======================================================
WARNING: possible circular locking dependency detected
6.12.0-rc6-syzkaller-01236-gcf6d9fe09185 #0 Not tainted
------------------------------------------------------
sshd/5834 is trying to acquire lock:
ffff8880b8729430 (krc.lock){....}-{2:2}, at: krc_this_cpu_lock kernel/rcu/tree.c:3312 [inline]
ffff8880b8729430 (krc.lock){....}-{2:2}, at: add_ptr_to_bulk_krc_lock kernel/rcu/tree.c:3725 [inline]
ffff8880b8729430 (krc.lock){....}-{2:2}, at: kvfree_call_rcu+0x18a/0x790 kernel/rcu/tree.c:3811
but task is already holding lock:
ffff8880b872a718 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240 kernel/time/timer.c:1051
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&base->lock){-.-.}-{2:2}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
lock_timer_base+0x112/0x240 kernel/time/timer.c:1051
__mod_timer+0x1ca/0xeb0 kernel/time/timer.c:1132
queue_delayed_work_on+0x1ca/0x390 kernel/workqueue.c:2552
kvfree_call_rcu+0x47f/0x790 kernel/rcu/tree.c:3839
pwq_release_workfn+0x664/0x800 kernel/workqueue.c:5078
kthread_worker_fn+0x500/0xb70 kernel/kthread.c:844
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
-> #0 (krc.lock){....}-{2:2}:
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904
__lock_acquire+0x1384/0x2050 kernel/locking/lockdep.c:5202
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
krc_this_cpu_lock kernel/rcu/tree.c:3312 [inline]
add_ptr_to_bulk_krc_lock kernel/rcu/tree.c:3725 [inline]
kvfree_call_rcu+0x18a/0x790 kernel/rcu/tree.c:3811
trie_delete_elem+0x546/0x6a0 kernel/bpf/lpm_trie.c:540
bpf_prog_2c29ac5cdc6b1842+0x43/0x47
bpf_dispatcher_nop_func include/linux/bpf.h:1265 [inline]
__bpf_prog_run include/linux/filter.h:701 [inline]
bpf_prog_run include/linux/filter.h:708 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2316 [inline]
bpf_trace_run2+0x2ec/0x540 kernel/trace/bpf_trace.c:2357
trace_timer_start include/trace/events/timer.h:52 [inline]
enqueue_timer+0x3ce/0x570 kernel/time/timer.c:663
__mod_timer+0x953/0xeb0 kernel/time/timer.c:1181
sk_reset_timer+0x23/0xc0 net/core/sock.c:3513
inet_csk_reset_xmit_timer include/net/inet_connection_sock.h:234 [inline]
tcp_reset_xmit_timer include/net/tcp.h:1428 [inline]
tcp_schedule_loss_probe+0x451/0x5c0 net/ipv4/tcp_output.c:2909
tcp_write_xmit+0x4477/0x6bf0 net/ipv4/tcp_output.c:2858
__tcp_push_pending_frames+0x9b/0x360 net/ipv4/tcp_output.c:3010
tcp_sendmsg_locked+0x44d6/0x4f30 net/ipv4/tcp.c:1326
tcp_sendmsg+0x30/0x50 net/ipv4/tcp.c:1358
sock_sendmsg_nosec net/socket.c:729 [inline]
__sock_sendmsg+0x1a6/0x270 net/socket.c:744
sock_write_iter+0x2d7/0x3f0 net/socket.c:1165
new_sync_write fs/read_write.c:590 [inline]
vfs_write+0xaeb/0xd30 fs/read_write.c:683
ksys_write+0x183/0x2b0 fs/read_write.c:736
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&base->lock);
lock(krc.lock);
lock(&base->lock);
lock(krc.lock);
*** DEADLOCK ***
3 locks held by sshd/5834:
#0: ffff888026131bd8 (sk_lock-AF_INET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1617 [inline]
#0: ffff888026131bd8 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_sendmsg+0x22/0x50 net/ipv4/tcp.c:1357
#1: ffff8880b872a718 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240 kernel/time/timer.c:1051
#2: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
#2: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
#2: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2315 [inline]
#2: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x1fc/0x540 kernel/trace/bpf_trace.c:2357
stack backtrace:
CPU: 1 UID: 0 PID: 5834 Comm: sshd Not tainted 6.12.0-rc6-syzkaller-01236-gcf6d9fe09185 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2074
check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2206
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904
__lock_acquire+0x1384/0x2050 kernel/locking/lockdep.c:5202
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
krc_this_cpu_lock kernel/rcu/tree.c:3312 [inline]
add_ptr_to_bulk_krc_lock kernel/rcu/tree.c:3725 [inline]
kvfree_call_rcu+0x18a/0x790 kernel/rcu/tree.c:3811
trie_delete_elem+0x546/0x6a0 kernel/bpf/lpm_trie.c:540
bpf_prog_2c29ac5cdc6b1842+0x43/0x47
bpf_dispatcher_nop_func include/linux/bpf.h:1265 [inline]
__bpf_prog_run include/linux/filter.h:701 [inline]
bpf_prog_run include/linux/filter.h:708 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2316 [inline]
bpf_trace_run2+0x2ec/0x540 kernel/trace/bpf_trace.c:2357
trace_timer_start include/trace/events/timer.h:52 [inline]
enqueue_timer+0x3ce/0x570 kernel/time/timer.c:663
__mod_timer+0x953/0xeb0 kernel/time/timer.c:1181
sk_reset_timer+0x23/0xc0 net/core/sock.c:3513
inet_csk_reset_xmit_timer include/net/inet_connection_sock.h:234 [inline]
tcp_reset_xmit_timer include/net/tcp.h:1428 [inline]
tcp_schedule_loss_probe+0x451/0x5c0 net/ipv4/tcp_output.c:2909
tcp_write_xmit+0x4477/0x6bf0 net/ipv4/tcp_output.c:2858
__tcp_push_pending_frames+0x9b/0x360 net/ipv4/tcp_output.c:3010
tcp_sendmsg_locked+0x44d6/0x4f30 net/ipv4/tcp.c:1326
tcp_sendmsg+0x30/0x50 net/ipv4/tcp.c:1358
sock_sendmsg_nosec net/socket.c:729 [inline]
__sock_sendmsg+0x1a6/0x270 net/socket.c:744
sock_write_iter+0x2d7/0x3f0 net/socket.c:1165
new_sync_write fs/read_write.c:590 [inline]
vfs_write+0xaeb/0xd30 fs/read_write.c:683
ksys_write+0x183/0x2b0 fs/read_write.c:736
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7a00d16bf2
Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83
RSP: 002b:00007fffbf740a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000000003c RCX: 00007f7a00d16bf2
RDX: 000000000000003c RSI: 000055a1a1714990 RDI: 0000000000000004
RBP: 000055a1a1722250 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000055a177d9daa4
R13: 000000000000003a R14: 000055a177d9e3e8 R15: 00007fffbf740af8
</TASK>