============================================
WARNING: possible recursive locking detected
6.12.0-rc7-syzkaller-g2c8b09ac2537 #0 Not tainted
--------------------------------------------
rcu_exp_gp_kthr/19 is trying to acquire lock:
ffffc9000b2250d8 (&rb->spinlock){-.-.}-{2:2}, at: __bpf_ringbuf_reserve+0x1ea/0x600 kernel/bpf/ringbuf.c:427

but task is already holding lock:
ffffc9000b2110d8 (&rb->spinlock){-.-.}-{2:2}, at: __bpf_ringbuf_reserve+0x1ea/0x600 kernel/bpf/ringbuf.c:427

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&rb->spinlock);
  lock(&rb->spinlock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

4 locks held by rcu_exp_gp_kthr/19:
 #0: ffffffff8e939de0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #0: ffffffff8e939de0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #0: ffffffff8e939de0 (rcu_read_lock){....}-{1:2}, at: ieee80211_iterate_active_interfaces_atomic+0x2a/0x170 net/mac80211/util.c:809
 #1: ffffffff8e939de0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #1: ffffffff8e939de0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #1: ffffffff8e939de0 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2350 [inline]
 #1: ffffffff8e939de0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run3+0x24c/0x5a0 kernel/trace/bpf_trace.c:2393
 #2: ffffc9000b2110d8 (&rb->spinlock){-.-.}-{2:2}, at: __bpf_ringbuf_reserve+0x1ea/0x600 kernel/bpf/ringbuf.c:427
 #3: ffffffff8e939de0 (rcu_read_lock){....}-{1:2}, at: trace_call_bpf+0xbc/0x8a0

stack backtrace:
CPU: 0 UID: 0 PID: 19 Comm: rcu_exp_gp_kthr Not tainted 6.12.0-rc7-syzkaller-g2c8b09ac2537 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_deadlock_bug+0x483/0x620 kernel/locking/lockdep.c:3037
 check_deadlock kernel/locking/lockdep.c:3089 [inline]
 validate_chain+0x15e2/0x5920 kernel/locking/lockdep.c:3891
 __lock_acquire+0x1384/0x2050 kernel/locking/lockdep.c:5202
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
 __bpf_ringbuf_reserve+0x1ea/0x600 kernel/bpf/ringbuf.c:427
 ____bpf_ringbuf_output kernel/bpf/ringbuf.c:553 [inline]
 bpf_ringbuf_output+0x67/0x1e0 kernel/bpf/ringbuf.c:543
 bpf_prog_7289bc796c5f29b9+0x46/0x4a
 bpf_dispatcher_nop_func include/linux/bpf.h:1290 [inline]
 __bpf_prog_run include/linux/filter.h:701 [inline]
 bpf_prog_run include/linux/filter.h:708 [inline]
 bpf_prog_run_array include/linux/bpf.h:2170 [inline]
 trace_call_bpf+0x369/0x8a0 kernel/trace/bpf_trace.c:146
 perf_trace_run_bpf_submit+0x82/0x180 kernel/events/core.c:10416
 perf_trace_lock_acquire+0x3c3/0x4f0 include/trace/events/lock.h:24
 trace_lock_acquire include/trace/events/lock.h:24 [inline]
 lock_acquire+0x51b/0x550 kernel/locking/lockdep.c:5796
 rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 rcu_read_lock include/linux/rcupdate.h:849 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2350 [inline]
 bpf_trace_run2+0x219/0x540 kernel/trace/bpf_trace.c:2392
 trace_contention_begin+0x117/0x140 include/trace/events/lock.h:95
 __pv_queued_spin_lock_slowpath+0x114/0xdb0 kernel/locking/qspinlock.c:402
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:584 [inline]
 queued_spin_lock_slowpath+0x42/0x50 arch/x86/include/asm/qspinlock.h:51
 queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
 do_raw_spin_lock+0x272/0x370 kernel/locking/spinlock_debug.c:116
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:111 [inline]
 _raw_spin_lock_irqsave+0xe1/0x120 kernel/locking/spinlock.c:162
 __bpf_ringbuf_reserve+0x1ea/0x600 kernel/bpf/ringbuf.c:427
 ____bpf_ringbuf_reserve kernel/bpf/ringbuf.c:478 [inline]
 bpf_ringbuf_reserve+0x5c/0x70 kernel/bpf/ringbuf.c:470
 bpf_prog_9efe54833449f08e+0x2e/0x48
 bpf_dispatcher_nop_func include/linux/bpf.h:1290 [inline]
 __bpf_prog_run include/linux/filter.h:701 [inline]
 bpf_prog_run include/linux/filter.h:708 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2351 [inline]
 bpf_trace_run3+0x33a/0x5a0 kernel/trace/bpf_trace.c:2393
 trace_kmem_cache_free include/trace/events/kmem.h:114 [inline]
 kmem_cache_free+0x355/0x420 mm/slub.c:4680
 skb_kfree_head net/core/skbuff.c:1084 [inline]
 skb_free_head net/core/skbuff.c:1098 [inline]
 skb_release_data+0x677/0x8a0 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 consume_skb+0x9f/0xf0 net/core/skbuff.c:1436
 mac80211_hwsim_beacon_tx+0x3bf/0x850 drivers/net/wireless/virtual/mac80211_hwsim.c:2315
 __iterate_interfaces+0x222/0x510 net/mac80211/util.c:774
 ieee80211_iterate_active_interfaces_atomic+0xd8/0x170 net/mac80211/util.c:810
 mac80211_hwsim_beacon+0xd4/0x1f0 drivers/net/wireless/virtual/mac80211_hwsim.c:2345
 __run_hrtimer kernel/time/hrtimer.c:1691 [inline]
 __hrtimer_run_queues+0x59b/0xd50 kernel/time/hrtimer.c:1755
 hrtimer_run_softirq+0x19a/0x2c0 kernel/time/hrtimer.c:1772
 handle_softirqs+0x2c5/0x980 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:649
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:finish_task_switch+0x1ea/0x870 kernel/sched/core.c:5202
Code: c9 50 e8 79 00 0c 00 48 83 c4 08 4c 89 f7 e8 4d 39 00 00 0f 1f 44 00 00 4c 89 f7 e8 30 c4 6d 0a e8 0b 5a 38 00 fb 48 8b 5d c0 <48> 8d bb f8 15 00 00 48 89 f8 48 c1 e8 03 49 be 00 00 00 00 00 fc
RSP: 0018:ffffc900001878e8 EFLAGS: 00000282
RAX: e56833e86f879700 RBX: ffff88801cec3c00 RCX: ffffffff9a3dc903
RDX: dffffc0000000000 RSI: ffffffff8c0acda0 RDI: ffffffff8c6114e0
RBP: ffffc90000187930 R08: ffffffff901d2baf R09: 1ffffffff203a575
R10: dffffc0000000000 R11: fffffbfff203a576 R12: 1ffff110170c7f1c
R13: dffffc0000000000 R14: ffff8880b863eac0 R15: ffff8880b863f8e0
 context_switch kernel/sched/core.c:5331 [inline]
 __schedule+0x1857/0x4c30 kernel/sched/core.c:6693
 __schedule_loop kernel/sched/core.c:6770 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6785
 schedule_timeout+0x1be/0x310 kernel/time/timer.c:2615
 synchronize_rcu_expedited_wait_once kernel/rcu/tree_exp.h:536 [inline]
 synchronize_rcu_expedited_wait kernel/rcu/tree_exp.h:649 [inline]
 rcu_exp_wait_wake kernel/rcu/tree_exp.h:678 [inline]
 rcu_exp_sel_wait_wake+0x77e/0x1dc0 kernel/rcu/tree_exp.h:712
 kthread_worker_fn+0x500/0xb70 kernel/kthread.c:844
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
----------------
Code disassembly (best guess):
   0:	c9                   	leave
   1:	50                   	push   %rax
   2:	e8 79 00 0c 00       	call   0xc0080
   7:	48 83 c4 08          	add    $0x8,%rsp
   b:	4c 89 f7             	mov    %r14,%rdi
   e:	e8 4d 39 00 00       	call   0x3960
  13:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  18:	4c 89 f7             	mov    %r14,%rdi
  1b:	e8 30 c4 6d 0a       	call   0xa6dc450
  20:	e8 0b 5a 38 00       	call   0x385a30
  25:	fb                   	sti
  26:	48 8b 5d c0          	mov    -0x40(%rbp),%rbx
* 2a:	48 8d bb f8 15 00 00 	lea    0x15f8(%rbx),%rdi <-- trapping instruction
  31:	48 89 f8             	mov    %rdi,%rax
  34:	48 c1 e8 03          	shr    $0x3,%rax
  38:	49                   	rex.WB
  39:	be 00 00 00 00       	mov    $0x0,%esi
  3e:	00 fc                	add    %bh,%ah