============================================ WARNING: possible recursive locking detected 6.10.0-rc3-syzkaller-00021-g2ef5971ff345 #0 Not tainted -------------------------------------------- syz-fuzzer/5218 is trying to acquire lock: ffff88802c238ac0 (lock#13){+.+.}-{2:2}, at: local_lock_acquire include/linux/local_lock_internal.h:29 [inline] ffff88802c238ac0 (lock#13){+.+.}-{2:2}, at: __mmap_lock_do_trace_acquire_returned+0x7f/0x790 mm/mmap_lock.c:237 but task is already holding lock: ffff88802c238ac0 (lock#13){+.+.}-{2:2}, at: local_lock_acquire include/linux/local_lock_internal.h:29 [inline] ffff88802c238ac0 (lock#13){+.+.}-{2:2}, at: __mmap_lock_do_trace_acquire_returned+0x7f/0x790 mm/mmap_lock.c:237 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(lock#13); lock(lock#13); *** DEADLOCK *** May be due to missing lock nesting notation 6 locks held by syz-fuzzer/5218: #0: ffff888021a4f868 (&pipe->mutex){+.+.}-{3:3}, at: pipe_read+0x141/0x1400 fs/pipe.c:264 #1: ffff88801d08ea18 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:163 [inline] #1: ffff88801d08ea18 (&mm->mmap_lock){++++}-{3:3}, at: get_mmap_lock_carefully mm/memory.c:5715 [inline] #1: ffff88801d08ea18 (&mm->mmap_lock){++++}-{3:3}, at: lock_mm_and_find_vma+0x35/0x6a0 mm/memory.c:5775 #2: ffff88802c238ac0 (lock#13){+.+.}-{2:2}, at: local_lock_acquire include/linux/local_lock_internal.h:29 [inline] #2: ffff88802c238ac0 (lock#13){+.+.}-{2:2}, at: __mmap_lock_do_trace_acquire_returned+0x7f/0x790 mm/mmap_lock.c:237 #3: ffffffff8dbb51a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline] #3: ffffffff8dbb51a0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline] #3: ffffffff8dbb51a0 (rcu_read_lock){....}-{1:2}, at: get_memcg_path_buf mm/mmap_lock.c:139 [inline] #3: ffffffff8dbb51a0 (rcu_read_lock){....}-{1:2}, at: get_mm_memcg_path+0xb1/0x6f0 mm/mmap_lock.c:209 #4: ffffffff8dbb51a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline] #4: ffffffff8dbb51a0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline] #4: ffffffff8dbb51a0 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2402 [inline] #4: ffffffff8dbb51a0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run4+0x1d6/0x5a0 kernel/trace/bpf_trace.c:2446 #5: ffff88801d08ea18 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:163 [inline] #5: ffff88801d08ea18 (&mm->mmap_lock){++++}-{3:3}, at: stack_map_get_build_id_offset+0x28a/0x760 kernel/bpf/stackmap.c:141 stack backtrace: CPU: 2 PID: 5218 Comm: syz-fuzzer Not tainted 6.10.0-rc3-syzkaller-00021-g2ef5971ff345 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114 check_deadlock kernel/locking/lockdep.c:3062 [inline] validate_chain kernel/locking/lockdep.c:3856 [inline] __lock_acquire+0x20e6/0x3b30 kernel/locking/lockdep.c:5137 lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5719 local_lock_acquire include/linux/local_lock_internal.h:29 [inline] __mmap_lock_do_trace_acquire_returned+0x97/0x790 mm/mmap_lock.c:237 __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline] mmap_read_trylock include/linux/mmap_lock.h:164 [inline] stack_map_get_build_id_offset+0x602/0x760 kernel/bpf/stackmap.c:141 __bpf_get_stack+0x68a/0x710 kernel/bpf/stackmap.c:449 ____bpf_get_stack_raw_tp kernel/trace/bpf_trace.c:1994 [inline] bpf_get_stack_raw_tp+0x124/0x160 kernel/trace/bpf_trace.c:1984 bpf_prog_e6cf5f9c69743609+0x42/0x46 bpf_dispatcher_nop_func include/linux/bpf.h:1243 [inline] __bpf_prog_run include/linux/filter.h:691 [inline] bpf_prog_run include/linux/filter.h:698 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2403 [inline] bpf_trace_run4+0x245/0x5a0 kernel/trace/bpf_trace.c:2446 __traceiter_mmap_lock_acquire_returned+0x82/0xe0 include/trace/events/mmap_lock.h:52 trace_mmap_lock_acquire_returned include/trace/events/mmap_lock.h:52 [inline] __mmap_lock_do_trace_acquire_returned+0x456/0x790 mm/mmap_lock.c:237 __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline] mmap_read_trylock include/linux/mmap_lock.h:164 [inline] get_mmap_lock_carefully mm/memory.c:5715 [inline] lock_mm_and_find_vma+0xeb/0x6a0 mm/memory.c:5775 do_user_addr_fault+0x29c/0xe50 arch/x86/mm/fault.c:1361 handle_page_fault arch/x86/mm/fault.c:1481 [inline] exc_page_fault+0x5c/0xc0 arch/x86/mm/fault.c:1539 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 RIP: 0010:copy_user_generic arch/x86/include/asm/uaccess_64.h:110 [inline] RIP: 0010:raw_copy_to_user arch/x86/include/asm/uaccess_64.h:131 [inline] RIP: 0010:copy_to_user_iter lib/iov_iter.c:25 [inline] RIP: 0010:iterate_ubuf include/linux/iov_iter.h:29 [inline] RIP: 0010:iterate_and_advance2 include/linux/iov_iter.h:245 [inline] RIP: 0010:iterate_and_advance include/linux/iov_iter.h:271 [inline] RIP: 0010:_copy_to_iter+0x342/0xfc0 lib/iov_iter.c:185 Code: fd 4d 85 ff 0f 85 69 ff ff ff e8 89 cb 10 fd 4c 8b 7c 24 10 89 de 4c 89 ff e8 ea 05 6e fd 0f 01 cb 48 89 d9 48 89 ef 4c 89 fe a4 0f 1f 00 48 89 cd 0f 01 ca 49 89 df 49 29 cf e9 39 ff ff ff RSP: 0018:ffffc90002cf7a40 EFLAGS: 00050246 RAX: 0000000000000001 RBX: 0000000000001000 RCX: 0000000000001000 RDX: 0000000000000000 RSI: ffff8880005b6000 RDI: 000000c000872000 RBP: 000000c000872000 R08: 0000000000000000 R09: ffffed10000b6dff R10: ffff8880005b6fff R11: 0000000000000000 R12: ffffc90002cf7da0 R13: 000000c000873000 R14: ffffc90002cf7d98 R15: ffff8880005b6000 copy_page_to_iter lib/iov_iter.c:362 [inline] copy_page_to_iter+0xf1/0x180 lib/iov_iter.c:349 pipe_read+0x543/0x1400 fs/pipe.c:327 new_sync_read fs/read_write.c:395 [inline] vfs_read+0xa39/0xbd0 fs/read_write.c:476 ksys_read+0x1f8/0x260 fs/read_write.c:619 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x40720e Code: 48 83 ec 38 e8 13 00 00 00 48 83 c4 38 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 49 89 f2 48 89 fa 48 89 ce 48 89 df 0f 05 <48> 3d 01 f0 ff ff 76 15 48 f7 d8 48 89 c1 48 c7 c0 ff ff ff ff 48 RSP: 002b:000000c000166d80 EFLAGS: 00000216 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 0000000000000028 RCX: 000000000040720e RDX: 0000000000020000 RSI: 000000c000872000 RDI: 0000000000000028 RBP: 000000c000166dc0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000216 R12: 000000c00071be10 R13: 0000000000000004 R14: 000000c000083ba0 R15: 0000000000000000 ---------------- Code disassembly (best guess): 0: fd std 1: 4d 85 ff test %r15,%r15 4: 0f 85 69 ff ff ff jne 0xffffff73 a: e8 89 cb 10 fd call 0xfd10cb98 f: 4c 8b 7c 24 10 mov 0x10(%rsp),%r15 14: 89 de mov %ebx,%esi 16: 4c 89 ff mov %r15,%rdi 19: e8 ea 05 6e fd call 0xfd6e0608 1e: 0f 01 cb stac 21: 48 89 d9 mov %rbx,%rcx 24: 48 89 ef mov %rbp,%rdi 27: 4c 89 fe mov %r15,%rsi * 2a: f3 a4 rep movsb %ds:(%rsi),%es:(%rdi) <-- trapping instruction 2c: 0f 1f 00 nopl (%rax) 2f: 48 89 cd mov %rcx,%rbp 32: 0f 01 ca clac 35: 49 89 df mov %rbx,%r15 38: 49 29 cf sub %rcx,%r15 3b: e9 39 ff ff ff jmp 0xffffff79