============================================
WARNING: possible recursive locking detected
6.1.91-syzkaller #0 Not tainted
--------------------------------------------
syz-executor.0/3897 is trying to acquire lock:
ffff88807ceb8218 (&qs->lock){..-.}-{2:2}, at: __stack_map_get+0x147/0x4a0 kernel/bpf/queue_stack_maps.c:144

but task is already holding lock:
ffff88805862b218 (&qs->lock){..-.}-{2:2}, at: __stack_map_get+0x147/0x4a0 kernel/bpf/queue_stack_maps.c:144

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&qs->lock);
  lock(&qs->lock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

8 locks held by syz-executor.0/3897:
 #0: ffff88807e5aa460 (sb_writers#4){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:3010 [inline]
 #0: ffff88807e5aa460 (sb_writers#4){.+.+}-{0:0}, at: vfs_fallocate+0x4ba/0x6b0 fs/open.c:322
 #1: ffff8880717cd440 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
 #1: ffff8880717cd440 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: ext4_fallocate+0x28c/0x2160 fs/ext4/extents.c:4761
 #2: ffffffff8d21ac38 (remove_cache_srcu){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #2: ffffffff8d21ac38 (remove_cache_srcu){....}-{0:0}, at: srcu_read_lock+0x16/0x40 include/linux/srcu.h:165
 #3: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #3: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #3: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: page_ext_get+0x1c/0x2a0 mm/page_ext.c:157
 #4: ffff8880b983aa18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140 kernel/sched/core.c:537
 #5: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #5: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #5: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2272 [inline]
 #5: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run4+0x16a/0x470 kernel/trace/bpf_trace.c:2314
 #6: ffff88805862b218 (&qs->lock){..-.}-{2:2}, at: __stack_map_get+0x147/0x4a0 kernel/bpf/queue_stack_maps.c:144
 #7: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #7: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #7: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2272 [inline]
 #7: ffffffff8d12ac80 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x110/0x410 kernel/trace/bpf_trace.c:2312

stack backtrace:
CPU: 0 PID: 3897 Comm: syz-executor.0 Not tainted 6.1.91-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 print_deadlock_bug kernel/locking/lockdep.c:2983 [inline]
 check_deadlock kernel/locking/lockdep.c:3026 [inline]
 validate_chain+0x4711/0x5950 kernel/locking/lockdep.c:3812
 __lock_acquire+0x125b/0x1f80 kernel/locking/lockdep.c:5049
 lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
 __stack_map_get+0x147/0x4a0 kernel/bpf/queue_stack_maps.c:144
 bpf_prog_00798911c748094f+0x3a/0x3e
 bpf_dispatcher_nop_func include/linux/bpf.h:989 [inline]
 __bpf_prog_run include/linux/filter.h:603 [inline]
 bpf_prog_run include/linux/filter.h:610 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2273 [inline]
 bpf_trace_run2+0x1fd/0x410 kernel/trace/bpf_trace.c:2312
 trace_contention_end+0x14c/0x190 include/trace/events/lock.h:122
 __pv_queued_spin_lock_slowpath+0x935/0xc50 kernel/locking/qspinlock.c:560
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:591 [inline]
 queued_spin_lock_slowpath+0x42/0x50 arch/x86/include/asm/qspinlock.h:51
 queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
 do_raw_spin_lock+0x269/0x370 kernel/locking/spinlock_debug.c:115
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:111 [inline]
 _raw_spin_lock_irqsave+0xdd/0x120 kernel/locking/spinlock.c:162
 __stack_map_get+0x147/0x4a0 kernel/bpf/queue_stack_maps.c:144
 bpf_prog_94b194d4ebfffdd5+0x3d/0x41
 bpf_dispatcher_nop_func include/linux/bpf.h:989 [inline]
 __bpf_prog_run include/linux/filter.h:603 [inline]
 bpf_prog_run include/linux/filter.h:610 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2273 [inline]
 bpf_trace_run4+0x253/0x470 kernel/trace/bpf_trace.c:2314
 __traceiter_sched_switch+0x91/0xc0 include/trace/events/sched.h:222
 trace_sched_switch include/trace/events/sched.h:222 [inline]
 __schedule+0x2116/0x4550 kernel/sched/core.c:6555
 preempt_schedule_irq+0xf7/0x1c0 kernel/sched/core.c:6870
 irqentry_exit+0x53/0x80 kernel/entry/common.c:439
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:653
RIP: 0010:stack_trace_consume_entry+0x4f/0x270 kernel/stacktrace.c:86
Code: 03 41 0f b6 04 17 84 c0 0f 85 02 01 00 00 44 8b 43 10 48 8d 6b 08 49 89 ec 49 c1 ec 03 41 0f b6 04 14 84 c0 0f 85 16 01 00 00 <44> 3b 45 00 73 3c 48 8d 7b 0c 49 89 fd 49 c1 ed 03 41 0f b6 44 15
RSP: 0018:ffffc90005c07150 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffffc90005c07280 RCX: ffffffff8fb12000
RDX: dffffc0000000000 RSI: ffffffff81d5b383 RDI: ffffc90005c07280
RBP: ffffc90005c07288 R08: 0000000000000001 R09: ffffc90005c07290
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff92000b80e51
R13: ffffffff81784820 R14: ffffc90005c07280 R15: 1ffff92000b80e52
 arch_stack_walk+0x101/0x140 arch/x86/kernel/stacktrace.c:27
 stack_trace_save+0x113/0x1c0 kernel/stacktrace.c:122
 save_stack+0xf6/0x1e0 mm/page_owner.c:127
 __reset_page_owner+0x52/0x1a0 mm/page_owner.c:148
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1440 [inline]
 free_pcp_prepare mm/page_alloc.c:1490 [inline]
 free_unref_page_prepare+0xf63/0x1120 mm/page_alloc.c:3358
 free_unref_page+0x33/0x3e0 mm/page_alloc.c:3453
 qlink_free mm/kasan/quarantine.c:168 [inline]
 qlist_free_all+0x76/0xe0 mm/kasan/quarantine.c:187
 kasan_quarantine_reduce+0x156/0x170 mm/kasan/quarantine.c:294
 __kasan_slab_alloc+0x1f/0x70 mm/kasan/common.c:305
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook+0x52/0x3a0 mm/slab.h:737
 slab_alloc_node mm/slub.c:3398 [inline]
 slab_alloc mm/slub.c:3406 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3413 [inline]
 kmem_cache_alloc+0x10c/0x2d0 mm/slub.c:3422
 kmem_cache_zalloc include/linux/slab.h:682 [inline]
 jbd2_alloc_handle include/linux/jbd2.h:1594 [inline]
 new_handle fs/jbd2/transaction.c:476 [inline]
 jbd2__journal_start+0x144/0x5c0 fs/jbd2/transaction.c:503
 __ext4_journal_start_sb+0x19b/0x410 fs/ext4/ext4_jbd2.c:105
 __ext4_journal_start fs/ext4/ext4_jbd2.h:326 [inline]
 ext4_alloc_file_blocks+0x3b3/0xce0 fs/ext4/extents.c:4494
 ext4_fallocate+0xd2b/0x2160 fs/ext4/extents.c:4787
 vfs_fallocate+0x547/0x6b0 fs/open.c:323
 do_vfs_ioctl+0x222c/0x2a90 fs/ioctl.c:849
 __do_sys_ioctl fs/ioctl.c:868 [inline]
 __se_sys_ioctl+0x81/0x160 fs/ioctl.c:856
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f75ec07cee9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f75ece400c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f75ec1abf80 RCX: 00007f75ec07cee9
RDX: 0000000020000040 RSI: 000000004030582a RDI: 0000000000000005
RBP: 00007f75ec0c949e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f75ec1abf80 R15: 00007ffeb57e3ee8
 </TASK>
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	41 0f b6 04 17       	movzbl (%r15,%rdx,1),%eax
   5:	84 c0                	test   %al,%al
   7:	0f 85 02 01 00 00    	jne    0x10f
   d:	44 8b 43 10          	mov    0x10(%rbx),%r8d
  11:	48 8d 6b 08          	lea    0x8(%rbx),%rbp
  15:	49 89 ec             	mov    %rbp,%r12
  18:	49 c1 ec 03          	shr    $0x3,%r12
  1c:	41 0f b6 04 14       	movzbl (%r12,%rdx,1),%eax
  21:	84 c0                	test   %al,%al
  23:	0f 85 16 01 00 00    	jne    0x13f
* 29:	44 3b 45 00          	cmp    0x0(%rbp),%r8d <-- trapping instruction
  2d:	73 3c                	jae    0x6b
  2f:	48 8d 7b 0c          	lea    0xc(%rbx),%rdi
  33:	49 89 fd             	mov    %rdi,%r13
  36:	49 c1 ed 03          	shr    $0x3,%r13
  3a:	41                   	rex.B
  3b:	0f                   	.byte 0xf
  3c:	b6 44                	mov    $0x44,%dh
  3e:	15                   	.byte 0x15