============================================ WARNING: possible recursive locking detected 6.9.0-rc6-syzkaller-00005-gb947cc5bf6d7 #0 Not tainted -------------------------------------------- syz-executor.0/5423 is trying to acquire lock: ffff88802b7281d8 (&qs->lock){-.-.}-{2:2}, at: __queue_map_get+0x147/0x4d0 kernel/bpf/queue_stack_maps.c:105 but task is already holding lock: ffff8880669ec1d8 (&qs->lock){-.-.}-{2:2}, at: __queue_map_get+0x147/0x4d0 kernel/bpf/queue_stack_maps.c:105 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&qs->lock); lock(&qs->lock); *** DEADLOCK *** May be due to missing lock nesting notation 7 locks held by syz-executor.0/5423: #0: ffffffff8dddc390 (dup_mmap_sem){.+.+}-{0:0}, at: dup_mmap kernel/fork.c:637 [inline] #0: ffffffff8dddc390 (dup_mmap_sem){.+.+}-{0:0}, at: dup_mm kernel/fork.c:1688 [inline] #0: ffffffff8dddc390 (dup_mmap_sem){.+.+}-{0:0}, at: copy_mm+0x271/0x20c0 kernel/fork.c:1737 #1: ffff88807c593120 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock_killable include/linux/mmap_lock.h:124 [inline] #1: ffff88807c593120 (&mm->mmap_lock){++++}-{3:3}, at: dup_mmap kernel/fork.c:638 [inline] #1: ffff88807c593120 (&mm->mmap_lock){++++}-{3:3}, at: dup_mm kernel/fork.c:1688 [inline] #1: ffff88807c593120 (&mm->mmap_lock){++++}-{3:3}, at: copy_mm+0x291/0x20c0 kernel/fork.c:1737 #2: ffff88801df54da0 (&mm->mmap_lock/1){+.+.}-{3:3}, at: mmap_write_lock_nested include/linux/mmap_lock.h:115 [inline] #2: ffff88801df54da0 (&mm->mmap_lock/1){+.+.}-{3:3}, at: dup_mmap kernel/fork.c:647 [inline] #2: ffff88801df54da0 (&mm->mmap_lock/1){+.+.}-{3:3}, at: dup_mm kernel/fork.c:1688 [inline] #2: ffff88801df54da0 (&mm->mmap_lock/1){+.+.}-{3:3}, at: copy_mm+0x3cd/0x20c0 kernel/fork.c:1737 #3: ffff88807c5936b8 (&mm->context.lock){+.+.}-{3:3}, at: ldt_dup_context+0x91/0x540 arch/x86/kernel/ldt.c:459 #4: ffffffff8dd32160 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline] #4: ffffffff8dd32160 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline] #4: ffffffff8dd32160 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2380 [inline] #4: ffffffff8dd32160 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x110/0x420 kernel/trace/bpf_trace.c:2420 #5: ffff8880669ec1d8 (&qs->lock){-.-.}-{2:2}, at: __queue_map_get+0x147/0x4d0 kernel/bpf/queue_stack_maps.c:105 #6: ffffffff8dd32160 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline] #6: ffffffff8dd32160 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline] #6: ffffffff8dd32160 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2380 [inline] #6: ffffffff8dd32160 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x110/0x420 kernel/trace/bpf_trace.c:2420 stack backtrace: CPU: 1 PID: 5423 Comm: syz-executor.0 Not tainted 6.9.0-rc6-syzkaller-00005-gb947cc5bf6d7 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x23d/0x360 lib/dump_stack.c:114 check_deadlock kernel/locking/lockdep.c:3062 [inline] validate_chain kernel/locking/lockdep.c:3856 [inline] __lock_acquire+0x6a95/0x7fa0 kernel/locking/lockdep.c:5137 lock_acquire+0x1e9/0x540 kernel/locking/lockdep.c:5754 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162 __queue_map_get+0x147/0x4d0 kernel/bpf/queue_stack_maps.c:105 bpf_prog_00798911c748094f+0x3a/0x3e bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x200/0x420 kernel/trace/bpf_trace.c:2420 __traceiter_contention_end+0x77/0xb0 include/trace/events/lock.h:122 trace_contention_end+0x10a/0x130 include/trace/events/lock.h:122 __pv_queued_spin_lock_slowpath+0x935/0xc50 kernel/locking/qspinlock.c:560 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:584 [inline] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline] queued_spin_lock include/asm-generic/qspinlock.h:114 [inline] do_raw_spin_lock+0x298/0x3a0 kernel/locking/spinlock_debug.c:116 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:111 [inline] _raw_spin_lock_irqsave+0xdd/0x120 kernel/locking/spinlock.c:162 __queue_map_get+0x147/0x4d0 kernel/bpf/queue_stack_maps.c:105 bpf_prog_00798911c748094f+0x3a/0x3e bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x200/0x420 kernel/trace/bpf_trace.c:2420 __traceiter_contention_end+0x77/0xb0 include/trace/events/lock.h:122 trace_contention_end+0xeb/0x110 include/trace/events/lock.h:122 __mutex_lock_common kernel/locking/mutex.c:617 [inline] __mutex_lock+0x2e1/0xd60 kernel/locking/mutex.c:752 ldt_dup_context+0x91/0x540 arch/x86/kernel/ldt.c:459 arch_dup_mmap arch/x86/include/asm/mmu_context.h:213 [inline] dup_mmap kernel/fork.c:759 [inline] dup_mm kernel/fork.c:1688 [inline] copy_mm+0x1573/0x20c0 kernel/fork.c:1737 copy_process+0x186e/0x3df0 kernel/fork.c:2390 kernel_clone+0x222/0x8e0 kernel/fork.c:2797 __do_sys_clone kernel/fork.c:2940 [inline] __se_sys_clone kernel/fork.c:2924 [inline] __x64_sys_clone+0x254/0x2a0 kernel/fork.c:2924 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x84/0x190 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7fa7d467ae93 Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00 RSP: 002b:00007ffe0ac9c2a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa7d467ae93 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 0000555579d61750 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000