======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Not tainted
------------------------------------------------------
syz.1.1366/9864 is trying to acquire lock:
ffff88802d37b238 (&trie->lock){-.-.}-{2:2}, at: trie_delete_elem+0x96/0x6a0 kernel/bpf/lpm_trie.c:467

but task is already holding lock:
ffff8880b8e37d68 (stock_lock){-.-.}-{2:2}, at: local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
ffff8880b8e37d68 (stock_lock){-.-.}-{2:2}, at: refill_obj_stock+0xef/0x6a0 mm/memcontrol.c:3366

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (stock_lock){-.-.}-{2:2}:
       local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
       consume_obj_stock mm/memcontrol.c:3267 [inline]
       obj_cgroup_charge+0x10a/0x630 mm/memcontrol.c:3397
       memcg_slab_pre_alloc_hook mm/slab.h:508 [inline]
       slab_pre_alloc_hook+0x2e7/0x310 mm/slab.h:719
       slab_alloc_node mm/slub.c:3477 [inline]
       __kmem_cache_alloc_node+0x53/0x250 mm/slub.c:3534
       __do_kmalloc_node mm/slab_common.c:1006 [inline]
       __kmalloc_node+0xa4/0x230 mm/slab_common.c:1014
       kmalloc_node include/linux/slab.h:620 [inline]
       bpf_map_kmalloc_node+0xbc/0x1b0 kernel/bpf/syscall.c:424
       lpm_trie_node_alloc kernel/bpf/lpm_trie.c:291 [inline]
       trie_update_elem+0x169/0xea0 kernel/bpf/lpm_trie.c:338
       bpf_map_update_value+0x660/0x720 kernel/bpf/syscall.c:203
       generic_map_update_batch+0x5ec/0x810 kernel/bpf/syscall.c:1800
       bpf_map_do_batch+0x3d7/0x610 kernel/bpf/syscall.c:5010
       __sys_bpf+0x381/0x890 kernel/bpf/syscall.c:-1
       __do_sys_bpf kernel/bpf/syscall.c:5581 [inline]
       __se_sys_bpf kernel/bpf/syscall.c:5579 [inline]
       __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5579
       do_syscall_x64 arch/x86/entry/common.c:46 [inline]
       do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76
       entry_SYSCALL_64_after_hwframe+0x68/0xd2

-> #0 (&trie->lock){-.-.}-{2:2}:
       check_prev_add kernel/locking/lockdep.c:3134 [inline]
       check_prevs_add kernel/locking/lockdep.c:3253 [inline]
       validate_chain kernel/locking/lockdep.c:3869 [inline]
       __lock_acquire+0x2df1/0x7d40 kernel/locking/lockdep.c:5137
       lock_acquire+0x19e/0x420 kernel/locking/lockdep.c:5754
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0xb4/0x100 kernel/locking/spinlock.c:162
       trie_delete_elem+0x96/0x6a0 kernel/bpf/lpm_trie.c:467
       bpf_prog_2c29ac5cdc6b1842+0x42/0x46
       bpf_dispatcher_nop_func include/linux/bpf.h:1224 [inline]
       __bpf_prog_run include/linux/filter.h:616 [inline]
       bpf_prog_run include/linux/filter.h:623 [inline]
       bpf_prog_run_array include/linux/bpf.h:1994 [inline]
       trace_call_bpf+0x333/0x6c0 kernel/trace/bpf_trace.c:143
       perf_trace_run_bpf_submit+0x7a/0x1c0 kernel/events/core.c:10295
       perf_trace_lock_acquire+0x34f/0x410 include/trace/events/lock.h:24
       trace_lock_acquire include/trace/events/lock.h:24 [inline]
       lock_acquire+0x3ef/0x420 kernel/locking/lockdep.c:5725
       rcu_lock_acquire include/linux/rcupdate.h:334 [inline]
       rcu_read_lock include/linux/rcupdate.h:786 [inline]
       mod_objcg_mlstate+0xad/0x320 mm/memcontrol.c:2913
       drain_obj_stock+0x1f8/0x360 mm/memcontrol.c:3327
       refill_obj_stock+0x1fc/0x6a0 mm/memcontrol.c:3370
       obj_cgroup_charge+0x3d9/0x630 mm/memcontrol.c:3431
       memcg_slab_pre_alloc_hook mm/slab.h:508 [inline]
       slab_pre_alloc_hook+0x2e7/0x310 mm/slab.h:719
       slab_alloc_node mm/slub.c:3477 [inline]
       slab_alloc mm/slub.c:3503 [inline]
       __kmem_cache_alloc_lru mm/slub.c:3510 [inline]
       kmem_cache_alloc_lru+0x4d/0x2d0 mm/slub.c:3526
       __d_alloc+0x31/0x730 fs/dcache.c:1773
       d_alloc_pseudo+0x1d/0x70 fs/dcache.c:1905
       alloc_file_pseudo+0xe4/0x210 fs/file_table.c:329
       __anon_inode_getfile fs/anon_inodes.c:122 [inline]
       anon_inode_getfile+0xc5/0x1a0 fs/anon_inodes.c:160
       __do_sys_perf_event_open kernel/events/core.c:12897 [inline]
       __se_sys_perf_event_open+0xee7/0x1c50 kernel/events/core.c:12609
       do_syscall_x64 arch/x86/entry/common.c:46 [inline]
       do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76
       entry_SYSCALL_64_after_hwframe+0x68/0xd2

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(stock_lock);
                               lock(&trie->lock);
                               lock(stock_lock);
  lock(&trie->lock);

 *** DEADLOCK ***

4 locks held by syz.1.1366/9864:
 #0: ffff88802af93be0 (&sig->exec_update_lock){++++}-{3:3}, at: __do_sys_perf_event_open kernel/events/core.c:12748 [inline]
 #0: ffff88802af93be0 (&sig->exec_update_lock){++++}-{3:3}, at: __se_sys_perf_event_open+0x96c/0x1c50 kernel/events/core.c:12609
 #1: ffff88805f2deca8 (&ctx->mutex){+.+.}-{3:3}, at: __do_sys_perf_event_open kernel/events/core.c:12772 [inline]
 #1: ffff88805f2deca8 (&ctx->mutex){+.+.}-{3:3}, at: __se_sys_perf_event_open+0xb1e/0x1c50 kernel/events/core.c:12609
 #2: ffff8880b8e37d68 (stock_lock){-.-.}-{2:2}, at: local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
 #2: ffff8880b8e37d68 (stock_lock){-.-.}-{2:2}, at: refill_obj_stock+0xef/0x6a0 mm/memcontrol.c:3366
 #3: ffffffff8d1320e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:334 [inline]
 #3: ffffffff8d1320e0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:786 [inline]
 #3: ffffffff8d1320e0 (rcu_read_lock){....}-{1:2}, at: trace_call_bpf+0xc3/0x6c0 kernel/trace/bpf_trace.c:142

stack backtrace:
CPU: 0 PID: 9864 Comm: syz.1.1366 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0x18c/0x250 lib/dump_stack.c:106
 check_noncircular+0x2fc/0x400 kernel/locking/lockdep.c:2187
 check_prev_add kernel/locking/lockdep.c:3134 [inline]
 check_prevs_add kernel/locking/lockdep.c:3253 [inline]
 validate_chain kernel/locking/lockdep.c:3869 [inline]
 __lock_acquire+0x2df1/0x7d40 kernel/locking/lockdep.c:5137
 lock_acquire+0x19e/0x420 kernel/locking/lockdep.c:5754
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0xb4/0x100 kernel/locking/spinlock.c:162
 trie_delete_elem+0x96/0x6a0 kernel/bpf/lpm_trie.c:467
 bpf_prog_2c29ac5cdc6b1842+0x42/0x46
 bpf_dispatcher_nop_func include/linux/bpf.h:1224 [inline]
 __bpf_prog_run include/linux/filter.h:616 [inline]
 bpf_prog_run include/linux/filter.h:623 [inline]
 bpf_prog_run_array include/linux/bpf.h:1994 [inline]
 trace_call_bpf+0x333/0x6c0 kernel/trace/bpf_trace.c:143
 perf_trace_run_bpf_submit+0x7a/0x1c0 kernel/events/core.c:10295
 perf_trace_lock_acquire+0x34f/0x410 include/trace/events/lock.h:24
 trace_lock_acquire include/trace/events/lock.h:24 [inline]
 lock_acquire+0x3ef/0x420 kernel/locking/lockdep.c:5725
 rcu_lock_acquire include/linux/rcupdate.h:334 [inline]
 rcu_read_lock include/linux/rcupdate.h:786 [inline]
 mod_objcg_mlstate+0xad/0x320 mm/memcontrol.c:2913
 drain_obj_stock+0x1f8/0x360 mm/memcontrol.c:3327
 refill_obj_stock+0x1fc/0x6a0 mm/memcontrol.c:3370
 obj_cgroup_charge+0x3d9/0x630 mm/memcontrol.c:3431
 memcg_slab_pre_alloc_hook mm/slab.h:508 [inline]
 slab_pre_alloc_hook+0x2e7/0x310 mm/slab.h:719
 slab_alloc_node mm/slub.c:3477 [inline]
 slab_alloc mm/slub.c:3503 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3510 [inline]
 kmem_cache_alloc_lru+0x4d/0x2d0 mm/slub.c:3526
 __d_alloc+0x31/0x730 fs/dcache.c:1773
 d_alloc_pseudo+0x1d/0x70 fs/dcache.c:1905
 alloc_file_pseudo+0xe4/0x210 fs/file_table.c:329
 __anon_inode_getfile fs/anon_inodes.c:122 [inline]
 anon_inode_getfile+0xc5/0x1a0 fs/anon_inodes.c:160
 __do_sys_perf_event_open kernel/events/core.c:12897 [inline]
 __se_sys_perf_event_open+0xee7/0x1c50 kernel/events/core.c:12609
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f0d5c99cdd9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0d5d81f028 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: ffffffffffffffda RBX: 00007f0d5cc15fa0 RCX: 00007f0d5c99cdd9
RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000200000000500
RBP: 00007f0d5ca32d69 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 00007f0d5cc16038 R14: 00007f0d5cc15fa0 R15: 00007fff1c6f1cc8
 </TASK>
netdevsim netdevsim1 ÿÿÿÿÿÿ: renamed from netdevsim0