======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Not tainted
------------------------------------------------------
kworker/1:1/26 is trying to acquire lock:
ffff88801f878a38 (&trie->lock){-...}-{2:2}, at: trie_delete_elem+0x90/0x710 kernel/bpf/lpm_trie.c:467

but task is already holding lock:
ffffffff96565410 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_deactivate+0x62/0x390 lib/debugobjects.c:749

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&obj_hash[i].lock){-.-.}-{2:2}:
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0xb0/0x100 kernel/locking/spinlock.c:162
       debug_object_activate+0x63/0x4e0 lib/debugobjects.c:694
       debug_rcu_head_queue kernel/rcu/rcu.h:176 [inline]
       kvfree_call_rcu+0xb0/0x7d0 kernel/rcu/tree.c:3591
       trie_update_elem+0x86c/0xc50 kernel/bpf/lpm_trie.c:396
       bpf_map_update_value+0x57d/0x650 kernel/bpf/syscall.c:223
       generic_map_update_batch+0x52d/0x7d0 kernel/bpf/syscall.c:1430
       bpf_map_do_batch+0x466/0x600 kernel/bpf/syscall.c:-1
       __sys_bpf+0x671/0x6f0 kernel/bpf/syscall.c:-1
       __do_sys_bpf kernel/bpf/syscall.c:4761 [inline]
       __se_sys_bpf kernel/bpf/syscall.c:4759 [inline]
       __x64_sys_bpf+0x78/0x90 kernel/bpf/syscall.c:4759
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x66/0xd0

-> #0 (&trie->lock){-...}-{2:2}:
       check_prev_add kernel/locking/lockdep.c:3053 [inline]
       check_prevs_add kernel/locking/lockdep.c:3172 [inline]
       validate_chain kernel/locking/lockdep.c:3788 [inline]
       __lock_acquire+0x2c42/0x7d10 kernel/locking/lockdep.c:5012
       lock_acquire+0x19e/0x400 kernel/locking/lockdep.c:5623
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0xb0/0x100 kernel/locking/spinlock.c:162
       trie_delete_elem+0x90/0x710 kernel/bpf/lpm_trie.c:467
       bpf_prog_2c29ac5cdc6b1842+0x3a/0xc3c
       bpf_dispatcher_nop_func include/linux/bpf.h:888 [inline]
       __bpf_prog_run include/linux/filter.h:621 [inline]
       bpf_prog_run include/linux/filter.h:635 [inline]
       BPF_PROG_RUN_ARRAY include/linux/bpf.h:1439 [inline]
       trace_call_bpf+0x32d/0x5b0 kernel/trace/bpf_trace.c:127
       perf_trace_run_bpf_submit+0x79/0x1c0 kernel/events/core.c:10016
       perf_trace_lock+0x301/0x390 include/trace/events/lock.h:39
       trace_lock_release include/trace/events/lock.h:58 [inline]
       lock_release+0x84a/0x8a0 kernel/locking/lockdep.c:5634
       __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:158 [inline]
       _raw_spin_unlock_irqrestore+0x6d/0x120 kernel/locking/spinlock.c:194
       debug_hrtimer_deactivate kernel/time/hrtimer.c:415 [inline]
       __run_hrtimer kernel/time/hrtimer.c:1653 [inline]
       __hrtimer_run_queues+0x2b9/0xb70 kernel/time/hrtimer.c:1749
       hrtimer_interrupt+0x3bb/0x8d0 kernel/time/hrtimer.c:1811
       local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1097 [inline]
       __sysvec_apic_timer_interrupt+0x137/0x4a0 arch/x86/kernel/apic/apic.c:1114
       instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1108 [inline]
       sysvec_apic_timer_interrupt+0x9b/0xc0 arch/x86/kernel/apic/apic.c:1108
       asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:676
       crng_make_state+0x516/0x670 drivers/char/random.c:393
       _get_random_bytes+0xfc/0x250 drivers/char/random.c:405
       nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:692 [inline]
       nsim_dev_trap_report drivers/net/netdevsim/dev.c:721 [inline]
       nsim_dev_trap_report_work+0x694/0xb40 drivers/net/netdevsim/dev.c:762
       process_one_work+0x85f/0x1010 kernel/workqueue.c:2310
       worker_thread+0xaa6/0x1290 kernel/workqueue.c:2457
       kthread+0x436/0x520 kernel/kthread.c:334
       ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&obj_hash[i].lock);
                               lock(&trie->lock);
                               lock(&obj_hash[i].lock);
  lock(&trie->lock);

 *** DEADLOCK ***

7 locks held by kworker/1:1/26:
 #0: ffff888016c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x761/0x1010 kernel/workqueue.c:-1
 #1: ffffc90000e1fd00 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x79f/0x1010 kernel/workqueue.c:2285
 #2: ffff8880788e0400 (&nsim_dev->port_list_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x56/0xb40 drivers/net/netdevsim/dev.c:757
 #3: ffff888061b468e0 (&nsim_trap_data->trap_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:364 [inline]
 #3: ffff888061b468e0 (&nsim_trap_data->trap_lock){+.+.}-{2:2}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:707 [inline]
 #3: ffff888061b468e0 (&nsim_trap_data->trap_lock){+.+.}-{2:2}, at: nsim_dev_trap_report_work+0x1af/0xb40 drivers/net/netdevsim/dev.c:762
 #4: ffff8880b912a258 (hrtimer_bases.lock){-.-.}-{2:2}, at: hrtimer_interrupt+0xf8/0x8d0 kernel/time/hrtimer.c:1792
 #5: ffffffff96565410 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_deactivate+0x62/0x390 lib/debugobjects.c:749
 #6: ffffffff8c31f320 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:312

stack backtrace:
CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Workqueue: events nsim_dev_trap_report_work
Call Trace:
 <IRQ>
 dump_stack_lvl+0x188/0x250 lib/dump_stack.c:106
 check_noncircular+0x296/0x330 kernel/locking/lockdep.c:2133
 check_prev_add kernel/locking/lockdep.c:3053 [inline]
 check_prevs_add kernel/locking/lockdep.c:3172 [inline]
 validate_chain kernel/locking/lockdep.c:3788 [inline]
 __lock_acquire+0x2c42/0x7d10 kernel/locking/lockdep.c:5012
 lock_acquire+0x19e/0x400 kernel/locking/lockdep.c:5623
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0xb0/0x100 kernel/locking/spinlock.c:162
 trie_delete_elem+0x90/0x710 kernel/bpf/lpm_trie.c:467
 bpf_prog_2c29ac5cdc6b1842+0x3a/0xc3c
 bpf_dispatcher_nop_func include/linux/bpf.h:888 [inline]
 __bpf_prog_run include/linux/filter.h:621 [inline]
 bpf_prog_run include/linux/filter.h:635 [inline]
 BPF_PROG_RUN_ARRAY include/linux/bpf.h:1439 [inline]
 trace_call_bpf+0x32d/0x5b0 kernel/trace/bpf_trace.c:127
 perf_trace_run_bpf_submit+0x79/0x1c0 kernel/events/core.c:10016
 perf_trace_lock+0x301/0x390 include/trace/events/lock.h:39
 trace_lock_release include/trace/events/lock.h:58 [inline]
 lock_release+0x84a/0x8a0 kernel/locking/lockdep.c:5634
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:158 [inline]
 _raw_spin_unlock_irqrestore+0x6d/0x120 kernel/locking/spinlock.c:194
 debug_hrtimer_deactivate kernel/time/hrtimer.c:415 [inline]
 __run_hrtimer kernel/time/hrtimer.c:1653 [inline]
 __hrtimer_run_queues+0x2b9/0xb70 kernel/time/hrtimer.c:1749
 hrtimer_interrupt+0x3bb/0x8d0 kernel/time/hrtimer.c:1811
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1097 [inline]
 __sysvec_apic_timer_interrupt+0x137/0x4a0 arch/x86/kernel/apic/apic.c:1114
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1108 [inline]
 sysvec_apic_timer_interrupt+0x9b/0xc0 arch/x86/kernel/apic/apic.c:1108
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:676
RIP: 0010:crng_make_state+0x516/0x670 drivers/char/random.c:393
Code: 96 73 05 e9 2b fd ff ff e8 37 84 26 fd e8 d2 27 6a 05 4d 85 f6 0f 84 f8 fe ff ff e8 24 84 26 fd fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 04 2f 00 00 00 00 4b c7 44 2f 08 00 00 00 00 4b c7 44 2f 10
RSP: 0018:ffffc90000e1f8a0 EFLAGS: 00000293
RAX: ffffffff8452b1ec RBX: 0000000000000000 RCX: ffff88801bb90000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90000e1f9f0 R08: ffffffff901d61bf R09: 1ffffffff203ac37
R10: dffffc0000000000 R11: fffffbfff203ac38 R12: ffff8880b9137248
R13: dffffc0000000000 R14: 0000000000000200 R15: 1ffff920001c3f1c
 _get_random_bytes+0xfc/0x250 drivers/char/random.c:405
 nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:692 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:721 [inline]
 nsim_dev_trap_report_work+0x694/0xb40 drivers/net/netdevsim/dev.c:762
 process_one_work+0x85f/0x1010 kernel/workqueue.c:2310
 worker_thread+0xaa6/0x1290 kernel/workqueue.c:2457
 kthread+0x436/0x520 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
----------------
Code disassembly (best guess):
   0:	96                   	xchg   %eax,%esi
   1:	73 05                	jae    0x8
   3:	e9 2b fd ff ff       	jmp    0xfffffd33
   8:	e8 37 84 26 fd       	call   0xfd268444
   d:	e8 d2 27 6a 05       	call   0x56a27e4
  12:	4d 85 f6             	test   %r14,%r14
  15:	0f 84 f8 fe ff ff    	je     0xffffff13
  1b:	e8 24 84 26 fd       	call   0xfd268444
  20:	fb                   	sti
  21:	48 c7 44 24 40 0e 36 	movq   $0x45e0360e,0x40(%rsp)
  28:	e0 45
* 2a:	4b c7 04 2f 00 00 00 	movq   $0x0,(%r15,%r13,1) <-- trapping instruction
  31:	00
  32:	4b c7 44 2f 08 00 00 	movq   $0x0,0x8(%r15,%r13,1)
  39:	00 00
  3b:	4b                   	rex.WXB
  3c:	c7                   	.byte 0xc7
  3d:	44 2f                	rex.R (bad)
  3f:	10                   	.byte 0x10