============================================
WARNING: possible recursive locking detected
6.10.0-rc2-syzkaller-00797-ga12978712d90 #0 Not tainted
--------------------------------------------
syz-executor/5097 is trying to acquire lock:
ffff8880b95387e8 (lock#10){+.+.}-{2:2}, at: local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
ffff8880b95387e8 (lock#10){+.+.}-{2:2}, at: __mmap_lock_do_trace_released+0x83/0x620 mm/mmap_lock.c:243

but task is already holding lock:
ffff8880b95387e8 (lock#10){+.+.}-{2:2}, at: local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
ffff8880b95387e8 (lock#10){+.+.}-{2:2}, at: __mmap_lock_do_trace_released+0x83/0x620 mm/mmap_lock.c:243

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(lock#10);
  lock(lock#10);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

5 locks held by syz-executor/5097:
 #0: ffff888022789e18 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:163 [inline]
 #0: ffff888022789e18 (&mm->mmap_lock){++++}-{3:3}, at: get_mmap_lock_carefully mm/memory.c:5715 [inline]
 #0: ffff888022789e18 (&mm->mmap_lock){++++}-{3:3}, at: lock_mm_and_find_vma+0x32/0x2f0 mm/memory.c:5775
 #1: ffff8880b95387e8 (lock#10){+.+.}-{2:2}, at: local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
 #1: ffff8880b95387e8 (lock#10){+.+.}-{2:2}, at: __mmap_lock_do_trace_released+0x83/0x620 mm/mmap_lock.c:243
 #2: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
 #2: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
 #2: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: get_memcg_path_buf mm/mmap_lock.c:139 [inline]
 #2: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: get_mm_memcg_path+0xb1/0x600 mm/mmap_lock.c:209
 #3: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: trace_call_bpf+0xbc/0x8a0
 #4: ffff888022789e18 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:163 [inline]
 #4: ffff888022789e18 (&mm->mmap_lock){++++}-{3:3}, at: stack_map_get_build_id_offset+0x237/0x9d0 kernel/bpf/stackmap.c:141

stack backtrace:
CPU: 1 PID: 5097 Comm: syz-executor Not tainted 6.10.0-rc2-syzkaller-00797-ga12978712d90 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
 check_deadlock kernel/locking/lockdep.c:3062 [inline]
 validate_chain+0x15d3/0x5900 kernel/locking/lockdep.c:3856
 __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
 local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
 __mmap_lock_do_trace_released+0x9c/0x620 mm/mmap_lock.c:243
 __mmap_lock_trace_released include/linux/mmap_lock.h:42 [inline]
 mmap_read_unlock include/linux/mmap_lock.h:170 [inline]
 bpf_mmap_unlock_mm kernel/bpf/mmap_unlock_work.h:52 [inline]
 stack_map_get_build_id_offset+0x9c7/0x9d0 kernel/bpf/stackmap.c:173
 __bpf_get_stack+0x4ad/0x5a0 kernel/bpf/stackmap.c:449
 bpf_prog_e6cf5f9c69743609+0x42/0x46
 bpf_dispatcher_nop_func include/linux/bpf.h:1243 [inline]
 __bpf_prog_run include/linux/filter.h:691 [inline]
 bpf_prog_run include/linux/filter.h:698 [inline]
 bpf_prog_run_array include/linux/bpf.h:2104 [inline]
 trace_call_bpf+0x369/0x8a0 kernel/trace/bpf_trace.c:147
 perf_trace_run_bpf_submit+0x7c/0x1d0 kernel/events/core.c:10269
 perf_trace_mmap_lock+0x3d7/0x510 include/trace/events/mmap_lock.h:16
 trace_mmap_lock_released include/trace/events/mmap_lock.h:50 [inline]
 __mmap_lock_do_trace_released+0x5bb/0x620 mm/mmap_lock.c:243
 __mmap_lock_trace_released include/linux/mmap_lock.h:42 [inline]
 mmap_read_unlock include/linux/mmap_lock.h:170 [inline]
 do_user_addr_fault arch/x86/mm/fault.c:1417 [inline]
 handle_page_fault arch/x86/mm/fault.c:1481 [inline]
 exc_page_fault+0x7a2/0x8c0 arch/x86/mm/fault.c:1539
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0010:rep_stos_alternative+0x40/0x80 arch/x86/lib/clear_page_64.S:96
Code: ff c7 48 ff c9 75 f6 c3 cc cc cc cc 48 89 07 48 83 c7 08 83 e9 08 74 ef 83 f9 08 73 ef eb de 66 2e 0f 1f 84 00 00 00 00 00 90 <48> 89 07 48 89 47 08 48 89 47 10 48 89 47 18 48 89 47 20 48 89 47
RSP: 0018:ffffc900035cf938 EFLAGS: 00050206
RAX: 0000000000000000 RBX: 0000000000000340 RCX: 0000000000000340
RDX: 0000000000000000 RSI: ffffffff8bcacd00 RDI: 00007fff7e47de40
RBP: ffffc900035cfb10 R08: ffffffff8fad5f2f R09: 1ffffffff1f5abe5
R10: dffffc0000000000 R11: fffffbfff1f5abe6 R12: 00007fff7e47de40
R13: 1ffff11004e092f0 R14: ffff888027048000 R15: dffffc0000000000
 __clear_user arch/x86/include/asm/uaccess_64.h:172 [inline]
 copy_fpstate_to_sigframe+0x4f0/0xd90 arch/x86/kernel/fpu/signal.c:236
 get_sigframe+0x55d/0x700 arch/x86/kernel/signal.c:142
 x64_setup_rt_frame+0x180/0xcc0 arch/x86/kernel/signal_64.c:175
 setup_rt_frame arch/x86/kernel/signal.c:223 [inline]
 handle_signal arch/x86/kernel/signal.c:267 [inline]
 arch_do_signal_or_restart+0x458/0x860 arch/x86/kernel/signal.c:312
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0xc9/0x370 kernel/entry/common.c:218
 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f41d29a7b85
Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 c6 57 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 1f 58 ff ff 48 8b 04 24 48 83 c4 28 f7 d8
RSP: 002b:00007fff7e47e220 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
RAX: fffffffffffffffc RBX: 000000000000032f RCX: 00007f41d29a7b85
RDX: 00007fff7e47e260 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007fff7e47e2dc R08: 0000000000000000 R09: 7fffffffffffffff
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032
R13: 000000000003673e R14: 0000000000036702 R15: 00007fff7e47e340
 </TASK>
----------------
Code disassembly (best guess):
   0:	ff c7                	inc    %edi
   2:	48 ff c9             	dec    %rcx
   5:	75 f6                	jne    0xfffffffd
   7:	c3                   	ret
   8:	cc                   	int3
   9:	cc                   	int3
   a:	cc                   	int3
   b:	cc                   	int3
   c:	48 89 07             	mov    %rax,(%rdi)
   f:	48 83 c7 08          	add    $0x8,%rdi
  13:	83 e9 08             	sub    $0x8,%ecx
  16:	74 ef                	je     0x7
  18:	83 f9 08             	cmp    $0x8,%ecx
  1b:	73 ef                	jae    0xc
  1d:	eb de                	jmp    0xfffffffd
  1f:	66 2e 0f 1f 84 00 00 	cs nopw 0x0(%rax,%rax,1)
  26:	00 00 00
  29:	90                   	nop
* 2a:	48 89 07             	mov    %rax,(%rdi) <-- trapping instruction
  2d:	48 89 47 08          	mov    %rax,0x8(%rdi)
  31:	48 89 47 10          	mov    %rax,0x10(%rdi)
  35:	48 89 47 18          	mov    %rax,0x18(%rdi)
  39:	48 89 47 20          	mov    %rax,0x20(%rdi)
  3d:	48                   	rex.W
  3e:	89                   	.byte 0x89
  3f:	47                   	rex.RXB