============================================
WARNING: possible recursive locking detected
6.1.125-syzkaller #0 Not tainted
--------------------------------------------
syz.1.68/4485 is trying to acquire lock:
ffff8880558d5218 (&qs->lock){-.-.}-{2:2}, at: __queue_map_get+0x146/0x4b0 kernel/bpf/queue_stack_maps.c:109

but task is already holding lock:
ffff88801e70c218 (&qs->lock){-.-.}-{2:2}, at: queue_stack_map_push_elem+0x1ac/0x650 kernel/bpf/queue_stack_maps.c:214

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&qs->lock);
  lock(&qs->lock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

6 locks held by syz.1.68/4485:
 #0: ffff888017c697d8 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff888017c697d8 (&mm->mmap_lock){++++}-{3:3}, at: get_mmap_lock_carefully mm/memory.c:5320 [inline]
 #0: ffff888017c697d8 (&mm->mmap_lock){++++}-{3:3}, at: lock_mm_and_find_vma+0x2e/0x2e0 mm/memory.c:5382
 #1: ffff88814d652558 (sb_pagefaults){.+.+}-{0:0}, at: __sb_start_write include/linux/fs.h:1891 [inline]
 #1: ffff88814d652558 (sb_pagefaults){.+.+}-{0:0}, at: sb_start_pagefault include/linux/fs.h:1995 [inline]
 #1: ffff88814d652558 (sb_pagefaults){.+.+}-{0:0}, at: ext4_page_mkwrite+0x1ad/0x10d0 fs/ext4/inode.c:6206
 #2: ffffffff8d41bdf8 (remove_cache_srcu){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #2: ffffffff8d41bdf8 (remove_cache_srcu){....}-{0:0}, at: srcu_read_lock+0x16/0x40 include/linux/srcu.h:165
 #3: ffffffff8d32b0c0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #3: ffffffff8d32b0c0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #3: ffffffff8d32b0c0 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2283 [inline]
 #3: ffffffff8d32b0c0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x110/0x410 kernel/trace/bpf_trace.c:2323
 #4: ffff88801e70c218 (&qs->lock){-.-.}-{2:2}, at: queue_stack_map_push_elem+0x1ac/0x650 kernel/bpf/queue_stack_maps.c:214
 #5: ffffffff8d32b0c0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #5: ffffffff8d32b0c0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #5: ffffffff8d32b0c0 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2283 [inline]
 #5: ffffffff8d32b0c0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x110/0x410 kernel/trace/bpf_trace.c:2323

stack backtrace:
CPU: 0 PID: 4485 Comm: syz.1.68 Not tainted 6.1.125-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 print_deadlock_bug kernel/locking/lockdep.c:2983 [inline]
 check_deadlock kernel/locking/lockdep.c:3026 [inline]
 validate_chain+0x4711/0x5950 kernel/locking/lockdep.c:3812
 __lock_acquire+0x125b/0x1f80 kernel/locking/lockdep.c:5049
 lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
 __queue_map_get+0x146/0x4b0 kernel/bpf/queue_stack_maps.c:109
 bpf_prog_00798911c748094f+0x3a/0x3e
 bpf_dispatcher_nop_func include/linux/bpf.h:1000 [inline]
 __bpf_prog_run include/linux/filter.h:603 [inline]
 bpf_prog_run include/linux/filter.h:610 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2284 [inline]
 bpf_trace_run2+0x1fd/0x410 kernel/trace/bpf_trace.c:2323
 trace_contention_end+0x14c/0x190 include/trace/events/lock.h:122
 __pv_queued_spin_lock_slowpath+0x935/0xc50 kernel/locking/qspinlock.c:560
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:591 [inline]
 queued_spin_lock_slowpath+0x42/0x50 arch/x86/include/asm/qspinlock.h:51
 queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
 do_raw_spin_lock+0x269/0x370 kernel/locking/spinlock_debug.c:115
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:111 [inline]
 _raw_spin_lock_irqsave+0xdd/0x120 kernel/locking/spinlock.c:162
 queue_stack_map_push_elem+0x1ac/0x650 kernel/bpf/queue_stack_maps.c:214
 bpf_prog_216c997a1f42e404+0x37/0x3b
 bpf_dispatcher_nop_func include/linux/bpf.h:1000 [inline]
 __bpf_prog_run include/linux/filter.h:603 [inline]
 bpf_prog_run include/linux/filter.h:610 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2284 [inline]
 bpf_trace_run2+0x1fd/0x410 kernel/trace/bpf_trace.c:2323
 __bpf_trace_kfree+0x6e/0x90 include/trace/events/kmem.h:94
 trace_kfree include/trace/events/kmem.h:94 [inline]
 kfree+0xf6/0x190 mm/slab_common.c:975
 memcg_free_slab_cgroups mm/slab.h:456 [inline]
 unaccount_slab mm/slab.h:645 [inline]
 __free_slab+0xc8/0x2f0 mm/slub.c:2015
 free_slab mm/slub.c:2031 [inline]
 discard_slab mm/slub.c:2037 [inline]
 __unfreeze_partials+0x1b7/0x210 mm/slub.c:2586
 put_cpu_partial+0x17b/0x250 mm/slub.c:2662
 qlink_free mm/kasan/quarantine.c:168 [inline]
 qlist_free_all+0x76/0xe0 mm/kasan/quarantine.c:187
 kasan_quarantine_reduce+0x156/0x170 mm/kasan/quarantine.c:294
 __kasan_slab_alloc+0x1f/0x70 mm/kasan/common.c:305
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook+0x52/0x3a0 mm/slab.h:737
 slab_alloc_node mm/slub.c:3398 [inline]
 slab_alloc mm/slub.c:3406 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3413 [inline]
 kmem_cache_alloc+0x10c/0x2d0 mm/slub.c:3422
 kmem_cache_zalloc include/linux/slab.h:689 [inline]
 jbd2_alloc_handle include/linux/jbd2.h:1602 [inline]
 new_handle fs/jbd2/transaction.c:476 [inline]
 jbd2__journal_start+0x144/0x5c0 fs/jbd2/transaction.c:503
 __ext4_journal_start_sb+0x19b/0x410 fs/ext4/ext4_jbd2.c:105
 __ext4_journal_start fs/ext4/ext4_jbd2.h:326 [inline]
 ext4_dirty_inode+0x8b/0x100 fs/ext4/inode.c:6086
 __mark_inode_dirty+0x331/0xf80 fs/fs-writeback.c:2433
 generic_update_time fs/inode.c:1946 [inline]
 inode_update_time fs/inode.c:1959 [inline]
 __file_update_time+0x221/0x240 fs/inode.c:2147
 file_update_time+0x34c/0x3c0 fs/inode.c:2178
 ext4_page_mkwrite+0x1c4/0x10d0 fs/ext4/inode.c:6207
 do_page_mkwrite+0x1a1/0x5f0 mm/memory.c:3009
 do_shared_fault mm/memory.c:4694 [inline]
 do_fault mm/memory.c:4762 [inline]
 handle_pte_fault mm/memory.c:5029 [inline]
 __handle_mm_fault mm/memory.c:5171 [inline]
 handle_mm_fault+0x22eb/0x5340 mm/memory.c:5292
 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline]
 handle_page_fault arch/x86/mm/fault.c:1431 [inline]
 exc_page_fault+0x26f/0x620 arch/x86/mm/fault.c:1487
 asm_exc_page_fault+0x22/0x30 arch/x86/include/asm/idtentry.h:608
RIP: 0033:0x7f9a36a66842
Code: 0f 1f 84 00 00 00 00 00 be 08 00 00 00 48 89 df e8 f3 92 fe ff 48 8b 53 38 48 8d 42 f8 48 89 43 38 8b 43 28 83 c0 08 89 43 28 <4c> 89 62 f8 41 8d 56 01 41 39 ee 0f 83 8d 00 00 00 41 89 d6 48 8b
RSP: 002b:00007ffea769e640 EFLAGS: 00010202
RAX: 000000000000d008 RBX: 00007f9a378a5720 RCX: 0000000000000000
RDX: 0000001b2d213000 RSI: 0000000000000008 RDI: 00007f9a378a5720
RBP: 000000000000049c R08: 00007f9a35fff070 R09: 00007f9a36d62000
R10: 00007f9a35fff008 R11: 0000000000000002 R12: ffffffff84c0ff71
R13: 00007f9a36d76038 R14: 000000000000015b R15: ffffffffffff3000
 </TASK>