=============================
[ BUG: Invalid wait context ]
6.13.0-syzkaller-04057-g15a901361ec3 #0 Not tainted
-----------------------------
udevd/5206 is trying to lock:
ffffffff8eac25b8 (kernfs_rename_lock){....}-{3:3}, at: kernfs_path_from_node+0x92/0xb00 fs/kernfs/dir.c:229
other info that might help us debug this:
context-{5:5}
3 locks held by udevd/5206:
 #0: ffff8880b863e8d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:598
 #1: ffffffff8e93a3e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #1: ffffffff8e93a3e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #1: ffffffff8e93a3e0 (rcu_read_lock){....}-{1:3}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2362 [inline]
 #1: ffffffff8e93a3e0 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run2+0x1fc/0x540 kernel/trace/bpf_trace.c:2404
 #2: ffff88806a525be0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_trylock include/linux/mmap_lock.h:209 [inline]
 #2: ffff88806a525be0 (&mm->mmap_lock){++++}-{4:4}, at: stack_map_get_build_id_offset+0x431/0x870 kernel/bpf/stackmap.c:157
stack backtrace:
CPU: 0 UID: 0 PID: 5206 Comm: udevd Not tainted 6.13.0-syzkaller-04057-g15a901361ec3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4828 [inline]
 check_wait_context kernel/locking/lockdep.c:4900 [inline]
 __lock_acquire+0x15a8/0x2100 kernel/locking/lockdep.c:5178
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
 _raw_read_lock_irqsave+0xdd/0x130 kernel/locking/spinlock.c:236
 kernfs_path_from_node+0x92/0xb00 fs/kernfs/dir.c:229
 kernfs_path include/linux/kernfs.h:598 [inline]
 cgroup_path include/linux/cgroup.h:599 [inline]
 get_mm_memcg_path+0x95/0x350 mm/mmap_lock.c:59
 __mmap_lock_do_trace_acquire_returned+0xfc/0x300 mm/mmap_lock.c:79
 __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline]
 mmap_read_trylock include/linux/mmap_lock.h:210 [inline]
 stack_map_get_build_id_offset+0x84d/0x870 kernel/bpf/stackmap.c:157
 __bpf_get_stack+0x8da/0xad0 kernel/bpf/stackmap.c:483
 ____bpf_get_stack kernel/bpf/stackmap.c:499 [inline]
 bpf_get_stack+0x33/0x50 kernel/bpf/stackmap.c:496
 ____bpf_get_stack_raw_tp kernel/trace/bpf_trace.c:1945 [inline]
 bpf_get_stack_raw_tp+0x1a3/0x240 kernel/trace/bpf_trace.c:1935
 bpf_prog_ec3b2eefa702d8d3+0x43/0x47
 bpf_dispatcher_nop_func include/linux/bpf.h:1290 [inline]
 __bpf_prog_run include/linux/filter.h:701 [inline]
 bpf_prog_run include/linux/filter.h:708 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2363 [inline]
 bpf_trace_run2+0x2ec/0x540 kernel/trace/bpf_trace.c:2404
 trace_tlb_flush+0x11c/0x140 include/trace/events/tlb.h:38
 switch_mm_irqs_off+0x77a/0xa70
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x10f2/0x4be0 kernel/sched/core.c:6760
 preempt_schedule_irq+0xfb/0x1c0 kernel/sched/core.c:7082
 irqentry_exit+0x5e/0x90 kernel/entry/common.c:354
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:syscall_enter_from_user_mode_work include/linux/entry-common.h:168 [inline]
RIP: 0010:syscall_enter_from_user_mode include/linux/entry-common.h:199 [inline]
RIP: 0010:do_syscall_64+0xbc/0x230 arch/x86/entry/common.c:79
Code: ed 00 00 00 48 8b 7d 08 e8 31 65 00 00 0f 1f 44 00 00 0f 1f 44 00 00 90 e8 91 a9 d3 f5 90 90 e8 3a a9 d3 f5 fb 49 8b 54 24 08 <f6> c2 3f 74 0e 4c 89 f7 4c 89 fe e8 a4 ad b5 f5 49 89 c7 90 90 41
RSP: 0018:ffffc90003d67f10 EFLAGS: 00000282
RAX: 1ff7cb46b6e9bc00 RBX: ffffc90003d67f10 RCX: ffffffff9a3fc903
RDX: 0000000000000000 RSI: ffffffff8c0a9420 RDI: ffffffff8c6014a0
RBP: ffffc90003d67f48 R08: ffffffff901ba4b7 R09: 1ffffffff2037496
R10: dffffc0000000000 R11: fffffbfff2037497 R12: ffff88807dc55a00
R13: 0000000000000000 R14: ffffc90003d67f58 R15: 0000000000000000
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd5af116b6a
Code: Unable to access opcode bytes at 0x7fd5af116b40.
RSP: 002b:00007ffe84c6d058 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 00005575318727d0 RCX: 00007fd5af116b6a
RDX: 0000000000001000 RSI: 000055753186d730 RDI: 000000000000000c
RBP: 00005575318727d0 R08: 000000000000000c R09: 0000000000000000
R10: 0000000000000010 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000003fff R14: 00007ffe84c6d538 R15: 000000000000000a
 </TASK>
----------------
Code disassembly (best guess):
   0:	ed                   	in     (%dx),%eax
   1:	00 00                	add    %al,(%rax)
   3:	00 48 8b             	add    %cl,-0x75(%rax)
   6:	7d 08                	jge    0x10
   8:	e8 31 65 00 00       	call   0x653e
   d:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  12:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  17:	90                   	nop
  18:	e8 91 a9 d3 f5       	call   0xf5d3a9ae
  1d:	90                   	nop
  1e:	90                   	nop
  1f:	e8 3a a9 d3 f5       	call   0xf5d3a95e
  24:	fb                   	sti
  25:	49 8b 54 24 08       	mov    0x8(%r12),%rdx
* 2a:	f6 c2 3f             	test   $0x3f,%dl <-- trapping instruction
  2d:	74 0e                	je     0x3d
  2f:	4c 89 f7             	mov    %r14,%rdi
  32:	4c 89 fe             	mov    %r15,%rsi
  35:	e8 a4 ad b5 f5       	call   0xf5b5adde
  3a:	49 89 c7             	mov    %rax,%r15
  3d:	90                   	nop
  3e:	90                   	nop
  3f:	41                   	rex.B