================================
WARNING: inconsistent lock state
syzkaller #0 Not tainted
--------------------------------
inconsistent {INITIAL USE} -> {IN-NMI} usage.
syz.0.17/5834 [HC1[1]:SC0[0]:HE0:SE1] takes:
ffffe8fee467bfb0 (&loc_l->lock){....}-{2:2}, at: bpf_common_lru_push_free kernel/bpf/bpf_lru_list.c:514 [inline]
ffffe8fee467bfb0 (&loc_l->lock){....}-{2:2}, at: bpf_lru_push_free+0x33b/0xbb0 kernel/bpf/bpf_lru_list.c:553
{INITIAL USE} state was registered at:
  lock_acquire+0x106/0x350 kernel/locking/lockdep.c:5868
  __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:132 [inline]
  _raw_spin_lock_irqsave+0x40/0x60 kernel/locking/spinlock.c:166
  bpf_common_lru_pop_free kernel/bpf/bpf_lru_list.c:440 [inline]
  bpf_lru_pop_free+0x1a1/0x1ca0 kernel/bpf/bpf_lru_list.c:496
  prealloc_lru_pop kernel/bpf/hashtab.c:301 [inline]
  htab_lru_map_update_elem+0x122/0x870 kernel/bpf/hashtab.c:1307
  bpf_map_update_value+0x750/0x920 kernel/bpf/syscall.c:297
  generic_map_update_batch+0x6ea/0x990 kernel/bpf/syscall.c:2071
  bpf_map_do_batch+0x39b/0x630 kernel/bpf/syscall.c:5740
  __sys_bpf+0xbe5/0xd90 kernel/bpf/syscall.c:-1
  __do_sys_bpf kernel/bpf/syscall.c:6441 [inline]
  __se_sys_bpf kernel/bpf/syscall.c:6438 [inline]
  __x64_sys_bpf+0xba/0xd0 kernel/bpf/syscall.c:6438
  do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
  do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
  entry_SYSCALL_64_after_hwframe+0x77/0x7f
irq event stamp: 3142
hardirqs last  enabled at (3141): [<ffffffff8bac0000>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:178 [inline]
hardirqs last  enabled at (3141): [<ffffffff8bac0000>] _raw_spin_unlock_irqrestore+0x30/0x80 kernel/locking/spinlock.c:198
hardirqs last disabled at (3142): [<ffffffff8ba912d0>] exc_debug_kernel+0x60/0x140 arch/x86/kernel/traps.c:1235
softirqs last  enabled at (3136): [<ffffffff8b4a8497>] lock_sock include/net/sock.h:1713 [inline]
softirqs last  enabled at (3136): [<ffffffff8b4a8497>] tipc_sendmsg+0x47/0x70 net/tipc/socket.c:1398
softirqs last disabled at (3134): [<ffffffff8975242a>] spin_lock_bh include/linux/spinlock.h:348 [inline]
softirqs last disabled at (3134): [<ffffffff8975242a>] lock_sock_nested+0x6a/0x100 net/core/sock.c:3802

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&loc_l->lock);
  <Interrupt>
    lock(&loc_l->lock);

 *** DEADLOCK ***

1 lock held by syz.0.17/5834:
 #0: ffff88810a5f0260 (sk_lock-AF_TIPC){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1713 [inline]
 #0: ffff88810a5f0260 (sk_lock-AF_TIPC){+.+.}-{0:0}, at: tipc_sendmsg+0x47/0x70 net/tipc/socket.c:1398

stack backtrace:
CPU: 0 UID: 0 PID: 5834 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
 <#DB>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 print_usage_bug+0x28b/0x2e0 kernel/locking/lockdep.c:4042
 lock_acquire+0x1cc/0x350 kernel/locking/lockdep.c:5859
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:132 [inline]
 _raw_spin_lock_irqsave+0x40/0x60 kernel/locking/spinlock.c:166
 bpf_common_lru_push_free kernel/bpf/bpf_lru_list.c:514 [inline]
 bpf_lru_push_free+0x33b/0xbb0 kernel/bpf/bpf_lru_list.c:553
 htab_lru_push_free kernel/bpf/hashtab.c:1275 [inline]
 htab_lru_map_delete_elem+0x3d3/0x440 kernel/bpf/hashtab.c:1565
 bpf_prog_464bc2be3fc7c272+0x43/0x4b
 bpf_dispatcher_nop_func include/linux/bpf.h:1407 [inline]
 __bpf_prog_run include/linux/filter.h:723 [inline]
 bpf_prog_run include/linux/filter.h:730 [inline]
 bpf_overflow_handler kernel/events/core.c:10641 [inline]
 __perf_event_overflow+0x3b7/0xec0 kernel/events/core.c:10740
 perf_swevent_overflow kernel/events/core.c:10881 [inline]
 perf_swevent_event+0x410/0x7e0 kernel/events/core.c:-1
 perf_bp_event+0x318/0x430 kernel/events/core.c:11782
 hw_breakpoint_handler arch/x86/kernel/hw_breakpoint.c:556 [inline]
 hw_breakpoint_exceptions_notify+0x243/0x680 arch/x86/kernel/hw_breakpoint.c:587
 notifier_call_chain+0x1ad/0x3d0 kernel/notifier.c:85
 atomic_notifier_call_chain+0xda/0x180 kernel/notifier.c:223
 notify_die+0x144/0x1a0 kernel/notifier.c:588
 notify_debug+0x2e/0x50 arch/x86/kernel/traps.c:1210
 exc_debug_kernel+0xb1/0x140 arch/x86/kernel/traps.c:1272
 asm_exc_debug+0x1e/0x40 arch/x86/include/asm/idtentry.h:654
RIP: 0010:rep_movs_alternative+0x75/0x90 arch/x86/lib/copy_user_64.S:101
Code: 05 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 29 f8 48 01 c7 48 01 c6 48 29 c1 48 89 c8 48 c1 e9 03 83 e0 07 <f3> 48 a5 89 c1 85 c9 75 91 e9 bd 54 04 00 48 8d 0c c8 eb 86 cc cc
RSP: 0018:ffffc9000335f218 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff88811fafa124 RCX: 000000000000014c
RDX: 0000000000000001 RSI: 0000200000000304 RDI: ffff88811fafa3e8
RBP: ffffc9000335f370 R08: ffff88811fafae47 R09: 1ffff11023f5f5c8
R10: dffffc0000000000 R11: ffffed1023f5f5c9 R12: ffffc9000335fbb8
R13: 0000200000000040 R14: 0000000000000d24 R15: 1ffff9200066bf77
 </#DB>
 <TASK>
 copy_user_generic arch/x86/include/asm/uaccess_64.h:126 [inline]
 raw_copy_from_user arch/x86/include/asm/uaccess_64.h:141 [inline]
 copy_from_user_iter lib/iov_iter.c:67 [inline]
 iterate_ubuf include/linux/iov_iter.h:30 [inline]
 iterate_and_advance2 include/linux/iov_iter.h:302 [inline]
 iterate_and_advance include/linux/iov_iter.h:330 [inline]
 __copy_from_iter lib/iov_iter.c:261 [inline]
 _copy_from_iter+0x21b/0x1670 lib/iov_iter.c:272
 copy_from_iter include/linux/uio.h:228 [inline]
 copy_from_iter_full include/linux/uio.h:245 [inline]
 tipc_msg_build+0x87d/0xf00 net/tipc/msg.c:451
 tipc_send_group_bcast+0x7db/0xad0 net/tipc/socket.c:1125
 __tipc_sendmsg+0x33b/0x2bc0 net/tipc/socket.c:1432
 tipc_sendmsg+0x55/0x70 net/tipc/socket.c:1399
 sock_sendmsg_nosec net/socket.c:787 [inline]
 __sock_sendmsg net/socket.c:802 [inline]
 sock_write_iter+0x49b/0x4f0 net/socket.c:1254
 new_sync_write fs/read_write.c:595 [inline]
 vfs_write+0x61d/0xb90 fs/read_write.c:688
 ksys_write+0x150/0x270 fs/read_write.c:740
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa46159cdd9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa46245e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fa461815fa0 RCX: 00007fa46159cdd9
RDX: 000000000000fdef RSI: 0000200000000040 RDI: 0000000000000007
RBP: 00007fa461632d69 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa461816038 R14: 00007fa461815fa0 R15: 00007ffca7407bd8
 </TASK>
----------------
Code disassembly (best guess):
   0:	05 c3 cc cc cc       	add    $0xccccccc3,%eax
   5:	cc                   	int3
   6:	48 8b 06             	mov    (%rsi),%rax
   9:	48 89 07             	mov    %rax,(%rdi)
   c:	48 8d 47 08          	lea    0x8(%rdi),%rax
  10:	48 83 e0 f8          	and    $0xfffffffffffffff8,%rax
  14:	48 29 f8             	sub    %rdi,%rax
  17:	48 01 c7             	add    %rax,%rdi
  1a:	48 01 c6             	add    %rax,%rsi
  1d:	48 29 c1             	sub    %rax,%rcx
  20:	48 89 c8             	mov    %rcx,%rax
  23:	48 c1 e9 03          	shr    $0x3,%rcx
  27:	83 e0 07             	and    $0x7,%eax
* 2a:	f3 48 a5             	rep movsq %ds:(%rsi),%es:(%rdi) <-- trapping instruction
  2d:	89 c1                	mov    %eax,%ecx
  2f:	85 c9                	test   %ecx,%ecx
  31:	75 91                	jne    0xffffffc4
  33:	e9 bd 54 04 00       	jmp    0x454f5
  38:	48 8d 0c c8          	lea    (%rax,%rcx,8),%rcx
  3c:	eb 86                	jmp    0xffffffc4
  3e:	cc                   	int3
  3f:	cc                   	int3
