======================================================
WARNING: possible circular locking dependency detected
6.10.0-rc2-next-20240606-syzkaller #0 Tainted: G        W         
------------------------------------------------------
sshd/5090 is trying to acquire lock:
ffff8880b9429430 (krc.lock){....}-{2:2}, at: krc_this_cpu_lock kernel/rcu/tree.c:3327 [inline]
ffff8880b9429430 (krc.lock){....}-{2:2}, at: add_ptr_to_bulk_krc_lock kernel/rcu/tree.c:3726 [inline]
ffff8880b9429430 (krc.lock){....}-{2:2}, at: kvfree_call_rcu+0x18a/0x790 kernel/rcu/tree.c:3811

but task is already holding lock:
ffff8880b942a718 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240 kernel/time/timer.c:1051

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&base->lock){-.-.}-{2:2}:
       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5817
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
       lock_timer_base+0x112/0x240 kernel/time/timer.c:1051
       __mod_timer+0x1ca/0xeb0 kernel/time/timer.c:1132
       queue_delayed_work_on+0x1ca/0x390 kernel/workqueue.c:2573
       kvfree_call_rcu+0x47f/0x790 kernel/rcu/tree.c:3839
       rtnl_register_internal+0x482/0x590 net/core/rtnetlink.c:265
       rtnl_register+0x36/0x80 net/core/rtnetlink.c:315
       ip_rt_init+0x2f6/0x3a0 net/ipv4/route.c:3696
       ip_init+0xe/0x20 net/ipv4/ip_output.c:1667
       inet_init+0x3d8/0x580 net/ipv4/af_inet.c:1983
       do_one_initcall+0x248/0x880 init/main.c:1267
       do_initcall_level+0x157/0x210 init/main.c:1329
       do_initcalls+0x3f/0x80 init/main.c:1345
       kernel_init_freeable+0x435/0x5d0 init/main.c:1578
       kernel_init+0x1d/0x2b0 init/main.c:1467
       ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:145
       ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

-> #0 (krc.lock){....}-{2:2}:
       check_prev_add kernel/locking/lockdep.c:3159 [inline]
       check_prevs_add kernel/locking/lockdep.c:3278 [inline]
       validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3902
       __lock_acquire+0x1359/0x2000 kernel/locking/lockdep.c:5194
       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5817
       __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
       _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
       krc_this_cpu_lock kernel/rcu/tree.c:3327 [inline]
       add_ptr_to_bulk_krc_lock kernel/rcu/tree.c:3726 [inline]
       kvfree_call_rcu+0x18a/0x790 kernel/rcu/tree.c:3811
       trie_delete_elem+0x546/0x6a0 kernel/bpf/lpm_trie.c:540
       bpf_prog_2c29ac5cdc6b1842+0x42/0x46
       bpf_dispatcher_nop_func include/linux/bpf.h:1243 [inline]
       __bpf_prog_run include/linux/filter.h:691 [inline]
       bpf_prog_run include/linux/filter.h:698 [inline]
       __bpf_trace_run kernel/trace/bpf_trace.c:2403 [inline]
       bpf_trace_run2+0x2ec/0x540 kernel/trace/bpf_trace.c:2444
       trace_timer_start include/trace/events/timer.h:52 [inline]
       enqueue_timer+0x3ce/0x570 kernel/time/timer.c:663
       __mod_timer+0x953/0xeb0 kernel/time/timer.c:1181
       sk_reset_timer+0x23/0xc0 net/core/sock.c:3440
       tcp_event_new_data_sent+0x203/0x360 net/ipv4/tcp_output.c:83
       tcp_write_xmit+0x18dc/0x6a10 net/ipv4/tcp_output.c:2836
       __tcp_push_pending_frames+0x9b/0x360 net/ipv4/tcp_output.c:3014
       tcp_sendmsg_locked+0x43b1/0x4e10 net/ipv4/tcp.c:1321
       tcp_sendmsg+0x30/0x50 net/ipv4/tcp.c:1353
       sock_sendmsg_nosec net/socket.c:730 [inline]
       __sock_sendmsg+0x1a6/0x270 net/socket.c:745
       sock_write_iter+0x2dd/0x400 net/socket.c:1160
       new_sync_write fs/read_write.c:497 [inline]
       vfs_write+0xa72/0xc90 fs/read_write.c:590
       ksys_write+0x1a0/0x2c0 fs/read_write.c:643
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&base->lock);
                               lock(krc.lock);
                               lock(&base->lock);
  lock(krc.lock);

 *** DEADLOCK ***

3 locks held by sshd/5090:
 #0: ffff88802d653358 (sk_lock-AF_INET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1602 [inline]
 #0: ffff88802d653358 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_sendmsg+0x22/0x50 net/ipv4/tcp.c:1352
 #1: ffff8880b942a718 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240 kernel/time/timer.c:1051
 #2: ffffffff8e334520 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:326 [inline]
 #2: ffffffff8e334520 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #2: ffffffff8e334520 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2402 [inline]
 #2: ffffffff8e334520 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x1fc/0x540 kernel/trace/bpf_trace.c:2444

stack backtrace:
CPU: 0 PID: 5090 Comm: sshd Tainted: G        W          6.10.0-rc2-next-20240606-syzkaller #0
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:91 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:117
 print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2075
 check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2204
 check_prev_add kernel/locking/lockdep.c:3159 [inline]
 check_prevs_add kernel/locking/lockdep.c:3278 [inline]
 validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3902
 __lock_acquire+0x1359/0x2000 kernel/locking/lockdep.c:5194
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5817
 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
 _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
 krc_this_cpu_lock kernel/rcu/tree.c:3327 [inline]
 add_ptr_to_bulk_krc_lock kernel/rcu/tree.c:3726 [inline]
 kvfree_call_rcu+0x18a/0x790 kernel/rcu/tree.c:3811
 trie_delete_elem+0x546/0x6a0 kernel/bpf/lpm_trie.c:540
 bpf_prog_2c29ac5cdc6b1842+0x42/0x46
 bpf_dispatcher_nop_func include/linux/bpf.h:1243 [inline]
 __bpf_prog_run include/linux/filter.h:691 [inline]
 bpf_prog_run include/linux/filter.h:698 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2403 [inline]
 bpf_trace_run2+0x2ec/0x540 kernel/trace/bpf_trace.c:2444
 trace_timer_start include/trace/events/timer.h:52 [inline]
 enqueue_timer+0x3ce/0x570 kernel/time/timer.c:663
 __mod_timer+0x953/0xeb0 kernel/time/timer.c:1181
 sk_reset_timer+0x23/0xc0 net/core/sock.c:3440
 tcp_event_new_data_sent+0x203/0x360 net/ipv4/tcp_output.c:83
 tcp_write_xmit+0x18dc/0x6a10 net/ipv4/tcp_output.c:2836
 __tcp_push_pending_frames+0x9b/0x360 net/ipv4/tcp_output.c:3014
 tcp_sendmsg_locked+0x43b1/0x4e10 net/ipv4/tcp.c:1321
 tcp_sendmsg+0x30/0x50 net/ipv4/tcp.c:1353
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x1a6/0x270 net/socket.c:745
 sock_write_iter+0x2dd/0x400 net/socket.c:1160
 new_sync_write fs/read_write.c:497 [inline]
 vfs_write+0xa72/0xc90 fs/read_write.c:590
 ksys_write+0x1a0/0x2c0 fs/read_write.c:643
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc1e8b16bf2
Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83
RSP: 002b:00007ffe5bd48cd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000000002c RCX: 00007fc1e8b16bf2
RDX: 000000000000002c RSI: 0000563611ace960 RDI: 0000000000000004
RBP: 0000563611ad73f0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00005635e7499aa4
R13: 0000000000000046 R14: 00005635e749a3e8 R15: 00007ffe5bd48d48
 </TASK>