============================================
WARNING: possible recursive locking detected
syzkaller #0 Not tainted
--------------------------------------------
syz.9.8228/2758 is trying to acquire lock:
ffffc900037910d8 (&rb->spinlock){-.-.}-{2:2}, at: __bpf_ringbuf_reserve+0x1c4/0x5a0 kernel/bpf/ringbuf.c:413

but task is already holding lock:
ffffc900037910d8 (&rb->spinlock){-.-.}-{2:2}, at: __bpf_ringbuf_reserve+0x1c4/0x5a0 kernel/bpf/ringbuf.c:413

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&rb->spinlock);
  lock(&rb->spinlock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

5 locks held by syz.9.8228/2758:
 #0: ffff88807d4c08d8 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff88807d4c08d8 (&mm->mmap_lock){++++}-{3:3}, at: get_mmap_lock_carefully mm/memory.c:5322 [inline]
 #0: ffff88807d4c08d8 (&mm->mmap_lock){++++}-{3:3}, at: lock_mm_and_find_vma+0x2e/0x2f0 mm/memory.c:5384
 #1: ffffffff8cc15fc0 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}, at: mmu_notifier_invalidate_range_start include/linux/mmu_notifier.h:456 [inline]
 #1: ffffffff8cc15fc0 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}, at: wp_page_copy+0x4eb/0x1640 mm/memory.c:3186
 #2: ffffffff8cb2aca0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #2: ffffffff8cb2aca0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #2: ffffffff8cb2aca0 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2284 [inline]
 #2: ffffffff8cb2aca0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0xda/0x3b0 kernel/trace/bpf_trace.c:2324
 #3: ffffc900037910d8 (&rb->spinlock){-.-.}-{2:2}, at: __bpf_ringbuf_reserve+0x1c4/0x5a0 kernel/bpf/ringbuf.c:413
 #4: ffffffff8cb2aca0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #4: ffffffff8cb2aca0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #4: ffffffff8cb2aca0 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2284 [inline]
 #4: ffffffff8cb2aca0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0xda/0x3b0 kernel/trace/bpf_trace.c:2324

stack backtrace:
CPU: 0 PID: 2758 Comm: syz.9.8228 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
 <IRQ>
 dump_stack_lvl+0x168/0x22e lib/dump_stack.c:106
 __lock_acquire+0x122f/0x7c50 kernel/locking/lockdep.c:-1
 lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162
 __bpf_ringbuf_reserve+0x1c4/0x5a0 kernel/bpf/ringbuf.c:413
 ____bpf_ringbuf_reserve kernel/bpf/ringbuf.c:464 [inline]
 bpf_ringbuf_reserve+0x58/0x70 kernel/bpf/ringbuf.c:456
 bpf_prog_8d5337cd1b173e6d+0x2d/0x54
 bpf_dispatcher_nop_func include/linux/bpf.h:1012 [inline]
 __bpf_prog_run include/linux/filter.h:596 [inline]
 bpf_prog_run include/linux/filter.h:610 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2285 [inline]
 bpf_trace_run2+0x30a/0x3b0 kernel/trace/bpf_trace.c:2324
 trace_contention_end+0x13f/0x190 include/trace/events/lock.h:122
 __pv_queued_spin_lock_slowpath+0x7e8/0x9c0 kernel/locking/qspinlock.c:560
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:591 [inline]
 queued_spin_lock_slowpath+0x43/0x50 arch/x86/include/asm/qspinlock.h:51
 queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
 do_raw_spin_lock+0x217/0x280 kernel/locking/spinlock_debug.c:115
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:111 [inline]
 _raw_spin_lock_irqsave+0xb0/0xf0 kernel/locking/spinlock.c:162
 __bpf_ringbuf_reserve+0x1c4/0x5a0 kernel/bpf/ringbuf.c:413
 ____bpf_ringbuf_output kernel/bpf/ringbuf.c:539 [inline]
 bpf_ringbuf_output+0x65/0x1e0 kernel/bpf/ringbuf.c:529
 bpf_prog_10f224e5249c74f5+0x43/0x4c
 bpf_dispatcher_nop_func include/linux/bpf.h:1012 [inline]
 __bpf_prog_run include/linux/filter.h:596 [inline]
 bpf_prog_run include/linux/filter.h:610 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2285 [inline]
 bpf_trace_run2+0x30a/0x3b0 kernel/trace/bpf_trace.c:2324
 trace_tlb_flush+0x143/0x190 include/trace/events/tlb.h:38
 flush_tlb_func+0x546/0x620 arch/x86/mm/tlb.c:879
 __flush_smp_call_function_queue+0x2d9/0xd20 kernel/smp.c:641
 __sysvec_call_function_single+0xba/0x350 arch/x86/kernel/smp.c:267
 instr_sysvec_call_function_single arch/x86/kernel/smp.c:262 [inline]
 sysvec_call_function_single+0x98/0xc0 arch/x86/kernel/smp.c:262
 </IRQ>
 <TASK>
 asm_sysvec_call_function_single+0x16/0x20 arch/x86/include/asm/idtentry.h:699
RIP: 0010:trace_lock_release include/trace/events/lock.h:69 [inline]
RIP: 0010:lock_release+0xcf/0x910 kernel/locking/lockdep.c:5673
Code: bb 0c 0f 83 22 05 00 00 41 89 de c1 eb 06 48 8d 3c dd a8 6a 1f 8e be 08 00 00 00 e8 6b 8c 6d 00 4c 0f a3 35 1b f0 bb 0c 73 0d <e8> ec 99 07 00 84 c0 0f 84 29 05 00 00 48 c7 c0 64 9f 1f 8e 48 c1
RSP: 0000:ffffc900036bf9c0 EFLAGS: 00000257
RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff81637a85
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8e1f6aa8
RBP: ffffc900036bfad0 R08: dffffc0000000000 R09: fffffbfff1c3ed56
R10: fffffbfff1c3ed56 R11: 1ffffffff1c3ed55 R12: ffff88807d0b8288
R13: dffffc0000000000 R14: 0000000000000000 R15: 1ffff920006d7f44
 mmu_notifier_invalidate_range_start include/linux/mmu_notifier.h:461 [inline]
 wp_page_copy+0x56b/0x1640 mm/memory.c:3186
 handle_pte_fault mm/memory.c:5049 [inline]
 __handle_mm_fault mm/memory.c:5173 [inline]
 handle_mm_fault+0x1ca6/0x3e60 mm/memory.c:5294
 do_user_addr_fault+0x51f/0xb10 arch/x86/mm/fault.c:1340
 handle_page_fault arch/x86/mm/fault.c:1431 [inline]
 exc_page_fault+0x60/0x100 arch/x86/mm/fault.c:1487
 asm_exc_page_fault+0x22/0x30 arch/x86/include/asm/idtentry.h:608
RIP: 0033:0x7efdd0865278
Code: 48 c1 ea 12 48 8d 1c 16 48 8d b4 24 f0 00 00 00 4c 8d 74 1d 00 48 89 d8 49 89 f5 eb 4f 0f 1f 44 00 00 4c 89 fe bf 01 00 00 00 <e8> 93 f3 11 00 85 c0 0f 85 c4 08 00 00 48 b8 db 34 b6 d7 82 de 1b
RSP: 002b:00007ffdd27815d0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 000000000019286a RCX: ffffffffffffffa8
RDX: 0000000000000000 RSI: 00007ffdd27816e0 RDI: 0000000000000001
RBP: 0000000000000032 R08: 002c02398d3ded0a R09: 00000005d27818bf
R10: 00007ffdd27816c0 R11: 0000000000000246 R12: 00007efdd0be5fac
R13: 00007ffdd27816c0 R14: 000000000019289c R15: 00007ffdd27816e0
 </TASK>
----------------
Code disassembly (best guess):
   0:	bb 0c 0f 83 22       	mov    $0x22830f0c,%ebx
   5:	05 00 00 41 89       	add    $0x89410000,%eax
   a:	de c1                	faddp  %st,%st(1)
   c:	eb 06                	jmp    0x14
   e:	48 8d 3c dd a8 6a 1f 	lea    -0x71e09558(,%rbx,8),%rdi
  15:	8e
  16:	be 08 00 00 00       	mov    $0x8,%esi
  1b:	e8 6b 8c 6d 00       	call   0x6d8c8b
  20:	4c 0f a3 35 1b f0 bb 	bt     %r14,0xcbbf01b(%rip)        # 0xcbbf043
  27:	0c
  28:	73 0d                	jae    0x37
* 2a:	e8 ec 99 07 00       	call   0x79a1b <-- trapping instruction
  2f:	84 c0                	test   %al,%al
  31:	0f 84 29 05 00 00    	je     0x560
  37:	48 c7 c0 64 9f 1f 8e 	mov    $0xffffffff8e1f9f64,%rax
  3e:	48                   	rex.W
  3f:	c1                   	.byte 0xc1