============================================
WARNING: possible recursive locking detected
6.9.0-syzkaller-08544-g4b377b4868ef #0 Not tainted
--------------------------------------------
syz-executor.1/7040 is trying to acquire lock:
ffff88807d4531d8 (&qs->lock){-.-.}-{2:2}, at: __stack_map_get+0x14b/0x4b0 kernel/bpf/queue_stack_maps.c:140

but task is already holding lock:
ffff88805eef61d8 (&qs->lock){-.-.}-{2:2}, at: queue_stack_map_push_elem+0x1b2/0x660 kernel/bpf/queue_stack_maps.c:210

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&qs->lock);
  lock(&qs->lock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

6 locks held by syz-executor.1/7040:
 #0: ffffffff8e333d20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
 #0: ffffffff8e333d20 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
 #0: ffffffff8e333d20 (rcu_read_lock){....}-{1:2}, at: netif_receive_skb_list_internal+0x4e8/0xe30 net/core/dev.c:5844
 #1: ffffffff8e333d20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
 #1: ffffffff8e333d20 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
 #1: ffffffff8e333d20 (rcu_read_lock){....}-{1:2}, at: ip_local_deliver_finish+0x22e/0x5f0 net/ipv4/ip_input.c:232
 #2: ffff88802d1032d8 (slock-AF_INET/1){+.-.}-{2:2}, at: tcp_v4_rcv+0x2d2b/0x37b0 net/ipv4/tcp_ipv4.c:2346
 #3: ffffffff8e333d20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
 #3: ffffffff8e333d20 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
 #3: ffffffff8e333d20 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2402 [inline]
 #3: ffffffff8e333d20 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run3+0x24c/0x5a0 kernel/trace/bpf_trace.c:2445
 #4: ffff88805eef61d8 (&qs->lock){-.-.}-{2:2}, at: queue_stack_map_push_elem+0x1b2/0x660 kernel/bpf/queue_stack_maps.c:210
 #5: ffffffff8e333d20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
 #5: ffffffff8e333d20 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
 #5: ffffffff8e333d20 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2402 [inline]
 #5: ffffffff8e333d20 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x1fc/0x540 kernel/trace/bpf_trace.c:2444

stack backtrace:
CPU: 0 PID: 7040 Comm: syz-executor.1 Not tainted 6.9.0-syzkaller-08544-g4b377b4868ef #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
 check_deadlock kernel/locking/lockdep.c:3062 [inline]
 validate_chain+0x15c1/0x58e0 kernel/locking/lockdep.c:3856
 __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
 __stack_map_get+0x14b/0x4b0 kernel/bpf/queue_stack_maps.c:140
 bpf_prog_00798911c748094f+0x42/0x46
 bpf_dispatcher_nop_func include/linux/bpf.h:1243 [inline]
 __bpf_prog_run include/linux/filter.h:691 [inline]
 bpf_prog_run include/linux/filter.h:698 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2403 [inline]
 bpf_trace_run2+0x2ec/0x540 kernel/trace/bpf_trace.c:2444
 trace_contention_begin+0x117/0x140 include/trace/events/lock.h:95
 __pv_queued_spin_lock_slowpath+0x114/0xdc0 kernel/locking/qspinlock.c:402
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:584 [inline]
 queued_spin_lock_slowpath+0x42/0x50 arch/x86/include/asm/qspinlock.h:51
 queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
 do_raw_spin_lock+0x272/0x370 kernel/locking/spinlock_debug.c:116
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:111 [inline]
 _raw_spin_lock_irqsave+0xe1/0x120 kernel/locking/spinlock.c:162
 queue_stack_map_push_elem+0x1b2/0x660 kernel/bpf/queue_stack_maps.c:210
 bpf_prog_216c997a1f42e404+0x3f/0x43
 bpf_dispatcher_nop_func include/linux/bpf.h:1243 [inline]
 __bpf_prog_run include/linux/filter.h:691 [inline]
 bpf_prog_run include/linux/filter.h:698 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2403 [inline]
 bpf_trace_run3+0x33a/0x5a0 kernel/trace/bpf_trace.c:2445
 __traceiter_kmem_cache_free+0x33/0x50 include/trace/events/kmem.h:114
 trace_kmem_cache_free include/trace/events/kmem.h:114 [inline]
 kmem_cache_free+0x267/0x2d0 mm/slub.c:4416
 skb_kfree_head net/core/skbuff.c:1067 [inline]
 skb_free_head net/core/skbuff.c:1081 [inline]
 skb_release_data+0x64d/0x880 net/core/skbuff.c:1108
 skb_release_all net/core/skbuff.c:1173 [inline]
 __kfree_skb+0x55/0x70 net/core/skbuff.c:1187
 tcp_clean_rtx_queue net/ipv4/tcp_input.c:3378 [inline]
 tcp_ack+0x2442/0x6bc0 net/ipv4/tcp_input.c:3970
 tcp_rcv_established+0x109a/0x2020 net/ipv4/tcp_input.c:6086
 tcp_v4_do_rcv+0x965/0xc60 net/ipv4/tcp_ipv4.c:1914
 tcp_v4_rcv+0x2d90/0x37b0 net/ipv4/tcp_ipv4.c:2350
 ip_protocol_deliver_rcu+0x225/0x430 net/ipv4/ip_input.c:205
 ip_local_deliver_finish+0x33f/0x5f0 net/ipv4/ip_input.c:233
 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314
 ip_local_deliver net/ipv4/ip_input.c:254 [inline]
 dst_input include/net/dst.h:460 [inline]
 ip_sublist_rcv_finish+0x3be/0x4f0 net/ipv4/ip_input.c:580
 ip_list_rcv_finish net/ipv4/ip_input.c:631 [inline]
 ip_sublist_rcv+0x75d/0xab0 net/ipv4/ip_input.c:639
 ip_list_rcv+0x42b/0x480 net/ipv4/ip_input.c:674
 __netif_receive_skb_list_ptype net/core/dev.c:5667 [inline]
 __netif_receive_skb_list_core+0x95a/0x980 net/core/dev.c:5715
 __netif_receive_skb_list net/core/dev.c:5767 [inline]
 netif_receive_skb_list_internal+0xa51/0xe30 net/core/dev.c:5859
 gro_normal_list include/net/gro.h:515 [inline]
 napi_complete_done+0x310/0x8e0 net/core/dev.c:6202
 virtqueue_napi_complete drivers/net/virtio_net.c:655 [inline]
 virtnet_poll+0xd68/0x18c0 drivers/net/virtio_net.c:2370
 __napi_poll+0xcb/0x490 net/core/dev.c:6721
 napi_poll net/core/dev.c:6790 [inline]
 net_rx_action+0x7bb/0x10a0 net/core/dev.c:6906
 handle_softirqs+0x2d6/0x990 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:649
 common_interrupt+0xaa/0xd0 arch/x86/kernel/irq.c:278
 </IRQ>
 <TASK>
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693
RIP: 0010:exit_to_user_mode_loop kernel/entry/common.c:101 [inline]
RIP: 0010:exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
RIP: 0010:irqentry_exit_to_user_mode+0x57/0x280 kernel/entry/common.c:231
Code: ee 01 00 00 e8 ba 10 00 00 65 4c 8b 3c 25 80 d3 03 00 49 8b 1f f7 c3 0e 30 02 00 0f 84 dd 00 00 00 e8 fd 8d 15 f6 fb f6 c3 08 <0f> 85 85 00 00 00 f7 c3 00 10 00 00 0f 85 8a 00 00 00 f7 c3 04 00
RSP: 0000:ffffc90013707f30 EFLAGS: 00000202
RAX: 8109bb2f31ab7200 RBX: 0000000000000008 RCX: ffffffff94794603
RDX: dffffc0000000000 RSI: ffffffff8bcab5c0 RDI: ffffffff8c1fae20
RBP: 0000000000000000 R08: ffffffff8facbbef R09: 1ffffffff1f5977d
R10: dffffc0000000000 R11: fffffbfff1f5977e R12: 0000000000000000
R13: 0000000000000000 R14: ffffc90013707f58 R15: ffff88807d563c00
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0033:0x7fe89bc38b33
Code: 08 c5 0f 85 ff 01 00 00 41 83 c4 01 44 3b 63 04 0f 83 c9 00 00 00 48 8b 34 24 44 89 e1 48 8b 53 28 4c 89 f8 48 03 14 ce 89 d5 <49> 89 d7 81 e5 00 f0 ff ff 80 3d 75 f5 16 00 00 75 3f be 00 00 00
RSP: 002b:00007ffe23700760 EFLAGS: 00000282
RAX: ffffffff825e2065 RBX: 00007fe89bdac018 RCX: 0000000000002ddc
RDX: ffffffff825e20e3 RSI: 00007fe89b401008 RDI: 00000000000108f3
RBP: 00000000825e20e3 R08: 0000001b33520000 R09: 00000000000008dc
R10: 00000000825e28e0 R11: 0000000000000000 R12: 0000000000002ddc
R13: 0000000000000001 R14: 00007fe89bda0000 R15: ffffffff825e2065
 </TASK>
----------------
Code disassembly (best guess):
   0:	ee                   	out    %al,(%dx)
   1:	01 00                	add    %eax,(%rax)
   3:	00 e8                	add    %ch,%al
   5:	ba 10 00 00 65       	mov    $0x65000010,%edx
   a:	4c 8b 3c 25 80 d3 03 	mov    0x3d380,%r15
  11:	00
  12:	49 8b 1f             	mov    (%r15),%rbx
  15:	f7 c3 0e 30 02 00    	test   $0x2300e,%ebx
  1b:	0f 84 dd 00 00 00    	je     0xfe
  21:	e8 fd 8d 15 f6       	call   0xf6158e23
  26:	fb                   	sti
  27:	f6 c3 08             	test   $0x8,%bl
* 2a:	0f 85 85 00 00 00    	jne    0xb5 <-- trapping instruction
  30:	f7 c3 00 10 00 00    	test   $0x1000,%ebx
  36:	0f 85 8a 00 00 00    	jne    0xc6
  3c:	f7                   	.byte 0xf7
  3d:	c3                   	ret
  3e:	04 00                	add    $0x0,%al