syzbot

======================================================
WARNING: possible circular locking dependency detected
5.15.189-syzkaller #0 Not tainted
------------------------------------------------------
kworker/1:0/21 is trying to acquire lock:
ffff8880b9127e78 (krc.lock){..-.}-{2:2}, at: krc_this_cpu_lock kernel/rcu/tree.c:3203 [inline]
ffff8880b9127e78 (krc.lock){..-.}-{2:2}, at: add_ptr_to_bulk_krc_lock kernel/rcu/tree.c:3510 [inline]
ffff8880b9127e78 (krc.lock){..-.}-{2:2}, at: kvfree_call_rcu+0x186/0x7c0 kernel/rcu/tree.c:3601

but task is already holding lock:
ffff88801d3af9b8 (&trie->lock){..-.}-{2:2}, at: trie_delete_elem+0x90/0x710 kernel/bpf/lpm_trie.c:467

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&trie->lock){..-.}-{2:2}:
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162
       trie_delete_elem+0x90/0x710 kernel/bpf/lpm_trie.c:467
       bpf_prog_2c29ac5cdc6b1842+0x3a/0xc0c
       bpf_dispatcher_nop_func include/linux/bpf.h:790 [inline]
       __bpf_prog_run include/linux/filter.h:628 [inline]
       bpf_prog_run include/linux/filter.h:635 [inline]
       __bpf_trace_run kernel/trace/bpf_trace.c:1878 [inline]
       bpf_trace_run3+0x17e/0x320 kernel/trace/bpf_trace.c:1916
       trace_timer_start include/trace/events/timer.h:52 [inline]
       enqueue_timer+0x394/0x520 kernel/time/timer.c:586
       internal_add_timer kernel/time/timer.c:611 [inline]
       __mod_timer+0x8e1/0xd20 kernel/time/timer.c:1062
       schedule_timeout+0x157/0x280 kernel/time/timer.c:1913
       msleep+0x31/0x50 kernel/time/timer.c:2069
       nsim_fib6_rt_add drivers/net/netdevsim/fib.c:691 [inline]
       nsim_fib6_rt_insert drivers/net/netdevsim/fib.c:757 [inline]
       nsim_fib6_event drivers/net/netdevsim/fib.c:854 [inline]
       nsim_fib_event drivers/net/netdevsim/fib.c:887 [inline]
       nsim_fib_event_work+0x2643/0x3240 drivers/net/netdevsim/fib.c:1483
       process_one_work+0x863/0x1000 kernel/workqueue.c:2310
       process_scheduled_works kernel/workqueue.c:2373 [inline]
       worker_thread+0xdca/0x12a0 kernel/workqueue.c:2459
       kthread+0x436/0x520 kernel/kthread.c:334
       ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287

-> #1 (&base->lock){-.-.}-{2:2}:
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162
       lock_timer_base+0x123/0x270 kernel/time/timer.c:946
       __mod_timer+0x117/0xd20 kernel/time/timer.c:1019
       queue_delayed_work_on+0x126/0x1e0 kernel/workqueue.c:1715
       queue_delayed_work include/linux/workqueue.h:527 [inline]
       schedule_delayed_work include/linux/workqueue.h:631 [inline]
       kvfree_call_rcu+0x4a9/0x7c0 kernel/rcu/tree.c:3629
       rtnl_register_internal+0x44e/0x540 net/core/rtnetlink.c:223
       rtnl_register+0x2e/0x70 net/core/rtnetlink.c:273
       ip_rt_init+0x2e0/0x3a0 net/ipv4/route.c:3795
       ip_init+0xa/0x20 net/ipv4/ip_output.c:1749
       inet_init+0x28b/0x3a0 net/ipv4/af_inet.c:2007
       do_one_initcall+0x1ee/0x680 init/main.c:1302
       do_initcall_level+0x137/0x1f0 init/main.c:1375
       do_initcalls+0x4b/0x90 init/main.c:1391
       kernel_init_freeable+0x3ce/0x560 init/main.c:1615
       kernel_init+0x19/0x1b0 init/main.c:1506
       ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287

-> #0 (krc.lock){..-.}-{2:2}:
       check_prev_add kernel/locking/lockdep.c:3053 [inline]
       check_prevs_add kernel/locking/lockdep.c:3172 [inline]
       validate_chain kernel/locking/lockdep.c:3788 [inline]
       __lock_acquire+0x2c33/0x7c60 kernel/locking/lockdep.c:5012
       lock_acquire+0x197/0x3f0 kernel/locking/lockdep.c:5623
       __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
       _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
       krc_this_cpu_lock kernel/rcu/tree.c:3203 [inline]
       add_ptr_to_bulk_krc_lock kernel/rcu/tree.c:3510 [inline]
       kvfree_call_rcu+0x186/0x7c0 kernel/rcu/tree.c:3601
       trie_delete_elem+0x58c/0x710 kernel/bpf/lpm_trie.c:-1
       bpf_prog_2c29ac5cdc6b1842+0x3a/0xc0c
       bpf_dispatcher_nop_func include/linux/bpf.h:790 [inline]
       __bpf_prog_run include/linux/filter.h:628 [inline]
       bpf_prog_run include/linux/filter.h:635 [inline]
       __bpf_trace_run kernel/trace/bpf_trace.c:1878 [inline]
       bpf_trace_run3+0x17e/0x320 kernel/trace/bpf_trace.c:1916
       trace_timer_start include/trace/events/timer.h:52 [inline]
       enqueue_timer+0x394/0x520 kernel/time/timer.c:586
       internal_add_timer kernel/time/timer.c:611 [inline]
       __mod_timer+0x8e1/0xd20 kernel/time/timer.c:1062
       schedule_timeout+0x157/0x280 kernel/time/timer.c:1913
       msleep+0x31/0x50 kernel/time/timer.c:2069
       nsim_fib6_rt_add drivers/net/netdevsim/fib.c:691 [inline]
       nsim_fib6_rt_insert drivers/net/netdevsim/fib.c:757 [inline]
       nsim_fib6_event drivers/net/netdevsim/fib.c:854 [inline]
       nsim_fib_event drivers/net/netdevsim/fib.c:887 [inline]
       nsim_fib_event_work+0x2643/0x3240 drivers/net/netdevsim/fib.c:1483
       process_one_work+0x863/0x1000 kernel/workqueue.c:2310
       process_scheduled_works kernel/workqueue.c:2373 [inline]
       worker_thread+0xdca/0x12a0 kernel/workqueue.c:2459
       kthread+0x436/0x520 kernel/kthread.c:334
       ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287

other info that might help us debug this:

Chain exists of:
  krc.lock --> &base->lock --> &trie->lock

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&trie->lock);
                               lock(&base->lock);
                               lock(&trie->lock);
  lock(krc.lock);

 *** DEADLOCK ***

6 locks held by kworker/1:0/21:
 #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc90000db7d00 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
 #2: ffff88802bbbf240 (&data->fib_lock){+.+.}-{3:3}, at: nsim_fib_event_work+0x271/0x3240 drivers/net/netdevsim/fib.c:1480
 #3: ffff8880b9128098 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x123/0x270 kernel/time/timer.c:946
 #4: ffffffff8c11c360 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311
 #5: ffff88801d3af9b8 (&trie->lock){..-.}-{2:2}, at: trie_delete_elem+0x90/0x710 kernel/bpf/lpm_trie.c:467

stack backtrace:
CPU: 1 PID: 21 Comm: kworker/1:0 Not tainted 5.15.189-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events nsim_fib_event_work
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 check_noncircular+0x274/0x310 kernel/locking/lockdep.c:2133
 check_prev_add kernel/locking/lockdep.c:3053 [inline]
 check_prevs_add kernel/locking/lockdep.c:3172 [inline]
 validate_chain kernel/locking/lockdep.c:3788 [inline]
 __lock_acquire+0x2c33/0x7c60 kernel/locking/lockdep.c:5012
 lock_acquire+0x197/0x3f0 kernel/locking/lockdep.c:5623
 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
 _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
 krc_this_cpu_lock kernel/rcu/tree.c:3203 [inline]
 add_ptr_to_bulk_krc_lock kernel/rcu/tree.c:3510 [inline]
 kvfree_call_rcu+0x186/0x7c0 kernel/rcu/tree.c:3601
 trie_delete_elem+0x58c/0x710 kernel/bpf/lpm_trie.c:-1
 bpf_prog_2c29ac5cdc6b1842+0x3a/0xc0c
 bpf_dispatcher_nop_func include/linux/bpf.h:790 [inline]
 __bpf_prog_run include/linux/filter.h:628 [inline]
 bpf_prog_run include/linux/filter.h:635 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:1878 [inline]
 bpf_trace_run3+0x17e/0x320 kernel/trace/bpf_trace.c:1916
 trace_timer_start include/trace/events/timer.h:52 [inline]
 enqueue_timer+0x394/0x520 kernel/time/timer.c:586
 internal_add_timer kernel/time/timer.c:611 [inline]
 __mod_timer+0x8e1/0xd20 kernel/time/timer.c:1062
 schedule_timeout+0x157/0x280 kernel/time/timer.c:1913
 msleep+0x31/0x50 kernel/time/timer.c:2069
 nsim_fib6_rt_add drivers/net/netdevsim/fib.c:691 [inline]
 nsim_fib6_rt_insert drivers/net/netdevsim/fib.c:757 [inline]
 nsim_fib6_event drivers/net/netdevsim/fib.c:854 [inline]
 nsim_fib_event drivers/net/netdevsim/fib.c:887 [inline]
 nsim_fib_event_work+0x2643/0x3240 drivers/net/netdevsim/fib.c:1483
 process_one_work+0x863/0x1000 kernel/workqueue.c:2310
 process_scheduled_works kernel/workqueue.c:2373 [inline]
 worker_thread+0xdca/0x12a0 kernel/workqueue.c:2459
 kthread+0x436/0x520 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>