================================
WARNING: inconsistent lock state
6.9.0-rc1-syzkaller #0 Not tainted
--------------------------------
inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
syz-executor.2/3102 [HC1[1]:SC0[0]:HE0:SE1] takes:
ffff888237c2c0f8 (lock#7){?.+.}-{2:2}, at: local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
ffff888237c2c0f8 (lock#7){?.+.}-{2:2}, at: __mmap_lock_do_trace_acquire_returned+0x3e/0x200 mm/mmap_lock.c:237
{HARDIRQ-ON-W} state was registered at:
  lock_acquire+0xeb/0x270 kernel/locking/lockdep.c:5754
  local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
  __mmap_lock_do_trace_acquire_returned+0x56/0x200 mm/mmap_lock.c:237
  __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline]
  mmap_write_lock_killable include/linux/mmap_lock.h:125 [inline]
  do_mprotect_pkey+0x586/0x5c0 mm/mprotect.c:711
  __do_sys_mprotect mm/mprotect.c:830 [inline]
  __se_sys_mprotect mm/mprotect.c:827 [inline]
  __x64_sys_mprotect+0x1d/0x30 mm/mprotect.c:827
  do_syscall_64+0xa8/0x1c0
  entry_SYSCALL_64_after_hwframe+0x6d/0x75
irq event stamp: 76148
hardirqs last  enabled at (76147): [<ffffffff8146b2a3>] consume_obj_stock mm/memcontrol.c:3439 [inline]
hardirqs last  enabled at (76147): [<ffffffff8146b2a3>] obj_cgroup_charge+0x123/0x250 mm/memcontrol.c:3561
hardirqs last disabled at (76148): [<ffffffff825d9b3e>] sysvec_call_function_single+0xe/0xc0 arch/x86/kernel/smp.c:266
softirqs last  enabled at (76094): [<ffffffff8234bde7>] tcp_close+0x27/0x70 net/ipv4/tcp.c:2933
softirqs last disabled at (76092): [<ffffffff8221ce69>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (76092): [<ffffffff8221ce69>] release_sock+0x19/0xb0 net/core/sock.c:3548

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(lock#7);
  <Interrupt>
    lock(lock#7);

 *** DEADLOCK ***

3 locks held by syz-executor.2/3102:
 #0: ffffffff8338aad8 (rcu_node_0){-.-.}-{2:2}, at: rcu_report_exp_cpu_mult+0x1a/0xe0 kernel/rcu/tree_exp.h:238
 #1: ffffffff83389f50 (rcu_read_lock){....}-{1:2}, at: trace_call_bpf+0x4b/0x3d0
 #2: ffff888111635060 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:165 [inline]
 #2: ffff888111635060 (&mm->mmap_lock){++++}-{3:3}, at: stack_map_get_build_id_offset+0xb5/0x360 kernel/bpf/stackmap.c:141

stack backtrace:
CPU: 0 PID: 3102 Comm: syz-executor.2 Not tainted 6.9.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xa3/0x100 lib/dump_stack.c:114
 mark_lock_irq+0x49a/0x500
 mark_lock+0xe9/0x150 kernel/locking/lockdep.c:4678
 mark_usage kernel/locking/lockdep.c:4564 [inline]
 __lock_acquire+0x49d/0x2490 kernel/locking/lockdep.c:5091
 lock_acquire+0xeb/0x270 kernel/locking/lockdep.c:5754
 local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
 __mmap_lock_do_trace_acquire_returned+0x56/0x200 mm/mmap_lock.c:237
 __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline]
 mmap_read_trylock include/linux/mmap_lock.h:166 [inline]
 stack_map_get_build_id_offset+0x252/0x360 kernel/bpf/stackmap.c:141
 __bpf_get_stack+0x1d7/0x240 kernel/bpf/stackmap.c:449
 ___bpf_prog_run+0x5f6/0x2280 kernel/bpf/core.c:1997
 __bpf_prog_run32+0xbb/0xe0 kernel/bpf/core.c:2236
 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]
 __bpf_prog_run include/linux/filter.h:657 [inline]
 bpf_prog_run include/linux/filter.h:664 [inline]
 bpf_prog_run_array include/linux/bpf.h:2073 [inline]
 trace_call_bpf+0x164/0x3d0 kernel/trace/bpf_trace.c:147
 perf_trace_run_bpf_submit+0x3b/0xa0 kernel/events/core.c:10161
 perf_trace_contention_end+0xbf/0xf0 include/trace/events/lock.h:122
 trace_contention_end include/trace/events/lock.h:122 [inline]
 __pv_queued_spin_lock_slowpath+0x47c/0x4a0 kernel/locking/qspinlock.c:560
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:584 [inline]
 queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline]
 queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
 do_raw_spin_lock+0x9e/0xb0 kernel/locking/spinlock_debug.c:116
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:111 [inline]
 _raw_spin_lock_irqsave+0x6d/0xa0 kernel/locking/spinlock.c:162
 rcu_report_exp_cpu_mult+0x1a/0xe0 kernel/rcu/tree_exp.h:238
 csd_do_func kernel/smp.c:133 [inline]
 __flush_smp_call_function_queue+0x2ee/0x5d0 kernel/smp.c:542
 __sysvec_call_function_single+0x2f/0xf0 arch/x86/kernel/smp.c:271
 instr_sysvec_call_function_single arch/x86/kernel/smp.c:266 [inline]
 sysvec_call_function_single+0x9e/0xc0 arch/x86/kernel/smp.c:266
 </IRQ>
 <TASK>
 asm_sysvec_call_function_single+0x1a/0x20 arch/x86/include/asm/idtentry.h:709
RIP: 0010:obj_cgroup_charge+0x14c/0x250 mm/memcontrol.c:3561
Code: ff 48 c7 44 24 10 00 00 00 00 9c 8f 44 24 10 f7 44 24 10 00 02 00 00 0f 85 cf 00 00 00 41 f7 c5 00 02 00 00 74 01 fb 45 31 ed <45> 84 ff 4c 8b 7c 24 08 0f 85 8e 00 00 00 49 89 ee 4c 89 f8 48 c1
RSP: 0018:ffffc9000554fd28 EFLAGS: 00000246
RAX: 279848b651c42d00 RBX: ffff888237c2c848 RCX: 00000000fffffe00
RDX: 000000004b4706dd RSI: ffffffff83001494 RDI: ffffffff82f29c90
RBP: ffff88811a6840c0 R08: 0000000000000001 R09: ffff8881127a5340
R10: 0000000000000000 R11: ffffffff8221bb90 R12: ffffffff8146b1e9
R13: 0000000000000000 R14: ffff8881127a5340 R15: 0000000000000000
 __memcg_slab_pre_alloc_hook+0x28d/0x2b0 mm/slub.c:1919
 memcg_slab_pre_alloc_hook mm/slub.c:1940 [inline]
 slab_pre_alloc_hook mm/slub.c:3751 [inline]
 slab_alloc_node mm/slub.c:3827 [inline]
 kmem_cache_alloc_lru+0x1d2/0x370 mm/slub.c:3864
 alloc_inode_sb include/linux/fs.h:3089 [inline]
 sock_alloc_inode+0x20/0xa0 net/socket.c:308
 alloc_inode+0x1a/0xb0 fs/inode.c:261
 new_inode_pseudo+0xc/0x50 fs/inode.c:1007
 sock_alloc net/socket.c:634 [inline]
 __sock_create+0x90/0x420 net/socket.c:1535
 sock_create net/socket.c:1622 [inline]
 __sys_socket_create net/socket.c:1659 [inline]
 __sys_socket+0x64/0x170 net/socket.c:1706
 __do_sys_socket net/socket.c:1720 [inline]
 __se_sys_socket net/socket.c:1718 [inline]
 __x64_sys_socket+0x14/0x20 net/socket.c:1718
 do_syscall_64+0xa8/0x1c0
 entry_SYSCALL_64_after_hwframe+0x6d/0x75
RIP: 0033:0x7f240e629c27
Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff55290a08 EFLAGS: 00000202 ORIG_RAX: 0000000000000029
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f240e629c27
RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000002
RBP: 00007fff5529114c R08: 000000000000000a R09: 00007fff55290e47
R10: 0000000000000000 R11: 0000000000000202 R12: 00007f240e72fd00
R13: 000000000000d06d R14: 000000000000d043 R15: 00007f240e731ec0
 </TASK>
----------------
Code disassembly (best guess):
   0:	ff 48 c7             	decl   -0x39(%rax)
   3:	44 24 10             	rex.R and $0x10,%al
   6:	00 00                	add    %al,(%rax)
   8:	00 00                	add    %al,(%rax)
   a:	9c                   	pushf
   b:	8f 44 24 10          	pop    0x10(%rsp)
   f:	f7 44 24 10 00 02 00 	testl  $0x200,0x10(%rsp)
  16:	00
  17:	0f 85 cf 00 00 00    	jne    0xec
  1d:	41 f7 c5 00 02 00 00 	test   $0x200,%r13d
  24:	74 01                	je     0x27
  26:	fb                   	sti
  27:	45 31 ed             	xor    %r13d,%r13d
* 2a:	45 84 ff             	test   %r15b,%r15b <-- trapping instruction
  2d:	4c 8b 7c 24 08       	mov    0x8(%rsp),%r15
  32:	0f 85 8e 00 00 00    	jne    0xc6
  38:	49 89 ee             	mov    %rbp,%r14
  3b:	4c 89 f8             	mov    %r15,%rax
  3e:	48                   	rex.W
  3f:	c1                   	.byte 0xc1