============================= [ BUG: Invalid wait context ] 6.13.0-syzkaller #0 Not tainted ----------------------------- syz.1.383/7323 is trying to lock: ffffffff8e4234f8 (kernfs_rename_lock){....}-{3:3}, at: kernfs_path_from_node+0x29/0x60 fs/kernfs/dir.c:229 other info that might help us debug this: context-{5:5} 3 locks held by syz.1.383/7323: #0: ffff8880b873ebd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 kernel/sched/core.c:598 #1: ffffffff8e1bb900 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline] #1: ffffffff8e1bb900 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline] #1: ffffffff8e1bb900 (rcu_read_lock){....}-{1:3}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2361 [inline] #1: ffffffff8e1bb900 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run2+0x1c2/0x590 kernel/trace/bpf_trace.c:2403 #2: ffff888029e501e0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_trylock include/linux/mmap_lock.h:163 [inline] #2: ffff888029e501e0 (&mm->mmap_lock){++++}-{4:4}, at: stack_map_get_build_id_offset+0x19a/0x6f0 kernel/bpf/stackmap.c:157 stack backtrace: CPU: 1 UID: 0 PID: 7323 Comm: syz.1.383 Not tainted 6.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_lock_invalid_wait_context kernel/locking/lockdep.c:4826 [inline] check_wait_context kernel/locking/lockdep.c:4898 [inline] __lock_acquire+0x878/0x3c40 kernel/locking/lockdep.c:5176 lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5849 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0x74/0x90 kernel/locking/spinlock.c:236 kernfs_path_from_node+0x29/0x60 fs/kernfs/dir.c:229 kernfs_path include/linux/kernfs.h:598 [inline] cgroup_path include/linux/cgroup.h:599 [inline] get_mm_memcg_path.constprop.0+0xb7/0x3d0 mm/mmap_lock.c:59 __mmap_lock_do_trace_acquire_returned.part.0+0x95/0x2d0 mm/mmap_lock.c:79 __mmap_lock_do_trace_acquire_returned+0x33/0x40 include/trace/events/mmap_lock.h:48 __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline] mmap_read_trylock include/linux/mmap_lock.h:164 [inline] stack_map_get_build_id_offset+0x535/0x6f0 kernel/bpf/stackmap.c:157 __bpf_get_stack+0x308/0xa20 kernel/bpf/stackmap.c:483 ____bpf_get_stack kernel/bpf/stackmap.c:499 [inline] bpf_get_stack+0x32/0x40 kernel/bpf/stackmap.c:496 ____bpf_get_stack_raw_tp kernel/trace/bpf_trace.c:1944 [inline] bpf_get_stack_raw_tp+0x124/0x160 kernel/trace/bpf_trace.c:1934 bpf_prog_96232d5e39b4e92f+0x4b/0x4f bpf_dispatcher_nop_func include/linux/bpf.h:1290 [inline] __bpf_prog_run include/linux/filter.h:701 [inline] bpf_prog_run include/linux/filter.h:708 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2362 [inline] bpf_trace_run2+0x231/0x590 kernel/trace/bpf_trace.c:2403 __bpf_trace_tlb_flush+0xd2/0x110 include/trace/events/tlb.h:38 trace_tlb_flush+0xf7/0x180 include/trace/events/tlb.h:38 switch_mm_irqs_off+0x395/0xb10 arch/x86/mm/tlb.c:638 context_switch kernel/sched/core.c:5353 [inline] __schedule+0xc6f/0x5ad0 kernel/sched/core.c:6756 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7078 irqentry_exit+0x36/0x90 kernel/entry/common.c:354 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:26 [inline] RIP: 0010:check_kcov_mode kernel/kcov.c:183 [inline] RIP: 0010:write_comp_data+0x11/0x90 kernel/kcov.c:246 Code: cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 49 89 d2 49 89 f8 49 89 f1 65 48 8b 15 6f cb 69 7e <65> 8b 05 70 cb 69 7e a9 00 01 ff 00 74 1d f6 c4 01 74 67 a9 00 00 RSP: 0018:ffffc90003697c08 EFLAGS: 00000286 RAX: 0000000000080000 RBX: ffffc90003697c44 RCX: ffffffff84a1024b RDX: ffff888027e98000 RSI: 0000000000000010 RDI: 0000000000000005 RBP: ffffc90003697d3c R08: 0000000000000005 R09: 0000000000000010 R10: 0000000000000001 R11: 0000000098a4b8da R12: 0000000000000001 R13: dffffc0000000000 R14: ffffc90003697d38 R15: ffffc90003697d9c chacha_block_generic+0x17b/0x270 lib/crypto/chacha.c:85 chacha20_block include/crypto/chacha.h:36 [inline] get_random_bytes_user+0x156/0x3c0 drivers/char/random.c:468 __do_sys_getrandom drivers/char/random.c:1414 [inline] __se_sys_getrandom drivers/char/random.c:1388 [inline] __x64_sys_getrandom+0x184/0x290 drivers/char/random.c:1388 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f9e86985d29 Code: Unable to access opcode bytes at 0x7f9e86985cff. RSP: 002b:00007f9e876fa038 EFLAGS: 00000246 ORIG_RAX: 000000000000013e RAX: ffffffffffffffda RBX: 00007f9e86b75fa0 RCX: 00007f9e86985d29 RDX: 0000000000000000 RSI: 00000000ffffff9a RDI: 0000000020000240 RBP: 00007f9e86a01b08 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000001 R14: 00007f9e86b75fa0 R15: 00007ffd7b88cc48 ---------------- Code disassembly (best guess): 0: cc int3 1: cc int3 2: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 9: 90 nop a: 90 nop b: 90 nop c: 90 nop d: 90 nop e: 90 nop f: 90 nop 10: 90 nop 11: 90 nop 12: 90 nop 13: 90 nop 14: 90 nop 15: 90 nop 16: 90 nop 17: 90 nop 18: 90 nop 19: 49 89 d2 mov %rdx,%r10 1c: 49 89 f8 mov %rdi,%r8 1f: 49 89 f1 mov %rsi,%r9 22: 65 48 8b 15 6f cb 69 mov %gs:0x7e69cb6f(%rip),%rdx # 0x7e69cb99 29: 7e * 2a: 65 8b 05 70 cb 69 7e mov %gs:0x7e69cb70(%rip),%eax # 0x7e69cba1 <-- trapping instruction 31: a9 00 01 ff 00 test $0xff0100,%eax 36: 74 1d je 0x55 38: f6 c4 01 test $0x1,%ah 3b: 74 67 je 0xa4 3d: a9 .byte 0xa9