program: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) mount(0x0, 0x0, &(0x7f0000000200)='debugfs\x00', 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='mm_page_alloc\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0}, &(0x7f0000000040), &(0x7f0000000140)}, 0x20) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fsetxattr$system_posix_acl(r2, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="02000000"], 0xfe44, 0x0) [ 59.195490][ T5323] [ 59.197711][ T5323] ============================================ [ 59.202304][ T5323] WARNING: possible recursive locking detected [ 59.205156][ T5323] 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0 Not tainted [ 59.207551][ T5323] -------------------------------------------- [ 59.209842][ T5323] syz.0.0/5323 is trying to acquire lock: [ 59.212067][ T5323] ffff88804ffbe200 (&trie->lock){....}-{2:2}, at: trie_delete_elem+0x96/0x6a0 [ 59.215523][ T5323] [ 59.215523][ T5323] but task is already holding lock: [ 59.218292][ T5323] ffff88804ffbe200 (&trie->lock){....}-{2:2}, at: trie_update_elem+0xc8/0xc00 [ 59.221578][ T5323] [ 59.221578][ T5323] other info that might help us debug this: [ 59.224488][ T5323] Possible unsafe locking scenario: [ 59.224488][ T5323] [ 59.227186][ T5323] CPU0 [ 59.228486][ T5323] ---- [ 59.229814][ T5323] lock(&trie->lock); [ 59.231367][ T5323] lock(&trie->lock); [ 59.232822][ T5323] [ 59.232822][ T5323] *** DEADLOCK *** [ 59.232822][ T5323] [ 59.235526][ T5323] May be due to missing lock nesting notation [ 59.235526][ T5323] [ 59.238372][ T5323] 3 locks held by syz.0.0/5323: [ 59.240181][ T5323] #0: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: bpf_map_update_value+0x3c4/0x540 [ 59.243804][ T5323] #1: ffff88804ffbe200 (&trie->lock){....}-{2:2}, at: trie_update_elem+0xc8/0xc00 [ 59.247198][ T5323] #2: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run4+0x244/0x590 [ 59.250890][ T5323] [ 59.250890][ T5323] stack backtrace: [ 59.253066][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0 [ 59.256704][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 59.260549][ T5323] Call Trace: [ 59.261807][ T5323] [ 59.262923][ T5323] dump_stack_lvl+0x241/0x360 [ 59.264720][ T5323] ? __pfx_dump_stack_lvl+0x10/0x10 [ 59.266602][ T5323] ? __pfx__printk+0x10/0x10 [ 59.268351][ T5323] ? lockdep_unlock+0x16a/0x300 [ 59.270194][ T5323] print_deadlock_bug+0x483/0x620 [ 59.272085][ T5323] validate_chain+0x15e2/0x5920 [ 59.273946][ T5323] ? __lock_acquire+0x1384/0x2050 [ 59.275902][ T5323] ? mark_lock+0x9a/0x360 [ 59.277456][ T5323] ? __pfx_validate_chain+0x10/0x10 [ 59.279304][ T5323] ? __lock_acquire+0x1384/0x2050 [ 59.281120][ T5323] ? __pfx_validate_chain+0x10/0x10 [ 59.282907][ T5323] ? mark_lock+0x9a/0x360 [ 59.284420][ T5323] __lock_acquire+0x1384/0x2050 [ 59.286123][ T5323] lock_acquire+0x1ed/0x550 [ 59.287711][ T5323] ? trie_delete_elem+0x96/0x6a0 [ 59.289518][ T5323] ? __pfx_lock_acquire+0x10/0x10 [ 59.291374][ T5323] ? __lock_acquire+0x1384/0x2050 [ 59.293278][ T5323] _raw_spin_lock_irqsave+0xd5/0x120 [ 59.295136][ T5323] ? trie_delete_elem+0x96/0x6a0 [ 59.296854][ T5323] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 59.298978][ T5323] ? __pfx_lock_acquire+0x10/0x10 [ 59.300891][ T5323] trie_delete_elem+0x96/0x6a0 [ 59.302755][ T5323] ? __pfx___cant_migrate+0x10/0x10 [ 59.304797][ T5323] ? __alloc_pages_slowpath+0x414/0x1020 [ 59.306954][ T5323] ? bpf_trace_run4+0x244/0x590 [ 59.308857][ T5323] bpf_prog_fdee3c9a1e8a2a6e+0x46/0x4a [ 59.310938][ T5323] bpf_trace_run4+0x334/0x590 [ 59.312650][ T5323] ? __pfx_bpf_trace_run4+0x10/0x10 [ 59.314519][ T5323] __alloc_pages_noprof+0x6dc/0x710 [ 59.316456][ T5323] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 59.318441][ T5323] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 59.320638][ T5323] ? add_partial+0x6f/0xf0 [ 59.322351][ T5323] alloc_slab_page+0x59/0x120 [ 59.324152][ T5323] allocate_slab+0x5a/0x2f0 [ 59.325882][ T5323] ___slab_alloc+0xcd1/0x14b0 [ 59.327728][ T5323] ? bpf_map_kmalloc_node+0xd3/0x1c0 [ 59.329676][ T5323] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 59.331687][ T5323] ? bpf_map_kmalloc_node+0xd3/0x1c0 [ 59.333719][ T5323] __slab_alloc+0x58/0xa0 [ 59.335406][ T5323] __kmalloc_node_noprof+0x286/0x440 [ 59.337429][ T5323] ? bpf_map_kmalloc_node+0xd3/0x1c0 [ 59.339466][ T5323] bpf_map_kmalloc_node+0xd3/0x1c0 [ 59.341329][ T5323] trie_update_elem+0x1cd/0xc00 [ 59.343111][ T5323] ? __pfx___might_resched+0x10/0x10 [ 59.345012][ T5323] bpf_map_update_value+0x4d3/0x540 [ 59.346959][ T5323] map_update_elem+0x51a/0x6f0 [ 59.348771][ T5323] __sys_bpf+0x76f/0x810 [ 59.350364][ T5323] ? __pfx___sys_bpf+0x10/0x10 [ 59.352205][ T5323] ? __rseq_handle_notify_resume+0x34d/0x14d0 [ 59.354500][ T5323] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 59.356776][ T5323] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 59.358994][ T5323] ? do_syscall_64+0x100/0x230 [ 59.360589][ T5323] __x64_sys_bpf+0x7c/0x90 [ 59.361968][ T5323] do_syscall_64+0xf3/0x230 [ 59.363462][ T5323] ? clear_bhb_loop+0x35/0x90 [ 59.364962][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.366985][ T5323] RIP: 0033:0x7fccce17e719 [ 59.368619][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.375283][ T5323] RSP: 002b:00007fcccefc5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 59.378141][ T5323] RAX: ffffffffffffffda RBX: 00007fccce335f80 RCX: 00007fccce17e719 [ 59.381150][ T5323] RDX: 0000000000000020 RSI: 0000000020000300 RDI: 0000000000000002 [ 59.384202][ T5323] RBP: 00007fccce1f132e R08: 0000000000000000 R09: 0000000000000000 [ 59.386934][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 59.389878][ T5323] R13: 0000000000000000 R14: 00007fccce335f80 R15: 00007ffedc3723c8 [ 59.392628][ T5323]