============================================ WARNING: possible recursive locking detected syzkaller #0 Not tainted -------------------------------------------- syz.2.1428/11474 is trying to acquire lock: ffffc9000c00c0d8 (&rb->spinlock){-.-.}-{2:2}, at: __bpf_ringbuf_reserve+0x1c7/0x5a0 kernel/bpf/ringbuf.c:423 but task is already holding lock: ffffc9000dfff0d8 (&rb->spinlock){-.-.}-{2:2}, at: __bpf_ringbuf_reserve+0x1c7/0x5a0 kernel/bpf/ringbuf.c:423 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&rb->spinlock); lock(&rb->spinlock); *** DEADLOCK *** May be due to missing lock nesting notation 4 locks held by syz.2.1428/11474: #0: ffff8880b8739f98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:636 #1: ffffffff8e139ea0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #1: ffffffff8e139ea0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #1: ffffffff8e139ea0 (rcu_read_lock){....}-{1:3}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2256 [inline] #1: ffffffff8e139ea0 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x19c/0x4a0 kernel/trace/bpf_trace.c:2300 #2: ffffc9000dfff0d8 (&rb->spinlock){-.-.}-{2:2}, at: __bpf_ringbuf_reserve+0x1c7/0x5a0 kernel/bpf/ringbuf.c:423 #3: ffffffff8e139ea0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #3: ffffffff8e139ea0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #3: ffffffff8e139ea0 (rcu_read_lock){....}-{1:3}, at: trace_call_bpf+0xb7/0x850 kernel/trace/bpf_trace.c:-1 stack backtrace: CPU: 1 UID: 0 PID: 11474 Comm: syz.2.1428 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 Call Trace: dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 print_deadlock_bug+0x28b/0x2a0 kernel/locking/lockdep.c:3041 check_deadlock kernel/locking/lockdep.c:3093 [inline] validate_chain+0x1a3f/0x2140 kernel/locking/lockdep.c:3895 __lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5237 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162 __bpf_ringbuf_reserve+0x1c7/0x5a0 kernel/bpf/ringbuf.c:423 ____bpf_ringbuf_reserve kernel/bpf/ringbuf.c:474 [inline] bpf_ringbuf_reserve+0x5c/0x70 kernel/bpf/ringbuf.c:466 bpf_prog_df2ea1bb7efca089+0x36/0x54 bpf_dispatcher_nop_func include/linux/bpf.h:1332 [inline] __bpf_prog_run include/linux/filter.h:718 [inline] bpf_prog_run include/linux/filter.h:725 [inline] bpf_prog_run_array include/linux/bpf.h:2292 [inline] trace_call_bpf+0x326/0x850 kernel/trace/bpf_trace.c:146 perf_trace_run_bpf_submit+0x78/0x170 kernel/events/core.c:10911 do_perf_trace_contention_end include/trace/events/lock.h:122 [inline] perf_trace_contention_end+0x253/0x2f0 include/trace/events/lock.h:122 __do_trace_contention_end include/trace/events/lock.h:122 [inline] trace_contention_end+0x111/0x140 include/trace/events/lock.h:122 __pv_queued_spin_lock_slowpath+0x9f9/0xb60 kernel/locking/qspinlock.c:374 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:557 [inline] queued_spin_lock_slowpath+0x43/0x50 arch/x86/include/asm/qspinlock.h:51 queued_spin_lock include/asm-generic/qspinlock.h:114 [inline] do_raw_spin_lock+0x21f/0x290 kernel/locking/spinlock_debug.c:116 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:111 [inline] _raw_spin_lock_irqsave+0xb3/0xf0 kernel/locking/spinlock.c:162 __bpf_ringbuf_reserve+0x1c7/0x5a0 kernel/bpf/ringbuf.c:423 ____bpf_ringbuf_reserve kernel/bpf/ringbuf.c:474 [inline] bpf_ringbuf_reserve+0x5c/0x70 kernel/bpf/ringbuf.c:466 bpf_prog_9efe54833449f08e+0x2e/0x4c bpf_dispatcher_nop_func include/linux/bpf.h:1332 [inline] __bpf_prog_run include/linux/filter.h:718 [inline] bpf_prog_run include/linux/filter.h:725 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2257 [inline] bpf_trace_run4+0x28b/0x4a0 kernel/trace/bpf_trace.c:2300 __bpf_trace_sched_switch+0x17a/0x1e0 include/trace/events/sched.h:220 __traceiter_sched_switch+0x9d/0xd0 include/trace/events/sched.h:220 __do_trace_sched_switch include/trace/events/sched.h:220 [inline] trace_sched_switch include/trace/events/sched.h:220 [inline] __schedule+0x238f/0x4cc0 kernel/sched/core.c:6958 __schedule_loop kernel/sched/core.c:7043 [inline] schedule+0x165/0x360 kernel/sched/core.c:7058 futex_do_wait kernel/futex/waitwake.c:358 [inline] __futex_wait+0x1c3/0x3e0 kernel/futex/waitwake.c:687 futex_wait+0x104/0x360 kernel/futex/waitwake.c:715 do_futex+0x333/0x420 kernel/futex/syscalls.c:102 __do_sys_futex kernel/futex/syscalls.c:179 [inline] __se_sys_futex+0x36f/0x400 kernel/futex/syscalls.c:160 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fc096d8ebe9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffe24f3eb78 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: ffffffffffffffda RBX: 000000000004b43b RCX: 00007fc096d8ebe9 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc096fc5fac RBP: 0000000000000032 R08: 7fffffffffffffff R09: 0000000624f3ee6f R10: 00007ffe24f3ec70 R11: 0000000000000246 R12: 00007fc096fc5fac R13: 00007ffe24f3ec70 R14: 000000000004b46d R15: 00007ffe24f3ec90