====================================================== WARNING: possible circular locking dependency detected 6.13.0-rc1-syzkaller-00035-ge10500b69c3f #0 Not tainted ------------------------------------------------------ kworker/u8:4/68 is trying to acquire lock: ffff8880b8729430 (krc.lock){..-.}-{2:2}, at: krc_this_cpu_lock kernel/rcu/tree.c:3312 [inline] ffff8880b8729430 (krc.lock){..-.}-{2:2}, at: add_ptr_to_bulk_krc_lock kernel/rcu/tree.c:3735 [inline] ffff8880b8729430 (krc.lock){..-.}-{2:2}, at: kvfree_call_rcu+0x18a/0x790 kernel/rcu/tree.c:3821 but task is already holding lock: ffff8880b872a718 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x744/0xeb0 kernel/time/timer.c:1163 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&base->lock){-.-.}-{2:2}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 lock_timer_base+0x112/0x240 kernel/time/timer.c:1050 __mod_timer+0x1ca/0xeb0 kernel/time/timer.c:1131 queue_delayed_work_on+0x1ca/0x390 kernel/workqueue.c:2552 kvfree_call_rcu+0x47f/0x790 kernel/rcu/tree.c:3849 pwq_release_workfn+0x664/0x800 kernel/workqueue.c:5092 kthread_worker_fn+0x4f7/0xb70 kernel/kthread.c:844 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #0 (krc.lock){..-.}-{2:2}: check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904 __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 krc_this_cpu_lock kernel/rcu/tree.c:3312 [inline] add_ptr_to_bulk_krc_lock kernel/rcu/tree.c:3735 [inline] kvfree_call_rcu+0x18a/0x790 kernel/rcu/tree.c:3821 trie_delete_elem+0x546/0x6a0 kernel/bpf/lpm_trie.c:540 bpf_prog_8c8ab8634bca3061+0x43/0x4d bpf_dispatcher_nop_func include/linux/bpf.h:1290 [inline] __bpf_prog_run include/linux/filter.h:701 [inline] bpf_prog_run include/linux/filter.h:708 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2354 [inline] bpf_trace_run4+0x334/0x590 kernel/trace/bpf_trace.c:2397 trace_mm_page_alloc include/trace/events/kmem.h:177 [inline] __alloc_pages_noprof+0x6e4/0x710 mm/page_alloc.c:4773 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265 alloc_slab_page+0x6a/0x140 mm/slub.c:2408 allocate_slab+0x5a/0x2f0 mm/slub.c:2574 new_slab mm/slub.c:2627 [inline] ___slab_alloc+0xcd1/0x14b0 mm/slub.c:3815 __slab_alloc+0x58/0xa0 mm/slub.c:3905 __slab_alloc_node mm/slub.c:3980 [inline] slab_alloc_node mm/slub.c:4141 [inline] kmem_cache_alloc_noprof+0x268/0x380 mm/slub.c:4160 kmem_alloc_batch lib/debugobjects.c:371 [inline] fill_pool+0x260/0x680 lib/debugobjects.c:403 debug_objects_fill_pool lib/debugobjects.c:725 [inline] debug_object_activate+0x493/0x580 lib/debugobjects.c:814 debug_timer_activate kernel/time/timer.c:835 [inline] __mod_timer+0x89d/0xeb0 kernel/time/timer.c:1170 queue_delayed_work_on+0x1ca/0x390 kernel/workqueue.c:2552 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&base->lock); lock(krc.lock); lock(&base->lock); lock(krc.lock); *** DEADLOCK *** 5 locks held by kworker/u8:4/68: #0: ffff88803186e148 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline] #0: ffff88803186e148 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 kernel/workqueue.c:3310 #1: ffffc9000216fd00 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline] #1: ffffc9000216fd00 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 kernel/workqueue.c:3310 #2: ffff8880b872a718 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x744/0xeb0 kernel/time/timer.c:1163 #3: ffffffff8f08ca80 (fill_pool_map-wait-type-override){+.+.}-{4:4}, at: debug_objects_fill_pool lib/debugobjects.c:724 [inline] #3: ffffffff8f08ca80 (fill_pool_map-wait-type-override){+.+.}-{4:4}, at: debug_object_activate+0x46b/0x580 lib/debugobjects.c:814 #4: ffffffff8e937aa0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline] #4: ffffffff8e937aa0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline] #4: ffffffff8e937aa0 (rcu_read_lock){....}-{1:3}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2353 [inline] #4: ffffffff8e937aa0 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x244/0x590 kernel/trace/bpf_trace.c:2397 stack backtrace: CPU: 1 UID: 0 PID: 68 Comm: kworker/u8:4 Not tainted 6.13.0-rc1-syzkaller-00035-ge10500b69c3f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: bat_events batadv_nc_worker Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2074 check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2206 check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904 __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 krc_this_cpu_lock kernel/rcu/tree.c:3312 [inline] add_ptr_to_bulk_krc_lock kernel/rcu/tree.c:3735 [inline] kvfree_call_rcu+0x18a/0x790 kernel/rcu/tree.c:3821 trie_delete_elem+0x546/0x6a0 kernel/bpf/lpm_trie.c:540 bpf_prog_8c8ab8634bca3061+0x43/0x4d bpf_dispatcher_nop_func include/linux/bpf.h:1290 [inline] __bpf_prog_run include/linux/filter.h:701 [inline] bpf_prog_run include/linux/filter.h:708 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2354 [inline] bpf_trace_run4+0x334/0x590 kernel/trace/bpf_trace.c:2397 trace_mm_page_alloc include/trace/events/kmem.h:177 [inline] __alloc_pages_noprof+0x6e4/0x710 mm/page_alloc.c:4773 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265 alloc_slab_page+0x6a/0x140 mm/slub.c:2408 allocate_slab+0x5a/0x2f0 mm/slub.c:2574 new_slab mm/slub.c:2627 [inline] ___slab_alloc+0xcd1/0x14b0 mm/slub.c:3815 __slab_alloc+0x58/0xa0 mm/slub.c:3905 __slab_alloc_node mm/slub.c:3980 [inline] slab_alloc_node mm/slub.c:4141 [inline] kmem_cache_alloc_noprof+0x268/0x380 mm/slub.c:4160 kmem_alloc_batch lib/debugobjects.c:371 [inline] fill_pool+0x260/0x680 lib/debugobjects.c:403 debug_objects_fill_pool lib/debugobjects.c:725 [inline] debug_object_activate+0x493/0x580 lib/debugobjects.c:814 debug_timer_activate kernel/time/timer.c:835 [inline] __mod_timer+0x89d/0xeb0 kernel/time/timer.c:1170 queue_delayed_work_on+0x1ca/0x390 kernel/workqueue.c:2552 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244