======================================================
WARNING: possible circular locking dependency detected
6.6.98-syzkaller #0 Not tainted
------------------------------------------------------
kworker/0:3/5831 is trying to acquire lock:
ffff8880b8e295a8 (krc.lock){..-.}-{2:2}, at: krc_this_cpu_lock kernel/rcu/tree.c:2959 [inline]
ffff8880b8e295a8 (krc.lock){..-.}-{2:2}, at: add_ptr_to_bulk_krc_lock kernel/rcu/tree.c:3368 [inline]
ffff8880b8e295a8 (krc.lock){..-.}-{2:2}, at: kvfree_call_rcu+0x15a/0x780 kernel/rcu/tree.c:3453

but task is already holding lock:
ffff8880b8e297d8 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x123/0x270 kernel/time/timer.c:999

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&base->lock){-.-.}-{2:2}:
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0xa8/0xf0 kernel/locking/spinlock.c:162
       lock_timer_base+0x123/0x270 kernel/time/timer.c:999
       __mod_timer+0xf9/0xdb0 kernel/time/timer.c:1080
       queue_delayed_work_on+0x12a/0x1e0 kernel/workqueue.c:1987
       kvfree_call_rcu+0x541/0x780 kernel/rcu/tree.c:3481
       rtnl_register_internal+0x486/0x590 net/core/rtnetlink.c:264
       rtnl_register+0x32/0x70 net/core/rtnetlink.c:314
       ip_rt_init+0x2ec/0x390 net/ipv4/route.c:3793
       ip_init+0xe/0x20 net/ipv4/ip_output.c:1663
       inet_init+0x2c1/0x3e0 net/ipv4/af_inet.c:2024
       do_one_initcall+0x1fd/0x750 init/main.c:1238
       do_initcall_level+0x137/0x1f0 init/main.c:1300
       do_initcalls+0x69/0xd0 init/main.c:1316
       kernel_init_freeable+0x3d2/0x570 init/main.c:1553
       kernel_init+0x1d/0x1c0 init/main.c:1443
       ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
       ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293

-> #0 (krc.lock){..-.}-{2:2}:
       check_prev_add kernel/locking/lockdep.c:3134 [inline]
       check_prevs_add kernel/locking/lockdep.c:3253 [inline]
       validate_chain kernel/locking/lockdep.c:3869 [inline]
       __lock_acquire+0x2ddb/0x7c80 kernel/locking/lockdep.c:5137
       lock_acquire+0x197/0x410 kernel/locking/lockdep.c:5754
       __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
       _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
       krc_this_cpu_lock kernel/rcu/tree.c:2959 [inline]
       add_ptr_to_bulk_krc_lock kernel/rcu/tree.c:3368 [inline]
       kvfree_call_rcu+0x15a/0x780 kernel/rcu/tree.c:3453
       trie_delete_elem+0x535/0x6a0 kernel/bpf/lpm_trie.c:545
       bpf_prog_2c29ac5cdc6b1842+0x42/0x46
       bpf_dispatcher_nop_func include/linux/bpf.h:1213 [inline]
       __bpf_prog_run include/linux/filter.h:612 [inline]
       bpf_prog_run include/linux/filter.h:619 [inline]
       __bpf_trace_run kernel/trace/bpf_trace.c:2322 [inline]
       bpf_trace_run3+0x1e7/0x400 kernel/trace/bpf_trace.c:2362
       __bpf_trace_timer_start+0x14a/0x1b0 include/trace/events/timer.h:53
       trace_timer_start include/trace/events/timer.h:53 [inline]
       enqueue_timer+0x398/0x530 kernel/time/timer.c:609
       internal_add_timer kernel/time/timer.c:634 [inline]
       __mod_timer+0x977/0xdb0 kernel/time/timer.c:1131
       queue_delayed_work_on+0x12a/0x1e0 kernel/workqueue.c:1987
       slab_free_hook mm/slub.c:1781 [inline]
       slab_free_freelist_hook+0xd2/0x1b0 mm/slub.c:1832
       slab_free mm/slub.c:3816 [inline]
       __kmem_cache_free+0xba/0x1f0 mm/slub.c:3829
       rcu_do_batch kernel/rcu/tree.c:2194 [inline]
       rcu_core+0xcc4/0x1720 kernel/rcu/tree.c:2467
       handle_softirqs+0x280/0x820 kernel/softirq.c:578
       do_softirq+0xed/0x180 kernel/softirq.c:479
       __local_bh_enable_ip+0x178/0x1c0 kernel/softirq.c:406
       ipv6_get_lladdr+0x2aa/0x3e0 net/ipv6/addrconf.c:1902
       mld_newpack+0x425/0xbf0 net/ipv6/mcast.c:1758
       add_grhead+0x5a/0x2a0 net/ipv6/mcast.c:1855
       add_grec+0x13ad/0x1660 net/ipv6/mcast.c:1993
       mld_send_cr net/ipv6/mcast.c:2119 [inline]
       mld_ifc_work+0x6e6/0xb40 net/ipv6/mcast.c:2655
       process_one_work kernel/workqueue.c:2634 [inline]
       process_scheduled_works+0xa45/0x15b0 kernel/workqueue.c:2711
       worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792
       kthread+0x2fa/0x390 kernel/kthread.c:388
       ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
       ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&base->lock);
                               lock(krc.lock);
                               lock(&base->lock);
  lock(krc.lock);

 *** DEADLOCK ***

8 locks held by kworker/0:3/5831:
 #0: ffff88814c0a7138 ((wq_completion)mld){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline]
 #0: ffff88814c0a7138 ((wq_completion)mld){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 kernel/workqueue.c:2711
 #1: ffffc90003047d00 ((work_completion)(&(&idev->mc_ifc_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline]
 #1: ffffc90003047d00 ((work_completion)(&(&idev->mc_ifc_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 kernel/workqueue.c:2711
 #2: ffff888060ee8538 (&idev->mc_lock){+.+.}-{3:3}, at: mld_ifc_work+0x2d/0xb40 net/ipv6/mcast.c:2654
 #3: ffffffff8cd2fae0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:334 [inline]
 #3: ffffffff8cd2fae0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:786 [inline]
 #3: ffffffff8cd2fae0 (rcu_read_lock){....}-{1:2}, at: mld_newpack+0x2b9/0xbf0 net/ipv6/mcast.c:1752
 #4: ffffffff8cd2fae0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:334 [inline]
 #4: ffffffff8cd2fae0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:786 [inline]
 #4: ffffffff8cd2fae0 (rcu_read_lock){....}-{1:2}, at: ipv6_get_lladdr+0x2b/0x3e0 net/ipv6/addrconf.c:1897
 #5: ffffffff8cd2fc00 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:334 [inline]
 #5: ffffffff8cd2fc00 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2188 [inline]
 #5: ffffffff8cd2fc00 (rcu_callback){....}-{0:0}, at: rcu_core+0xc51/0x1720 kernel/rcu/tree.c:2467
 #6: ffff8880b8e297d8 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x123/0x270 kernel/time/timer.c:999
 #7: ffffffff8cd2fae0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:334 [inline]
 #7: ffffffff8cd2fae0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:786 [inline]
 #7: ffffffff8cd2fae0 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2321 [inline]
 #7: ffffffff8cd2fae0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run3+0xf4/0x400 kernel/trace/bpf_trace.c:2362

stack backtrace:
CPU: 0 PID: 5831 Comm: kworker/0:3 Not tainted 6.6.98-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: mld mld_ifc_work
Call Trace:
 <IRQ>
 dump_stack_lvl+0x16c/0x230 lib/dump_stack.c:106
 check_noncircular+0x2bd/0x3c0 kernel/locking/lockdep.c:2187
 check_prev_add kernel/locking/lockdep.c:3134 [inline]
 check_prevs_add kernel/locking/lockdep.c:3253 [inline]
 validate_chain kernel/locking/lockdep.c:3869 [inline]
 __lock_acquire+0x2ddb/0x7c80 kernel/locking/lockdep.c:5137
 lock_acquire+0x197/0x410 kernel/locking/lockdep.c:5754
 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
 _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
 krc_this_cpu_lock kernel/rcu/tree.c:2959 [inline]
 add_ptr_to_bulk_krc_lock kernel/rcu/tree.c:3368 [inline]
 kvfree_call_rcu+0x15a/0x780 kernel/rcu/tree.c:3453
 trie_delete_elem+0x535/0x6a0 kernel/bpf/lpm_trie.c:545
 bpf_prog_2c29ac5cdc6b1842+0x42/0x46
 bpf_dispatcher_nop_func include/linux/bpf.h:1213 [inline]
 __bpf_prog_run include/linux/filter.h:612 [inline]
 bpf_prog_run include/linux/filter.h:619 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2322 [inline]
 bpf_trace_run3+0x1e7/0x400 kernel/trace/bpf_trace.c:2362
 __bpf_trace_timer_start+0x14a/0x1b0 include/trace/events/timer.h:53
 trace_timer_start include/trace/events/timer.h:53 [inline]
 enqueue_timer+0x398/0x530 kernel/time/timer.c:609
 internal_add_timer kernel/time/timer.c:634 [inline]
 __mod_timer+0x977/0xdb0 kernel/time/timer.c:1131
 queue_delayed_work_on+0x12a/0x1e0 kernel/workqueue.c:1987
 slab_free_hook mm/slub.c:1781 [inline]
 slab_free_freelist_hook+0xd2/0x1b0 mm/slub.c:1832
 slab_free mm/slub.c:3816 [inline]
 __kmem_cache_free+0xba/0x1f0 mm/slub.c:3829
 rcu_do_batch kernel/rcu/tree.c:2194 [inline]
 rcu_core+0xcc4/0x1720 kernel/rcu/tree.c:2467
 handle_softirqs+0x280/0x820 kernel/softirq.c:578
 do_softirq+0xed/0x180 kernel/softirq.c:479
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x178/0x1c0 kernel/softirq.c:406
 ipv6_get_lladdr+0x2aa/0x3e0 net/ipv6/addrconf.c:1902
 mld_newpack+0x425/0xbf0 net/ipv6/mcast.c:1758
 add_grhead+0x5a/0x2a0 net/ipv6/mcast.c:1855
 add_grec+0x13ad/0x1660 net/ipv6/mcast.c:1993
 mld_send_cr net/ipv6/mcast.c:2119 [inline]
 mld_ifc_work+0x6e6/0xb40 net/ipv6/mcast.c:2655
 process_one_work kernel/workqueue.c:2634 [inline]
 process_scheduled_works+0xa45/0x15b0 kernel/workqueue.c:2711
 worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792
 kthread+0x2fa/0x390 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>