================================
WARNING: inconsistent lock state
6.10.0-rc2-syzkaller-00242-g36534d3c5453 #0 Not tainted
--------------------------------
inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
syz-executor.2/11903 [HC1[1]:SC0[0]:HE0:SE1] takes:
ffff8880b9438828 (lock#10){?.+.}-{2:2}, at: local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
ffff8880b9438828 (lock#10){?.+.}-{2:2}, at: __mmap_lock_do_trace_acquire_returned+0x8f/0x630 mm/mmap_lock.c:237
{HARDIRQ-ON-W} state was registered at:
  lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
  local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
  __mmap_lock_do_trace_acquire_returned+0xa8/0x630 mm/mmap_lock.c:237
  __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline]
  mmap_read_trylock include/linux/mmap_lock.h:164 [inline]
  get_mmap_lock_carefully mm/memory.c:5715 [inline]
  lock_mm_and_find_vma+0x213/0x2f0 mm/memory.c:5775
  do_user_addr_fault arch/x86/mm/fault.c:1361 [inline]
  handle_page_fault arch/x86/mm/fault.c:1481 [inline]
  exc_page_fault+0x1bf/0x8c0 arch/x86/mm/fault.c:1539
  asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
  rep_stos_alternative+0x40/0x80 arch/x86/lib/clear_page_64.S:92
  __clear_user arch/x86/include/asm/uaccess_64.h:172 [inline]
  copy_fpstate_to_sigframe+0x14a/0xd90 arch/x86/kernel/fpu/signal.c:216
  get_sigframe+0x55d/0x700 arch/x86/kernel/signal.c:142
  x64_setup_rt_frame+0x180/0xcc0 arch/x86/kernel/signal_64.c:175
  setup_rt_frame arch/x86/kernel/signal.c:223 [inline]
  handle_signal arch/x86/kernel/signal.c:267 [inline]
  arch_do_signal_or_restart+0x458/0x860 arch/x86/kernel/signal.c:312
  exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
  exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
  __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
  syscall_exit_to_user_mode+0xc9/0x370 kernel/entry/common.c:218
  do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
  entry_SYSCALL_64_after_hwframe+0x77/0x7f
irq event stamp: 5374
hardirqs last  enabled at (5373): [<ffffffff8b869773>] irqentry_exit+0x63/0x90 kernel/entry/common.c:357
hardirqs last disabled at (5374): [<ffffffff8b86733e>] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1043
softirqs last  enabled at (5198): [<ffffffff8a2f55c2>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last  enabled at (5198): [<ffffffff8a2f55c2>] fib6_run_gc+0x6e2/0x7e0 net/ipv6/ip6_fib.c:2394
softirqs last disabled at (5176): [<ffffffff8a2f4f9d>] spin_trylock_bh include/linux/spinlock.h:411 [inline]
softirqs last disabled at (5176): [<ffffffff8a2f4f9d>] fib6_run_gc+0xbd/0x7e0 net/ipv6/ip6_fib.c:2376

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(lock#10);
  <Interrupt>
    lock(lock#10);

 *** DEADLOCK ***

7 locks held by syz-executor.2/11903:
 #0: ffffffff947f5e30 (&pmus_srcu){.+.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:116 [inline]
 #0: ffffffff947f5e30 (&pmus_srcu){.+.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:215 [inline]
 #0: ffffffff947f5e30 (&pmus_srcu){.+.+}-{0:0}, at: perf_init_event kernel/events/core.c:11715 [inline]
 #0: ffffffff947f5e30 (&pmus_srcu){.+.+}-{0:0}, at: perf_event_alloc+0xc7d/0x20a0 kernel/events/core.c:12033
 #1: ffffffff8e38eba8 (event_mutex){+.+.}-{3:3}, at: perf_trace_init+0x53/0x2e0 kernel/trace/trace_event_perf.c:221
 #2: ffffffff8e3809e8 (tracepoints_mutex){+.+.}-{3:3}, at: tracepoint_probe_register_prio kernel/tracepoint.c:507 [inline]
 #2: ffffffff8e3809e8 (tracepoints_mutex){+.+.}-{3:3}, at: tracepoint_probe_register+0xb6/0x160 kernel/tracepoint.c:531
 #3: ffffffff8e00a058 (tasklist_lock){.+.+}-{2:2}, at: syscall_regfunc+0x3c/0x190 kernel/tracepoint.c:763
 #4: ffffffff8e34e0c8 (tk_core.seq.seqcount){----}-{0:0}, at: timekeeping_debug_get_ns kernel/time/timekeeping.c:256 [inline]
 #4: ffffffff8e34e0c8 (tk_core.seq.seqcount){----}-{0:0}, at: timekeeping_get_ns+0x5c/0x420 kernel/time/timekeeping.c:401
 #5: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: trace_call_bpf+0xbc/0x8a0
 #6: ffff888023874418 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:163 [inline]
 #6: ffff888023874418 (&mm->mmap_lock){++++}-{3:3}, at: stack_map_get_build_id_offset+0x237/0x9d0 kernel/bpf/stackmap.c:141

stack backtrace:
CPU: 0 PID: 11903 Comm: syz-executor.2 Not tainted 6.10.0-rc2-syzkaller-00242-g36534d3c5453 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
 valid_state+0x13a/0x1c0 kernel/locking/lockdep.c:4013
 mark_lock_irq+0xbb/0xc20 kernel/locking/lockdep.c:4216
 mark_lock+0x223/0x350 kernel/locking/lockdep.c:4678
 mark_usage kernel/locking/lockdep.c:4564 [inline]
 __lock_acquire+0xb8e/0x1fd0 kernel/locking/lockdep.c:5091
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
 local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
 __mmap_lock_do_trace_acquire_returned+0xa8/0x630 mm/mmap_lock.c:237
 __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline]
 mmap_read_trylock include/linux/mmap_lock.h:164 [inline]
 stack_map_get_build_id_offset+0x9af/0x9d0 kernel/bpf/stackmap.c:141
 __bpf_get_stack+0x4ad/0x5a0 kernel/bpf/stackmap.c:449
 bpf_prog_e6cf5f9c69743609+0x42/0x46
 bpf_dispatcher_nop_func include/linux/bpf.h:1243 [inline]
 __bpf_prog_run include/linux/filter.h:691 [inline]
 bpf_prog_run include/linux/filter.h:698 [inline]
 bpf_prog_run_array include/linux/bpf.h:2103 [inline]
 trace_call_bpf+0x369/0x8a0 kernel/trace/bpf_trace.c:147
 perf_trace_run_bpf_submit+0x7c/0x1d0 kernel/events/core.c:10269
 perf_trace_lock+0x388/0x490 include/trace/events/lock.h:50
 trace_lock_release include/trace/events/lock.h:69 [inline]
 lock_release+0x986/0x9f0 kernel/locking/lockdep.c:5765
 seqcount_lockdep_reader_access+0x10f/0x220 include/linux/seqlock.h:71
 timekeeping_debug_get_ns kernel/time/timekeeping.c:256 [inline]
 timekeeping_get_ns+0x5c/0x420 kernel/time/timekeeping.c:401
 ktime_get+0x89/0xb0 kernel/time/timekeeping.c:850
 hrtimer_forward_now include/linux/hrtimer.h:355 [inline]
 perf_swevent_hrtimer+0x464/0x560 kernel/events/core.c:11084
 __run_hrtimer kernel/time/hrtimer.c:1687 [inline]
 __hrtimer_run_queues+0x551/0xd50 kernel/time/hrtimer.c:1751
 hrtimer_interrupt+0x396/0x990 kernel/time/hrtimer.c:1813
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline]
 __sysvec_apic_timer_interrupt+0x110/0x3f0 arch/x86/kernel/apic/apic.c:1049
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1043
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:syscall_regfunc+0xb3/0x190
Code: 4c 89 fd 48 c1 ed 03 42 80 7c 2d 00 00 74 08 4c 89 ff e8 50 dc 63 00 4d 8b 27 49 83 c4 10 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 <74> 08 4c 89 e7 e8 33 dc 63 00 49 8b 1c 24 4c 39 e3 74 5c 48 8d bb
RSP: 0018:ffffc9000322f948 EFLAGS: 00000246
RAX: 1ffff1100497543a RBX: ffff888023acca50 RCX: 0000000000040000
RDX: ffffc9000acbe000 RSI: 00000000000024f4 RDI: 00000000000024f5
RBP: 1ffff11004a048a2 R08: ffff888023d9bc0f R09: 1ffff110047b3781
R10: dffffc0000000000 R11: ffffed10047b3782 R12: ffff888024baa1d0
R13: dffffc0000000000 R14: ffff8880250240f8 R15: ffff888025024510
 tracepoint_add_func+0x95/0x9e0 kernel/tracepoint.c:331
 tracepoint_probe_register_prio kernel/tracepoint.c:511 [inline]
 tracepoint_probe_register+0x105/0x160 kernel/tracepoint.c:531
 perf_trace_event_reg kernel/trace/trace_event_perf.c:129 [inline]
 perf_trace_event_init+0x478/0x930 kernel/trace/trace_event_perf.c:202
 perf_trace_init+0x243/0x2e0 kernel/trace/trace_event_perf.c:226
 perf_tp_event_init+0x8d/0x110 kernel/events/core.c:10210
 perf_try_init_event+0x139/0x3f0 kernel/events/core.c:11685
 perf_init_event kernel/events/core.c:11755 [inline]
 perf_event_alloc+0x1018/0x20a0 kernel/events/core.c:12033
 __do_sys_perf_event_open kernel/events/core.c:12540 [inline]
 __se_sys_perf_event_open+0xb43/0x38d0 kernel/events/core.c:12431
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5e7fc7d0a9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f5e809e40c8 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: ffffffffffffffda RBX: 00007f5e7fdb3f80 RCX: 00007f5e7fc7d0a9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200000c0
RBP: 00007f5e7fcec074 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f5e7fdb3f80 R15: 00007ffff2902658
 </TASK>
----------------
Code disassembly (best guess):
   0:	4c 89 fd             	mov    %r15,%rbp
   3:	48 c1 ed 03          	shr    $0x3,%rbp
   7:	42 80 7c 2d 00 00    	cmpb   $0x0,0x0(%rbp,%r13,1)
   d:	74 08                	je     0x17
   f:	4c 89 ff             	mov    %r15,%rdi
  12:	e8 50 dc 63 00       	call   0x63dc67
  17:	4d 8b 27             	mov    (%r15),%r12
  1a:	49 83 c4 10          	add    $0x10,%r12
  1e:	4c 89 e0             	mov    %r12,%rax
  21:	48 c1 e8 03          	shr    $0x3,%rax
  25:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1)
* 2a:	74 08                	je     0x34 <-- trapping instruction
  2c:	4c 89 e7             	mov    %r12,%rdi
  2f:	e8 33 dc 63 00       	call   0x63dc67
  34:	49 8b 1c 24          	mov    (%r12),%rbx
  38:	4c 39 e3             	cmp    %r12,%rbx
  3b:	74 5c                	je     0x99
  3d:	48                   	rex.W
  3e:	8d                   	.byte 0x8d
  3f:	bb                   	.byte 0xbb