======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Not tainted
------------------------------------------------------
kworker/0:1/9 is trying to acquire lock:
ffff88807f4a4a38 (&trie->lock){-.-.}-{2:2}, at: trie_delete_elem+0x96/0x6a0 kernel/bpf/lpm_trie.c:467

but task is already holding lock:
ffff8880b8e37d68 (stock_lock){..-.}-{2:2}, at: local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
ffff8880b8e37d68 (stock_lock){..-.}-{2:2}, at: refill_obj_stock+0xef/0x6a0 mm/memcontrol.c:3366

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (stock_lock){..-.}-{2:2}:
       local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
       consume_obj_stock mm/memcontrol.c:3267 [inline]
       obj_cgroup_charge+0x10a/0x630 mm/memcontrol.c:3397
       memcg_slab_pre_alloc_hook mm/slab.h:508 [inline]
       slab_pre_alloc_hook+0x2e7/0x310 mm/slab.h:719
       slab_alloc_node mm/slub.c:3477 [inline]
       __kmem_cache_alloc_node+0x53/0x250 mm/slub.c:3534
       __do_kmalloc_node mm/slab_common.c:1006 [inline]
       __kmalloc_node+0xa4/0x230 mm/slab_common.c:1014
       kmalloc_node include/linux/slab.h:620 [inline]
       bpf_map_kmalloc_node+0xbc/0x1b0 kernel/bpf/syscall.c:424
       lpm_trie_node_alloc kernel/bpf/lpm_trie.c:291 [inline]
       trie_update_elem+0x169/0xea0 kernel/bpf/lpm_trie.c:338
       bpf_map_update_value+0x660/0x720 kernel/bpf/syscall.c:203
       generic_map_update_batch+0x5ec/0x810 kernel/bpf/syscall.c:1800
       bpf_map_do_batch+0x3d7/0x610 kernel/bpf/syscall.c:5010
       __sys_bpf+0x381/0x890 kernel/bpf/syscall.c:-1
       __do_sys_bpf kernel/bpf/syscall.c:5581 [inline]
       __se_sys_bpf kernel/bpf/syscall.c:5579 [inline]
       __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5579
       do_syscall_x64 arch/x86/entry/common.c:46 [inline]
       do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76
       entry_SYSCALL_64_after_hwframe+0x68/0xd2

-> #0 (&trie->lock){-.-.}-{2:2}:
       check_prev_add kernel/locking/lockdep.c:3134 [inline]
       check_prevs_add kernel/locking/lockdep.c:3253 [inline]
       validate_chain kernel/locking/lockdep.c:3869 [inline]
       __lock_acquire+0x2df1/0x7d40 kernel/locking/lockdep.c:5137
       lock_acquire+0x19e/0x420 kernel/locking/lockdep.c:5754
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0xb4/0x100 kernel/locking/spinlock.c:162
       trie_delete_elem+0x96/0x6a0 kernel/bpf/lpm_trie.c:467
       bpf_prog_2c29ac5cdc6b1842+0x42/0x46
       bpf_dispatcher_nop_func include/linux/bpf.h:1224 [inline]
       __bpf_prog_run include/linux/filter.h:616 [inline]
       bpf_prog_run include/linux/filter.h:623 [inline]
       bpf_prog_run_array include/linux/bpf.h:1994 [inline]
       trace_call_bpf+0x333/0x6c0 kernel/trace/bpf_trace.c:143
       perf_trace_run_bpf_submit+0x7a/0x1c0 kernel/events/core.c:10295
       perf_trace_lock_acquire+0x34f/0x410 include/trace/events/lock.h:24
       trace_lock_acquire include/trace/events/lock.h:24 [inline]
       lock_acquire+0x3ef/0x420 kernel/locking/lockdep.c:5725
       rcu_lock_acquire include/linux/rcupdate.h:334 [inline]
       rcu_read_lock include/linux/rcupdate.h:786 [inline]
       mod_objcg_mlstate+0xad/0x320 mm/memcontrol.c:2913
       drain_obj_stock+0x164/0x360 mm/memcontrol.c:3321
       refill_obj_stock+0x1fc/0x6a0 mm/memcontrol.c:3370
       memcg_slab_free_hook+0x125/0x1f0 mm/slab.h:576
       slab_free mm/slub.c:3825 [inline]
       kmem_cache_free_bulk+0x324/0x450 mm/slub.c:3948
       kfree_bulk include/linux/slab.h:517 [inline]
       kvfree_rcu_bulk+0x1eb/0x470 kernel/rcu/tree.c:3032
       kvfree_rcu_drain_ready kernel/rcu/tree.c:3216 [inline]
       kfree_rcu_monitor+0x7fe/0xf70 kernel/rcu/tree.c:3234
       process_one_work kernel/workqueue.c:2653 [inline]
       process_scheduled_works+0xa5d/0x15d0 kernel/workqueue.c:2730
       worker_thread+0xa55/0xfc0 kernel/workqueue.c:2811
       kthread+0x2fa/0x390 kernel/kthread.c:388
       ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
       ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(stock_lock);
                               lock(&trie->lock);
                               lock(stock_lock);
  lock(&trie->lock);

 *** DEADLOCK ***

5 locks held by kworker/0:1/9:
 #0: ffff888017c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline]
 #0: ffff888017c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2730
 #1: ffffc900000e7d00 ((work_completion)(&(&krcp->monitor_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline]
 #1: ffffc900000e7d00 ((work_completion)(&(&krcp->monitor_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2730
 #2: ffffffff8d132200 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:334 [inline]
 #2: ffffffff8d132200 (rcu_callback){....}-{0:0}, at: kvfree_rcu_bulk+0x135/0x470 kernel/rcu/tree.c:3026
 #3: ffff8880b8e37d68 (stock_lock){..-.}-{2:2}, at: local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
 #3: ffff8880b8e37d68 (stock_lock){..-.}-{2:2}, at: refill_obj_stock+0xef/0x6a0 mm/memcontrol.c:3366
 #4: ffffffff8d1320e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:334 [inline]
 #4: ffffffff8d1320e0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:786 [inline]
 #4: ffffffff8d1320e0 (rcu_read_lock){....}-{1:2}, at: trace_call_bpf+0xc3/0x6c0 kernel/trace/bpf_trace.c:142

stack backtrace:
CPU: 0 PID: 9 Comm: kworker/0:1 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Workqueue: events kfree_rcu_monitor
Call Trace:
 <TASK>
 dump_stack_lvl+0x18c/0x250 lib/dump_stack.c:106
 check_noncircular+0x2fc/0x400 kernel/locking/lockdep.c:2187
 check_prev_add kernel/locking/lockdep.c:3134 [inline]
 check_prevs_add kernel/locking/lockdep.c:3253 [inline]
 validate_chain kernel/locking/lockdep.c:3869 [inline]
 __lock_acquire+0x2df1/0x7d40 kernel/locking/lockdep.c:5137
 lock_acquire+0x19e/0x420 kernel/locking/lockdep.c:5754
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0xb4/0x100 kernel/locking/spinlock.c:162
 trie_delete_elem+0x96/0x6a0 kernel/bpf/lpm_trie.c:467
 bpf_prog_2c29ac5cdc6b1842+0x42/0x46
 bpf_dispatcher_nop_func include/linux/bpf.h:1224 [inline]
 __bpf_prog_run include/linux/filter.h:616 [inline]
 bpf_prog_run include/linux/filter.h:623 [inline]
 bpf_prog_run_array include/linux/bpf.h:1994 [inline]
 trace_call_bpf+0x333/0x6c0 kernel/trace/bpf_trace.c:143
 perf_trace_run_bpf_submit+0x7a/0x1c0 kernel/events/core.c:10295
 perf_trace_lock_acquire+0x34f/0x410 include/trace/events/lock.h:24
 trace_lock_acquire include/trace/events/lock.h:24 [inline]
 lock_acquire+0x3ef/0x420 kernel/locking/lockdep.c:5725
 rcu_lock_acquire include/linux/rcupdate.h:334 [inline]
 rcu_read_lock include/linux/rcupdate.h:786 [inline]
 mod_objcg_mlstate+0xad/0x320 mm/memcontrol.c:2913
 drain_obj_stock+0x164/0x360 mm/memcontrol.c:3321
 refill_obj_stock+0x1fc/0x6a0 mm/memcontrol.c:3370
 memcg_slab_free_hook+0x125/0x1f0 mm/slab.h:576
 slab_free mm/slub.c:3825 [inline]
 kmem_cache_free_bulk+0x324/0x450 mm/slub.c:3948
 kfree_bulk include/linux/slab.h:517 [inline]
 kvfree_rcu_bulk+0x1eb/0x470 kernel/rcu/tree.c:3032
 kvfree_rcu_drain_ready kernel/rcu/tree.c:3216 [inline]
 kfree_rcu_monitor+0x7fe/0xf70 kernel/rcu/tree.c:3234
 process_one_work kernel/workqueue.c:2653 [inline]
 process_scheduled_works+0xa5d/0x15d0 kernel/workqueue.c:2730
 worker_thread+0xa55/0xfc0 kernel/workqueue.c:2811
 kthread+0x2fa/0x390 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>