============================================
WARNING: possible recursive locking detected
syzkaller #0 Not tainted
--------------------------------------------
syz-executor/5772 is trying to acquire lock:
ffffc90004a520d8 (&rb->spinlock){..-.}-{2:2}, at: __bpf_ringbuf_reserve+0x1c8/0x5a0 kernel/bpf/ringbuf.c:425

but task is already holding lock:
ffffc900048110d8 (&rb->spinlock){..-.}-{2:2}, at: __bpf_ringbuf_reserve+0x1c8/0x5a0 kernel/bpf/ringbuf.c:425

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&rb->spinlock);
  lock(&rb->spinlock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

6 locks held by syz-executor/5772:
 #0: ffffffff8cd2fee0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:334 [inline]
 #0: ffffffff8cd2fee0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:786 [inline]
 #0: ffffffff8cd2fee0 (rcu_read_lock){....}-{1:2}, at: netif_receive_skb_list_internal+0x4ad/0xc60 net/core/dev.c:5827
 #1: ffffffff8cd2fee0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:334 [inline]
 #1: ffffffff8cd2fee0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:786 [inline]
 #1: ffffffff8cd2fee0 (rcu_read_lock){....}-{1:2}, at: ip_local_deliver_finish+0x1cb/0x510 net/ipv4/ip_input.c:232
 #2: ffff88807da91930 (slock-AF_INET/1){+.-.}-{2:2}, at: tcp_v4_rcv+0x22d9/0x2a50 net/ipv4/tcp_ipv4.c:2162
 #3: ffffffff8cd2fee0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:334 [inline]
 #3: ffffffff8cd2fee0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:786 [inline]
 #3: ffffffff8cd2fee0 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2321 [inline]
 #3: ffffffff8cd2fee0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run3+0xf4/0x400 kernel/trace/bpf_trace.c:2362
 #4: ffffc900048110d8 (&rb->spinlock){..-.}-{2:2}, at: __bpf_ringbuf_reserve+0x1c8/0x5a0 kernel/bpf/ringbuf.c:425
 #5: ffffffff8cd2fee0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:334 [inline]
 #5: ffffffff8cd2fee0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:786 [inline]
 #5: ffffffff8cd2fee0 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2321 [inline]
 #5: ffffffff8cd2fee0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0xde/0x3c0 kernel/trace/bpf_trace.c:2361

stack backtrace:
CPU: 1 PID: 5772 Comm: syz-executor Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
 <IRQ>
 dump_stack_lvl+0x16c/0x230 lib/dump_stack.c:106
 check_deadlock kernel/locking/lockdep.c:3062 [inline]
 validate_chain kernel/locking/lockdep.c:3856 [inline]
 __lock_acquire+0x5d40/0x7c80 kernel/locking/lockdep.c:5137
 lock_acquire+0x197/0x410 kernel/locking/lockdep.c:5754
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0xa8/0xf0 kernel/locking/spinlock.c:162
 __bpf_ringbuf_reserve+0x1c8/0x5a0 kernel/bpf/ringbuf.c:425
 ____bpf_ringbuf_reserve kernel/bpf/ringbuf.c:476 [inline]
 bpf_ringbuf_reserve+0x5c/0x70 kernel/bpf/ringbuf.c:468
 bpf_prog_fe0ed97373b08409+0x2d/0x4a
 bpf_dispatcher_nop_func include/linux/bpf.h:1224 [inline]
 __bpf_prog_run include/linux/filter.h:612 [inline]
 bpf_prog_run include/linux/filter.h:619 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2322 [inline]
 bpf_trace_run2+0x1d1/0x3c0 kernel/trace/bpf_trace.c:2361
 __bpf_trace_contention_end+0xdd/0x130 include/trace/events/lock.h:122
 trace_contention_end+0xe6/0x110 include/trace/events/lock.h:122
 __pv_queued_spin_lock_slowpath+0x7ec/0x9d0 kernel/locking/qspinlock.c:560
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:586 [inline]
 queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline]
 queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
 do_raw_spin_lock+0x24e/0x2c0 kernel/locking/spinlock_debug.c:115
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:111 [inline]
 _raw_spin_lock_irqsave+0xb4/0xf0 kernel/locking/spinlock.c:162
 __bpf_ringbuf_reserve+0x1c8/0x5a0 kernel/bpf/ringbuf.c:425
 ____bpf_ringbuf_reserve kernel/bpf/ringbuf.c:476 [inline]
 bpf_ringbuf_reserve+0x5c/0x70 kernel/bpf/ringbuf.c:468
 bpf_prog_fe0ed97373b08409+0x2d/0x4a
 bpf_dispatcher_nop_func include/linux/bpf.h:1224 [inline]
 __bpf_prog_run include/linux/filter.h:612 [inline]
 bpf_prog_run include/linux/filter.h:619 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2322 [inline]
 bpf_trace_run3+0x1e7/0x400 kernel/trace/bpf_trace.c:2362
 trace_kmem_cache_free include/trace/events/kmem.h:114 [inline]
 kmem_cache_free+0x1e0/0x280 mm/slub.c:3851
 tcp_clean_rtx_queue net/ipv4/tcp_input.c:3444 [inline]
 tcp_ack+0x1fb6/0x65e0 net/ipv4/tcp_input.c:4004
 tcp_rcv_established+0xf23/0x1cf0 net/ipv4/tcp_input.c:6080
 tcp_v4_do_rcv+0x4ed/0xb80 net/ipv4/tcp_ipv4.c:1734
 tcp_v4_rcv+0x2334/0x2a50 net/ipv4/tcp_ipv4.c:2166
 ip_protocol_deliver_rcu+0x20e/0x3f0 net/ipv4/ip_input.c:205
 ip_local_deliver_finish+0x2ca/0x510 net/ipv4/ip_input.c:233
 NF_HOOK+0x303/0x390 include/linux/netfilter.h:304
 dst_input include/net/dst.h:477 [inline]
 ip_sublist_rcv_finish net/ipv4/ip_input.c:580 [inline]
 ip_list_rcv_finish net/ipv4/ip_input.c:631 [inline]
 ip_sublist_rcv+0xa38/0xd20 net/ipv4/ip_input.c:639
 ip_list_rcv+0x3e3/0x430 net/ipv4/ip_input.c:674
 __netif_receive_skb_list_ptype net/core/dev.c:5651 [inline]
 __netif_receive_skb_list_core+0x578/0x740 net/core/dev.c:5699
 __netif_receive_skb_list net/core/dev.c:5751 [inline]
 netif_receive_skb_list_internal+0x91b/0xc60 net/core/dev.c:5842
 gro_normal_list include/net/gro.h:451 [inline]
 napi_complete_done+0x32a/0x810 net/core/dev.c:6182
 virtqueue_napi_complete drivers/net/virtio_net.c:450 [inline]
 virtnet_poll+0xa44/0x1180 drivers/net/virtio_net.c:2236
 __napi_poll+0xc0/0x460 net/core/dev.c:6612
 napi_poll net/core/dev.c:6679 [inline]
 net_rx_action+0x5ea/0xbf0 net/core/dev.c:6815
 handle_softirqs+0x280/0x820 kernel/softirq.c:578
 __do_softirq kernel/softirq.c:612 [inline]
 invoke_softirq kernel/softirq.c:452 [inline]
 __irq_exit_rcu+0xc7/0x190 kernel/softirq.c:661
 irq_exit_rcu+0x9/0x20 kernel/softirq.c:673
 common_interrupt+0xb9/0xd0 arch/x86/kernel/irq.c:249
 </IRQ>
 <TASK>
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:678
RIP: 0010:__syscall_enter_from_user_work kernel/entry/common.c:97 [inline]
RIP: 0010:syscall_enter_from_user_mode+0x2e/0x80 kernel/entry/common.c:118
Code: 41 56 53 48 89 f3 49 89 fe 48 8b 7c 24 10 e8 e9 fa ff ff 66 90 66 90 e8 80 bf 1c f7 e8 3b bf 1c f7 fb 65 48 8b 05 62 71 94 75 <48> 8b 70 08 40 f6 c6 3f 74 0b 4c 89 f7 5b 41 5e e9 fd 50 03 f7 48
RSP: 0018:ffffc90003a77f08 EFLAGS: 00000286
RAX: ffff888026368000 RBX: 000000000000010e RCX: 517c62eb6ae82a00
RDX: dffffc0000000000 RSI: ffffffff8aaabce0 RDI: ffffffff8afc6f40
RBP: ffffc90003a77f48 R08: ffffffff8e4a8e2f R09: 1ffffffff1c951c5
R10: dffffc0000000000 R11: fffffbfff1c951c6 R12: 0000000000000000
R13: 0000000000000000 R14: ffffc90003a77f58 R15: 0000000000000000
 do_syscall_64+0x28/0xb0 arch/x86/entry/common.c:77
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7effbab8f50c
Code: 29 44 24 30 80 3d 6b c0 22 00 00 4c 89 4c 24 40 4c 8d 4c 24 40 48 c7 44 24 48 08 00 00 00 74 2e 4c 89 ea b8 0e 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7c 48 8b 54 24 58 64 48 2b 14 25 28 00 00 00
RSP: 002b:00007ffe2cce5270 EFLAGS: 00000202 ORIG_RAX: 000000000000010e
RAX: ffffffffffffffda RBX: 00007ffe2cce57f0 RCX: 00007effbab8f50c
RDX: 0000000000000000 RSI: 00007ffe2cce53a0 RDI: 000000000000001e
RBP: 00007ffe2cce53a0 R08: 00007ffe2cce52a0 R09: 00007ffe2cce52b0
R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffe2cce5640
R13: 0000000000000000 R14: 00007ffe2cce56c0 R15: 585858582e7a7973
 </TASK>
----------------
Code disassembly (best guess):
   0:	41 56                	push   %r14
   2:	53                   	push   %rbx
   3:	48 89 f3             	mov    %rsi,%rbx
   6:	49 89 fe             	mov    %rdi,%r14
   9:	48 8b 7c 24 10       	mov    0x10(%rsp),%rdi
   e:	e8 e9 fa ff ff       	call   0xfffffafc
  13:	66 90                	xchg   %ax,%ax
  15:	66 90                	xchg   %ax,%ax
  17:	e8 80 bf 1c f7       	call   0xf71cbf9c
  1c:	e8 3b bf 1c f7       	call   0xf71cbf5c
  21:	fb                   	sti
  22:	65 48 8b 05 62 71 94 	mov    %gs:0x75947162(%rip),%rax        # 0x7594718c
  29:	75
* 2a:	48 8b 70 08          	mov    0x8(%rax),%rsi <-- trapping instruction
  2e:	40 f6 c6 3f          	test   $0x3f,%sil
  32:	74 0b                	je     0x3f
  34:	4c 89 f7             	mov    %r14,%rdi
  37:	5b                   	pop    %rbx
  38:	41 5e                	pop    %r14
  3a:	e9 fd 50 03 f7       	jmp    0xf703513c
  3f:	48                   	rex.W