syzbot

============================================
WARNING: possible recursive locking detected
5.15.158-syzkaller #0 Not tainted
--------------------------------------------
syz-executor227/3500 is trying to acquire lock:
ffff88807ece21c0 (&stab->lock){+.-.}-{2:2}, at: __sock_map_delete net/core/sock_map.c:419 [inline]
ffff88807ece21c0 (&stab->lock){+.-.}-{2:2}, at: sock_map_delete_elem+0x161/0x230 net/core/sock_map.c:451

but task is already holding lock:
ffff88807ece25c0 (&stab->lock){+.-.}-{2:2}, at: sock_map_update_common+0x1b6/0x5b0 net/core/sock_map.c:495

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&stab->lock);
  lock(&stab->lock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

5 locks held by syz-executor227/3500:
 #0: ffff888078589920 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1668 [inline]
 #0: ffff888078589920 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: sock_map_sk_acquire net/core/sock_map.c:119 [inline]
 #0: ffff888078589920 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: sock_map_update_elem_sys+0x1c8/0x770 net/core/sock_map.c:584
 #1: ffffffff8c91fae0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311
 #2: ffff88807ece25c0 (&stab->lock){+.-.}-{2:2}, at: sock_map_update_common+0x1b6/0x5b0 net/core/sock_map.c:495
 #3: ffff888146afd290 (&psock->link_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:368 [inline]
 #3: ffff888146afd290 (&psock->link_lock){+...}-{2:2}, at: sock_map_del_link net/core/sock_map.c:147 [inline]
 #3: ffff888146afd290 (&psock->link_lock){+...}-{2:2}, at: sock_map_unref+0xcc/0x5d0 net/core/sock_map.c:182
 #4: ffffffff8c91fae0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311

stack backtrace:
CPU: 0 PID: 3500 Comm: syz-executor227 Not tainted 5.15.158-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2d0 lib/dump_stack.c:106
 print_deadlock_bug kernel/locking/lockdep.c:2946 [inline]
 check_deadlock kernel/locking/lockdep.c:2989 [inline]
 validate_chain+0x46d2/0x5930 kernel/locking/lockdep.c:3775
 __lock_acquire+0x1295/0x1ff0 kernel/locking/lockdep.c:5012
 lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
 _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:178
 __sock_map_delete net/core/sock_map.c:419 [inline]
 sock_map_delete_elem+0x161/0x230 net/core/sock_map.c:451
 bpf_prog_bd09fd94307bc10c+0x63/0x108
 bpf_dispatcher_nop_func include/linux/bpf.h:790 [inline]
 __bpf_prog_run include/linux/filter.h:628 [inline]
 bpf_prog_run include/linux/filter.h:635 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:1880 [inline]
 bpf_trace_run2+0x19e/0x340 kernel/trace/bpf_trace.c:1917
 __bpf_trace_kfree+0x6e/0x90 include/trace/events/kmem.h:118
 trace_kfree include/trace/events/kmem.h:118 [inline]
 kfree+0x22f/0x270 mm/slub.c:4549
 sk_psock_free_link include/linux/skmsg.h:422 [inline]
 sock_map_del_link net/core/sock_map.c:160 [inline]
 sock_map_unref+0x3ac/0x5d0 net/core/sock_map.c:182
 sock_map_update_common+0x4ec/0x5b0 net/core/sock_map.c:508
 sock_map_update_elem_sys+0x440/0x770 net/core/sock_map.c:588
 map_update_elem+0x6a0/0x7c0 kernel/bpf/syscall.c:1185
 __sys_bpf+0x2fd/0x670 kernel/bpf/syscall.c:4639
 __do_sys_bpf kernel/bpf/syscall.c:4755 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:4753 [inline]
 __x64_sys_bpf+0x78/0x90 kernel/bpf/syscall.c:4753
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f5faba378e9
Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b