======================================================
WARNING: possible circular locking dependency detected
5.15.0-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.3/3410 is trying to acquire lock:
ffff888237d29000 (lock#7){+.+.}-{2:2}
, at: __mmap_lock_do_trace_acquire_returned+0x0/0x280

but task is already holding lock:
ffff888237d2c718 (
&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:478 [inline]
&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1315 [inline]
&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1613 [inline]
&rq->__lock){-.-.}-{2:2}, at: __schedule+0xe1/0xa40 kernel/sched/core.c:6164

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #3 (&rq->__lock){-.-.}-{2:2}:
       _raw_spin_lock_nested+0x30/0x40 kernel/locking/spinlock.c:368
       raw_spin_rq_lock_nested+0x1e/0x30 kernel/sched/core.c:478
       raw_spin_rq_lock kernel/sched/sched.h:1315 [inline]
       rq_lock kernel/sched/sched.h:1613 [inline]
       task_fork_fair+0x40/0x160 kernel/sched/fair.c:11193
       sched_post_fork+0xbd/0xe0 kernel/sched/core.c:4445
       copy_process+0x19f0/0x2060 kernel/fork.c:2405
       kernel_clone+0x96/0x3e0 kernel/fork.c:2581
       kernel_thread+0x50/0x70 kernel/fork.c:2633
       rest_init+0x19/0x250 init/main.c:690
       start_kernel+0x577/0x59c init/main.c:1135
       secondary_startup_64_no_verify+0xb0/0xbb

-> #2 (&p->pi_lock){-.-.}-{2:2}:
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162
       try_to_wake_up+0x51/0x610 kernel/sched/core.c:4000
       signal_wake_up_state kernel/signal.c:770 [inline]
       signal_wake_up include/linux/sched/signal.h:433 [inline]
       complete_signal+0xfa/0x260 kernel/signal.c:1062
       __send_signal+0x258/0x560 kernel/signal.c:1182
       do_notify_parent+0x53b/0x570 kernel/signal.c:2079
       exit_notify kernel/exit.c:688 [inline]
       do_exit+0xa9e/0xc10 kernel/exit.c:852
       do_group_exit+0x34/0xb0 kernel/exit.c:929
       __do_sys_exit_group kernel/exit.c:940 [inline]
       __se_sys_exit_group kernel/exit.c:938 [inline]
       __x64_sys_exit_group+0xf/0x10 kernel/exit.c:938
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x3c/0x90 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x44/0xae

-> #1 (&sighand->siglock){-...}-{2:2}:
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162
       __lock_task_sighand+0x60/0x170 kernel/signal.c:1395
       lock_task_sighand include/linux/sched/signal.h:716 [inline]
       do_send_sig_info kernel/signal.c:1293 [inline]
       group_send_sig_info+0xc3/0x180 kernel/signal.c:1433
       ____bpf_send_signal_thread kernel/trace/bpf_trace.c:882 [inline]
       bpf_send_signal_thread+0x7/0x10 kernel/trace/bpf_trace.c:880
       ___bpf_prog_run+0xaee/0x1780 kernel/bpf/core.c:1558
       __bpf_prog_run32+0x31/0x60 kernel/bpf/core.c:1785
       bpf_dispatcher_nop_func include/linux/bpf.h:727 [inline]
       __bpf_prog_run include/linux/filter.h:626 [inline]
       bpf_prog_run include/linux/filter.h:633 [inline]
       __bpf_trace_run kernel/trace/bpf_trace.c:1941 [inline]
       bpf_trace_run4+0x71/0x170 kernel/trace/bpf_trace.c:1980
       trace_mmap_lock_acquire_returned include/trace/events/mmap_lock.h:52 [inline]
       __mmap_lock_do_trace_acquire_returned+0x197/0x280 mm/mmap_lock.c:237
       __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline]
       mmap_write_lock_killable include/linux/mmap_lock.h:88 [inline]
       __do_sys_brk+0x1e6/0x290 mm/mmap.c:204
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x3c/0x90 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x44/0xae

-> #0 (lock#7){+.+.}-{2:2}:
       check_prev_add kernel/locking/lockdep.c:3063 [inline]
       check_prevs_add kernel/locking/lockdep.c:3186 [inline]
       validate_chain kernel/locking/lockdep.c:3801 [inline]
       __lock_acquire+0xfc6/0x1840 kernel/locking/lockdep.c:5027
       lock_acquire kernel/locking/lockdep.c:5637 [inline]
       lock_acquire+0xc9/0x300 kernel/locking/lockdep.c:5602
       local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
       __mmap_lock_do_trace_acquire_returned+0x54/0x280 mm/mmap_lock.c:237
       __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline]
       mmap_read_trylock include/linux/mmap_lock.h:137 [inline]
       stack_map_get_build_id_offset+0x21e/0x260 kernel/bpf/stackmap.c:142
       __bpf_get_stack+0x186/0x220 kernel/bpf/stackmap.c:440
       ____bpf_get_stack_raw_tp kernel/trace/bpf_trace.c:1561 [inline]
       bpf_get_stack_raw_tp+0x8f/0xc0 kernel/trace/bpf_trace.c:1551
       ___bpf_prog_run+0xaee/0x1780 kernel/bpf/core.c:1558
       __bpf_prog_run32+0x31/0x60 kernel/bpf/core.c:1785
       bpf_dispatcher_nop_func include/linux/bpf.h:727 [inline]
       __bpf_prog_run include/linux/filter.h:626 [inline]
       bpf_prog_run include/linux/filter.h:633 [inline]
       __bpf_trace_run kernel/trace/bpf_trace.c:1941 [inline]
       bpf_trace_run2+0x67/0x170 kernel/trace/bpf_trace.c:1978
       trace_tlb_flush+0x73/0xc0 include/trace/events/tlb.h:38
       switch_mm_irqs_off+0x1c4/0x470 arch/x86/mm/tlb.c:629
       context_switch kernel/sched/core.c:4955 [inline]
       __schedule+0x2d3/0xa40 kernel/sched/core.c:6250
       schedule+0x49/0xc0 kernel/sched/core.c:6323
       exit_to_user_mode_loop kernel/entry/common.c:163 [inline]
       exit_to_user_mode_prepare+0x132/0x210 kernel/entry/common.c:207
       __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
       syscall_exit_to_user_mode+0x1a/0x60 kernel/entry/common.c:300
       do_syscall_64+0x4a/0x90 arch/x86/entry/common.c:86
       entry_SYSCALL_64_after_hwframe+0x44/0xae

other info that might help us debug this:

Chain exists of:
  lock#7 --> &p->pi_lock --> &rq->__lock

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&rq->__lock);
                               lock(&p->pi_lock);
                               lock(&rq->__lock);
  lock(lock#7);

 *** DEADLOCK ***

3 locks held by syz-executor.3/3410:
 #0: ffff888237d2c718 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:478 [inline]
 #0: ffff888237d2c718 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1315 [inline]
 #0: ffff888237d2c718 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1613 [inline]
 #0: ffff888237d2c718 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0xe1/0xa40 kernel/sched/core.c:6164
 #1: ffffffff82f8c4e0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x0/0x170
 #2: ffff8881059eefa8 (&mm->mmap_lock#2){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #2: ffff8881059eefa8 (&mm->mmap_lock#2){++++}-{3:3}, at: stack_map_get_build_id_offset+0x72/0x260 kernel/bpf/stackmap.c:142

stack backtrace:
CPU: 1 PID: 3410 Comm: syz-executor.3 Not tainted 5.15.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106
 check_noncircular+0xce/0xe0 kernel/locking/lockdep.c:2143
 check_prev_add kernel/locking/lockdep.c:3063 [inline]
 check_prevs_add kernel/locking/lockdep.c:3186 [inline]
 validate_chain kernel/locking/lockdep.c:3801 [inline]
 __lock_acquire+0xfc6/0x1840 kernel/locking/lockdep.c:5027
 lock_acquire kernel/locking/lockdep.c:5637 [inline]
 lock_acquire+0xc9/0x300 kernel/locking/lockdep.c:5602
 local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
 __mmap_lock_do_trace_acquire_returned+0x54/0x280 mm/mmap_lock.c:237
 __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline]
 mmap_read_trylock include/linux/mmap_lock.h:137 [inline]
 stack_map_get_build_id_offset+0x21e/0x260 kernel/bpf/stackmap.c:142
 __bpf_get_stack+0x186/0x220 kernel/bpf/stackmap.c:440
 ____bpf_get_stack_raw_tp kernel/trace/bpf_trace.c:1561 [inline]
 bpf_get_stack_raw_tp+0x8f/0xc0 kernel/trace/bpf_trace.c:1551
 ___bpf_prog_run+0xaee/0x1780 kernel/bpf/core.c:1558
 __bpf_prog_run32+0x31/0x60 kernel/bpf/core.c:1785
 bpf_dispatcher_nop_func include/linux/bpf.h:727 [inline]
 __bpf_prog_run include/linux/filter.h:626 [inline]
 bpf_prog_run include/linux/filter.h:633 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:1941 [inline]
 bpf_trace_run2+0x67/0x170 kernel/trace/bpf_trace.c:1978
 trace_tlb_flush+0x73/0xc0 include/trace/events/tlb.h:38
 switch_mm_irqs_off+0x1c4/0x470 arch/x86/mm/tlb.c:629
 context_switch kernel/sched/core.c:4955 [inline]
 __schedule+0x2d3/0xa40 kernel/sched/core.c:6250
 schedule+0x49/0xc0 kernel/sched/core.c:6323
 exit_to_user_mode_loop kernel/entry/common.c:163 [inline]
 exit_to_user_mode_prepare+0x132/0x210 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x1a/0x60 kernel/entry/common.c:300
 do_syscall_64+0x4a/0x90 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f69bf59fee9
Code: Unable to access opcode bytes at RIP 0x7f69bf59febf.
RSP: 002b:00007f69bf1220c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: 0000000000000007 RBX: 00007f69bf6cef80 RCX: 00007f69bf59fee9
RDX: 0000000000000010 RSI: 0000000020000100 RDI: 0000000000000011
RBP: 00007f69bf5ec49e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f69bf6cef80 R15: 00007ffd2efdbaa8
 </TASK>