syzbot

IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
======================================================
WARNING: possible circular locking dependency detected
4.14.235-syzkaller #0 Not tainted
------------------------------------------------------
kworker/u4:3/472 is trying to acquire lock:
 (k-sk_lock-AF_INET){+.+.}, at: [<ffffffff860fd59b>] lock_sock include/net/sock.h:1471 [inline]
 (k-sk_lock-AF_INET){+.+.}, at: [<ffffffff860fd59b>] do_tcp_setsockopt.constprop.0+0xfb/0x1c10 net/ipv4/tcp.c:2562

but task is already holding lock:
 ((&(&cp->cp_send_w)->work)){+.+.}, at: [<ffffffff81363aa6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 ((&(&cp->cp_send_w)->work)){+.+.}:
       flush_work+0xad/0x770 kernel/workqueue.c:2889
       __cancel_work_timer+0x321/0x460 kernel/workqueue.c:2964
       rds_tcp_reset_callbacks+0x18d/0x450 net/rds/tcp.c:167
       rds_tcp_accept_one+0x61a/0x8b0 net/rds/tcp_listen.c:194
       rds_tcp_accept_worker+0x4d/0x70 net/rds/tcp.c:407
       process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
       worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
       kthread+0x30d/0x420 kernel/kthread.c:232
       ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404

-> #0 (k-sk_lock-AF_INET){+.+.}:
       lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
       lock_sock_nested+0xb7/0x100 net/core/sock.c:2796
       lock_sock include/net/sock.h:1471 [inline]
       do_tcp_setsockopt.constprop.0+0xfb/0x1c10 net/ipv4/tcp.c:2562
       tcp_setsockopt net/ipv4/tcp.c:2830 [inline]
       tcp_setsockopt+0xa7/0xc0 net/ipv4/tcp.c:2822
       kernel_setsockopt+0xfb/0x1b0 net/socket.c:3396
       rds_tcp_cork net/rds/tcp_send.c:43 [inline]
       rds_tcp_xmit_path_prepare+0xaf/0xe0 net/rds/tcp_send.c:50
       rds_send_xmit+0x1ae/0x1c00 net/rds/send.c:187
       rds_send_worker+0x6d/0x240 net/rds/threads.c:189
       process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
       worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
       kthread+0x30d/0x420 kernel/kthread.c:232
       ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock((&(&cp->cp_send_w)->work));
                               lock(k-sk_lock-AF_INET);
                               lock((&(&cp->cp_send_w)->work));
  lock(k-sk_lock-AF_INET);

 *** DEADLOCK ***

2 locks held by kworker/u4:3/472:
 #0:  ("%s""krdsd"){+.+.}, at: [<ffffffff81363a70>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087
 #1:  ((&(&cp->cp_send_w)->work)){+.+.}, at: [<ffffffff81363aa6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091

stack backtrace:
CPU: 0 PID: 472 Comm: kworker/u4:3 Not tainted 4.14.235-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: krdsd rds_send_worker
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
 check_prev_add kernel/locking/lockdep.c:1905 [inline]
 check_prevs_add kernel/locking/lockdep.c:2022 [inline]
 validate_chain kernel/locking/lockdep.c:2464 [inline]
 __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 lock_sock_nested+0xb7/0x100 net/core/sock.c:2796
 lock_sock include/net/sock.h:1471 [inline]
 do_tcp_setsockopt.constprop.0+0xfb/0x1c10 net/ipv4/tcp.c:2562
 tcp_setsockopt net/ipv4/tcp.c:2830 [inline]
 tcp_setsockopt+0xa7/0xc0 net/ipv4/tcp.c:2822
 kernel_setsockopt+0xfb/0x1b0 net/socket.c:3396
 rds_tcp_cork net/rds/tcp_send.c:43 [inline]
 rds_tcp_xmit_path_prepare+0xaf/0xe0 net/rds/tcp_send.c:50
 rds_send_xmit+0x1ae/0x1c00 net/rds/send.c:187
 rds_send_worker+0x6d/0x240 net/rds/threads.c:189
 process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
batman_adv: batadv0: Interface activated: batadv_slave_1
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready
batman_adv: batadv0: Interface activated: batadv_slave_0
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
batman_adv: batadv0: Interface activated: batadv_slave_1
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
WARNING: can't dereference registers at 00000000000003a5 for ip retint_user+0x8/0x18
input: syz1 as /devices/virtual/input/input5
input: syz1 as /devices/virtual/input/input6
input: syz1 as /devices/virtual/input/input7
input: syz1 as /devices/virtual/input/input9
input: syz1 as /devices/virtual/input/input10
input: syz1 as /devices/virtual/input/input11
ip_tables: iptables: counters copy to user failed while replacing table
ip_tables: iptables: counters copy to user failed while replacing table
Unable to determine destination address.
Unable to determine destination address.
befs: (loop2): No write support. Marking filesystem read-only
befs: (loop2): invalid magic header
befs: (loop2): No write support. Marking filesystem read-only
befs: (loop2): invalid magic header
input: syz1 as /devices/virtual/input/input12
befs: (loop2): No write support. Marking filesystem read-only
input: syz1 as /devices/virtual/input/input13
befs: (loop2): invalid magic header
hrtimer: interrupt took 29920 ns
befs: (loop2): No write support. Marking filesystem read-only
befs: (loop2): invalid magic header
befs: (loop2): No write support. Marking filesystem read-only
befs: (loop2): invalid magic header
can: request_module (can-proto-0) failed.
can: request_module (can-proto-0) failed.
print_req_error: I/O error, dev loop5, sector 0