Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.124' (ECDSA) to the list of known hosts. 2023/01/16 09:59:49 ignoring optional flag "sandboxArg"="0" 2023/01/16 09:59:49 parsed 1 programs 2023/01/16 09:59:49 executed programs: 0 syzkaller login: [ 32.860435] IPVS: ftp: loaded support on port[0] = 21 [ 33.007477] chnl_net:caif_netlink_parms(): no params data found [ 33.049504] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.056830] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.063870] device bridge_slave_0 entered promiscuous mode [ 33.072076] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.078783] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.086113] device bridge_slave_1 entered promiscuous mode [ 33.103716] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 33.112601] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 33.131267] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 33.139036] team0: Port device team_slave_0 added [ 33.144739] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 33.151949] team0: Port device team_slave_1 added [ 33.166874] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 33.173106] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.198450] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 33.209842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 33.216175] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.241407] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 33.255548] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 33.262865] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 33.282223] device hsr_slave_0 entered promiscuous mode [ 33.288608] device hsr_slave_1 entered promiscuous mode [ 33.295206] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 33.302186] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 33.365131] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.371525] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.378445] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.384848] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.416872] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 33.422932] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.432200] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 33.440830] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.449451] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.457507] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.464941] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 33.476596] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 33.482655] 8021q: adding VLAN 0 to HW filter on device team0 [ 33.492112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 33.500149] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.506545] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.516288] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 33.525335] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.531835] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.546339] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 33.555228] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 33.565642] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 33.576881] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 33.587451] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 33.598297] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 33.605321] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 33.612587] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 33.641521] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 33.649159] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 33.656047] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 33.667051] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 33.700186] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 33.710334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 33.741818] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 33.749463] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 33.757257] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 33.766918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 33.774725] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 33.781547] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 33.791782] device veth0_vlan entered promiscuous mode [ 33.800387] device veth1_vlan entered promiscuous mode [ 33.807036] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 33.816656] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 33.828972] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 33.837984] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 33.846216] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 33.853443] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 33.864317] device veth0_macvtap entered promiscuous mode [ 33.870824] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 33.879501] device veth1_macvtap entered promiscuous mode [ 33.888866] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 33.898320] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 33.908817] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 33.916246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 33.925461] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 33.936284] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 33.942945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 34.054443] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 34.061268] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.077761] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 34.080796] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 34.092121] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.093007] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 34.102856] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 34.112814] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 34.874081] Bluetooth: hci0: command 0x0409 tx timeout [ 36.952059] Bluetooth: hci0: command 0x041b tx timeout [ 37.125124] [ 37.126866] ====================================================== [ 37.133162] WARNING: possible circular locking dependency detected [ 37.139454] 4.19.211-syzkaller #0 Not tainted [ 37.143918] ------------------------------------------------------ [ 37.150208] kworker/u4:2/68 is trying to acquire lock: [ 37.155463] 000000009d2f4445 (&rs->rs_recv_lock){...-}, at: rds_wake_sk_sleep+0x1d/0xc0 [ 37.163592] [ 37.163592] but task is already holding lock: [ 37.170411] 00000000997d3ab9 (&(&rm->m_rs_lock)->rlock){..-.}, at: rds_send_remove_from_sock+0x278/0x8b0 [ 37.180021] [ 37.180021] which lock already depends on the new lock. [ 37.180021] [ 37.188314] [ 37.188314] the existing dependency chain (in reverse order) is: [ 37.195910] [ 37.195910] -> #1 (&(&rm->m_rs_lock)->rlock){..-.}: [ 37.202396] rds_message_put+0x198/0xd00 [ 37.206954] rds_inc_put+0xf9/0x140 [ 37.211083] rds_clear_recv_queue+0x147/0x350 [ 37.216085] rds_release+0xc6/0x350 [ 37.220216] __sock_release+0xcd/0x2a0 [ 37.224611] sock_close+0x15/0x20 [ 37.228565] __fput+0x2ce/0x890 [ 37.232345] task_work_run+0x148/0x1c0 [ 37.236742] exit_to_usermode_loop+0x251/0x2a0 [ 37.241828] do_syscall_64+0x538/0x620 [ 37.246223] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.251908] [ 37.251908] -> #0 (&rs->rs_recv_lock){...-}: [ 37.257779] _raw_read_lock_irqsave+0x93/0xd0 [ 37.262770] rds_wake_sk_sleep+0x1d/0xc0 [ 37.267333] rds_send_remove_from_sock+0xb1/0x8b0 [ 37.272680] rds_send_path_drop_acked+0x2de/0x3c0 [ 37.278023] rds_tcp_write_space+0x199/0x650 [ 37.282928] tcp_check_space+0x407/0x6f0 [ 37.287489] tcp_rcv_established+0x916/0x1ef0 [ 37.292483] tcp_v4_do_rcv+0x5d6/0x870 [ 37.296865] __release_sock+0x134/0x3a0 [ 37.301337] release_sock+0x54/0x1b0 [ 37.305547] do_tcp_setsockopt.constprop.0+0x42e/0x2340 [ 37.314034] tcp_setsockopt+0xb2/0xd0 [ 37.318343] kernel_setsockopt+0x106/0x1c0 [ 37.323085] rds_tcp_xmit_path_complete+0xbf/0x100 [ 37.328513] rds_send_xmit+0x13b5/0x2290 [ 37.333068] rds_send_worker+0x86/0x280 [ 37.337540] process_one_work+0x864/0x1570 [ 37.342270] worker_thread+0x64c/0x1130 [ 37.346738] kthread+0x33f/0x460 [ 37.350605] ret_from_fork+0x24/0x30 [ 37.354809] [ 37.354809] other info that might help us debug this: [ 37.354809] [ 37.362927] Possible unsafe locking scenario: [ 37.362927] [ 37.368956] CPU0 CPU1 [ 37.373597] ---- ---- [ 37.378237] lock(&(&rm->m_rs_lock)->rlock); [ 37.382706] lock(&rs->rs_recv_lock); [ 37.389091] lock(&(&rm->m_rs_lock)->rlock); [ 37.396085] lock(&rs->rs_recv_lock); [ 37.399951] [ 37.399951] *** DEADLOCK *** [ 37.399951] [ 37.405993] 5 locks held by kworker/u4:2/68: [ 37.410370] #0: 00000000e7974955 ((wq_completion)"%s""krdsd"){+.+.}, at: process_one_work+0x767/0x1570 [ 37.419886] #1: 00000000aada2942 ((work_completion)(&(&cp->cp_send_w)->work)){+.+.}, at: process_one_work+0x79c/0x1570 [ 37.430787] #2: 00000000d4e59231 (k-sk_lock-AF_INET){+.+.}, at: do_tcp_setsockopt.constprop.0+0x13f/0x2340 [ 37.440651] #3: 000000007d1145e6 (k-clock-AF_INET){++.-}, at: rds_tcp_write_space+0x25/0x650 [ 37.449389] #4: 00000000997d3ab9 (&(&rm->m_rs_lock)->rlock){..-.}, at: rds_send_remove_from_sock+0x278/0x8b0 [ 37.459524] [ 37.459524] stack backtrace: [ 37.464054] CPU: 1 PID: 68 Comm: kworker/u4:2 Not tainted 4.19.211-syzkaller #0 [ 37.471494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 37.480840] Workqueue: krdsd rds_send_worker [ 37.485222] Call Trace: [ 37.487791] dump_stack+0x1fc/0x2ef [ 37.491400] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 37.497180] __lock_acquire+0x30c9/0x3ff0 [ 37.501312] ? mark_held_locks+0xf0/0xf0 [ 37.505361] ? lock_acquire+0x170/0x3c0 [ 37.509318] ? mark_held_locks+0xf0/0xf0 [ 37.513365] ? trace_hardirqs_off+0x64/0x200 [ 37.517756] ? mark_held_locks+0xa6/0xf0 [ 37.521797] lock_acquire+0x170/0x3c0 [ 37.525577] ? rds_wake_sk_sleep+0x1d/0xc0 [ 37.529795] ? rds_send_remove_from_sock+0x278/0x8b0 [ 37.534876] _raw_read_lock_irqsave+0x93/0xd0 [ 37.539351] ? rds_wake_sk_sleep+0x1d/0xc0 [ 37.543567] rds_wake_sk_sleep+0x1d/0xc0 [ 37.547603] rds_send_remove_from_sock+0xb1/0x8b0 [ 37.552424] rds_send_path_drop_acked+0x2de/0x3c0 [ 37.557249] ? tcp_data_queue+0x971/0x4730 [ 37.561482] ? rds_tcp_recv_exit+0x20/0x20 [ 37.565716] ? rds_send_remove_from_sock+0x8b0/0x8b0 [ 37.570807] ? rds_tcp_write_space+0x25/0x650 [ 37.575281] ? sk_stream_wait_close+0x320/0x320 [ 37.579938] rds_tcp_write_space+0x199/0x650 [ 37.584330] tcp_check_space+0x407/0x6f0 [ 37.588373] tcp_rcv_established+0x916/0x1ef0 [ 37.592875] ? __release_sock+0xd0/0x3a0 [ 37.596915] ? tcp_data_queue+0x4730/0x4730 [ 37.601216] tcp_v4_do_rcv+0x5d6/0x870 [ 37.605093] __release_sock+0x134/0x3a0 [ 37.609056] release_sock+0x54/0x1b0 [ 37.612752] do_tcp_setsockopt.constprop.0+0x42e/0x2340 [ 37.618100] ? tcp_get_md5sig_pool+0xc0/0xc0 [ 37.622488] ? mark_held_locks+0xf0/0xf0 [ 37.626528] ? rds_tcp_is_acked+0xb0/0xb0 [ 37.630653] tcp_setsockopt+0xb2/0xd0 [ 37.634431] kernel_setsockopt+0x106/0x1c0 [ 37.638641] rds_tcp_xmit_path_complete+0xbf/0x100 [ 37.643659] ? rds_tcp_xmit_path_prepare+0x100/0x100 [ 37.648744] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 37.653303] ? rds_tcp_xmit_path_prepare+0x100/0x100 [ 37.658471] rds_send_xmit+0x13b5/0x2290 [ 37.662511] ? rds_send_drop_acked+0xc0/0xc0 [ 37.666897] ? check_preemption_disabled+0x41/0x280 [ 37.671893] rds_send_worker+0x86/0x280 [ 37.675849] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 37.680844] process_one_work+0x864/0x1570 [ 37.685060] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 37.689709] worker_thread+0x64c/0x1130 [ 37.693663] ? process_one_work+0x1570/0x1570 [ 37.698134] kthread+0x33f/0x460 [ 37.701491] ? kthread_park+0x180/0x180 [ 37.705457] ret_from_fork+0x24/0x30 2023/01/16 09:59:54 executed programs: 78 [ 39.041540] Bluetooth: hci0: command 0x040f tx timeout [ 41.110649] Bluetooth: hci0: command 0x0419 tx timeout 2023/01/16 09:59:59 executed programs: 241