcx 1f: 03 00 21: 31 c0 xor %eax,%eax 23: 83 b9 dc 0a 00 00 00 cmpl $0x0,0xadc(%rcx) * 2a: 0f 94 c0 sete %al <-- trapping instruction 2d: c3 ret 2e: cc int3 2f: cc int3 30: cc int3 31: cc int3 32: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1) 39: 00 00 00 3c: 0f 1f 40 00 nopl 0x0(%rax)