bridge0: port 3(team0) entered blocking state
================================
WARNING: inconsistent lock state
4.14.290-syzkaller #0 Not tainted
--------------------------------
bridge0: port 3(team0) entered disabled state
inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
kworker/1:3/8601 [HC0[0]:SC0[0]:HE1:SE1] takes:
 (&(&xprt->transport_lock)->rlock){+.?.}, at: [<ffffffff86726708>] spin_lock include/linux/spinlock.h:317 [inline]
 (&(&xprt->transport_lock)->rlock){+.?.}, at: [<ffffffff86726708>] xprt_destroy+0x68/0x1c0 net/sunrpc/xprt.c:1528
{IN-SOFTIRQ-W} state was registered at:
  lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
  __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
  _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:176
  spin_lock_bh include/linux/spinlock.h:322 [inline]
  xprt_disconnect_done+0x19/0x40 net/sunrpc/xprt.c:664
  xs_sock_mark_closed net/sunrpc/xprtsock.c:811 [inline]
  xs_tcp_state_change+0x3c4/0x7e0 net/sunrpc/xprtsock.c:1637
device team0 entered promiscuous mode
  tcp_done+0x14f/0x210 net/ipv4/tcp.c:3427
device team_slave_0 entered promiscuous mode
  tcp_v4_err+0x7dd/0x1820 net/ipv4/tcp_ipv4.c:523
  icmp_socket_deliver+0x1a7/0x330 net/ipv4/icmp.c:838
  icmp_unreach+0x268/0xae0 net/ipv4/icmp.c:955
  icmp_rcv+0xb7f/0x1240 net/ipv4/icmp.c:1136
  ip_local_deliver_finish+0x3f2/0xab0 net/ipv4/ip_input.c:216
  NF_HOOK include/linux/netfilter.h:250 [inline]
  ip_local_deliver+0x167/0x460 net/ipv4/ip_input.c:257
  dst_input include/net/dst.h:476 [inline]
  ip_rcv_finish+0x6e3/0x19f0 net/ipv4/ip_input.c:396
  NF_HOOK include/linux/netfilter.h:250 [inline]
  ip_rcv+0x8a7/0xf10 net/ipv4/ip_input.c:493
  __netif_receive_skb_core+0x15ee/0x2a30 net/core/dev.c:4474
  __netif_receive_skb+0x27/0x1a0 net/core/dev.c:4512
  process_backlog+0x218/0x6f0 net/core/dev.c:5195
  napi_poll net/core/dev.c:5604 [inline]
  net_rx_action+0x466/0xfd0 net/core/dev.c:5670
device team_slave_1 entered promiscuous mode
  __do_softirq+0x24d/0x9ff kernel/softirq.c:288
  run_ksoftirqd+0x50/0x1a0 kernel/softirq.c:670
  smpboot_thread_fn+0x5c1/0x920 kernel/smpboot.c:164
  kthread+0x30d/0x420 kernel/kthread.c:232
  ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
bridge0: port 3(team0) entered blocking state
irq event stamp: 118173
hardirqs last  enabled at (118173): [<ffffffff817ed47a>] kfree+0x14a/0x250 mm/slab.c:3816
hardirqs last disabled at (118172): [<ffffffff817ed39f>] kfree+0x6f/0x250 mm/slab.c:3809
softirqs last  enabled at (118154): [<ffffffff86749b6d>] spin_unlock_bh include/linux/spinlock.h:362 [inline]
softirqs last  enabled at (118154): [<ffffffff86749b6d>] rpc_wake_up_first_on_wq+0x18d/0x480 net/sunrpc/sched.c:559
softirqs last disabled at (118152): [<ffffffff86749a09>] spin_lock_bh include/linux/spinlock.h:322 [inline]
softirqs last disabled at (118152): [<ffffffff86749a09>] rpc_wake_up_first_on_wq+0x29/0x480 net/sunrpc/sched.c:551

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&(&xprt->transport_lock)->rlock);
  <Interrupt>
    lock(&(&xprt->transport_lock)->rlock);
bridge0: port 3(team0) entered forwarding state

 *** DEADLOCK ***

2 locks held by kworker/1:3/8601:
 #0:  ("rpciod"){+.+.}, at: [<ffffffff81364eb0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
 #1: 
device team0 left promiscuous mode
 ((&task->u.tk_work)){+.+.}, at: [<ffffffff81364ee6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092

stack backtrace:
CPU: 1 PID: 8601 Comm: kworker/1:3 Not tainted 4.14.290-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Workqueue: rpciod rpc_async_schedule
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 print_usage_bug.cold+0x42e/0x570 kernel/locking/lockdep.c:2589
device team_slave_0 left promiscuous mode
 valid_state kernel/locking/lockdep.c:2602 [inline]
 mark_lock_irq kernel/locking/lockdep.c:2796 [inline]
 mark_lock+0xb4d/0x1050 kernel/locking/lockdep.c:3194
 mark_irqflags kernel/locking/lockdep.c:3090 [inline]
 __lock_acquire+0xd5c/0x3f20 kernel/locking/lockdep.c:3448
device team_slave_1 left promiscuous mode
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
bridge0: port 3(team0) entered disabled state
 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
 _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:152
 spin_lock include/linux/spinlock.h:317 [inline]
 xprt_destroy+0x68/0x1c0 net/sunrpc/xprt.c:1528
 xprt_destroy_kref net/sunrpc/xprt.c:1542 [inline]
 kref_put include/linux/kref.h:70 [inline]
 xprt_put+0x32/0x40 net/sunrpc/xprt.c:1566
 rpc_task_release_transport net/sunrpc/clnt.c:974 [inline]
 rpc_task_release_client+0x1cd/0x280 net/sunrpc/clnt.c:992
 rpc_release_resources_task net/sunrpc/sched.c:1030 [inline]
 rpc_release_task net/sunrpc/sched.c:1069 [inline]
 __rpc_execute+0x66b/0xc90 net/sunrpc/sched.c:832
 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
EXT4-fs (loop1): unsupported inode size: 0
EXT4-fs (loop1): blocksize: 4096
batman_adv: batadv0: Adding interface: team0
batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Interface activated: team0
audit: type=1800 audit(1659370800.130:11): pid=10794 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file0" dev="sda1" ino=13940 res=0
device team0 left promiscuous mode
device team_slave_0 left promiscuous mode
device team_slave_1 left promiscuous mode
bridge0: port 3(team0) entered disabled state
batman_adv: batadv0: Adding interface: team0
batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
EXT4-fs (loop1): unsupported inode size: 0
EXT4-fs (loop1): blocksize: 4096
batman_adv: batadv0: Interface activated: team0
batman_adv: batadv0: Interface deactivated: team0
batman_adv: batadv0: Removing interface: team0
ISO 9660 Extensions: Microsoft Joliet Level 0
bridge0: port 3(team0) entered blocking state
bridge0: port 3(team0) entered disabled state
device team0 entered promiscuous mode
EXT4-fs (loop1): unsupported inode size: 0
EXT4-fs (loop1): blocksize: 4096
device team_slave_0 entered promiscuous mode
device team_slave_1 entered promiscuous mode
bridge0: port 3(team0) entered blocking state
bridge0: port 3(team0) entered forwarding state
device team0 left promiscuous mode
device team_slave_0 left promiscuous mode
print_req_error: I/O error, dev loop5, sector 0
device team_slave_1 left promiscuous mode
ISO 9660 Extensions: Microsoft Joliet Level 0
ISO 9660 Extensions: Microsoft Joliet Level 0
bridge0: port 3(team0) entered disabled state
batman_adv: batadv0: Adding interface: team0
audit: type=1800 audit(1659370801.020:12): pid=10929 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file0" dev="sda1" ino=13917 res=0
audit: type=1804 audit(1659370801.040:13): pid=10929 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir2990513494/syzkaller.KHpy2G/55/file0" dev="sda1" ino=13917 res=1
batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Interface activated: team0
print_req_error: I/O error, dev loop2, sector 0
ISO 9660 Extensions: Microsoft Joliet Level 0
ISO 9660 Extensions: Microsoft Joliet Level 0
ISO 9660 Extensions: Microsoft Joliet Level 0
ISO 9660 Extensions: Microsoft Joliet Level 0
sctp: [Deprecated]: syz-executor.4 (pid 11066) Use of struct sctp_assoc_value in delayed_ack socket option.
Use struct sctp_sack_info instead
Unknown ioctl 1076391951
sctp: [Deprecated]: syz-executor.4 (pid 11076) Use of struct sctp_assoc_value in delayed_ack socket option.
Use struct sctp_sack_info instead
caif:caif_disconnect_client(): nothing to disconnect
ISO 9660 Extensions: Microsoft Joliet Level 0
sctp: [Deprecated]: syz-executor.4 (pid 11109) Use of struct sctp_assoc_value in delayed_ack socket option.
Use struct sctp_sack_info instead
print_req_error: I/O error, dev loop7, sector 0
Buffer I/O error on dev loop7, logical block 0, lost async page write
print_req_error: I/O error, dev loop7, sector 1
print_req_error: I/O error, dev loop7, sector 2
Buffer I/O error on dev loop7, logical block 1, lost async page write
Buffer I/O error on dev loop7, logical block 2, lost async page write
print_req_error: I/O error, dev loop7, sector 3
Buffer I/O error on dev loop7, logical block 3, lost async page write
print_req_error: I/O error, dev loop7, sector 4
Buffer I/O error on dev loop7, logical block 4, lost async page write
print_req_error: I/O error, dev loop7, sector 5
print_req_error: I/O error, dev loop7, sector 6
Buffer I/O error on dev loop7, logical block 5, lost async page write
Buffer I/O error on dev loop7, logical block 6, lost async page write
print_req_error: I/O error, dev loop7, sector 7
print_req_error: I/O error, dev loop7, sector 8
Buffer I/O error on dev loop7, logical block 7, lost async page write
Buffer I/O error on dev loop7, logical block 8, lost async page write
print_req_error: I/O error, dev loop7, sector 9
Buffer I/O error on dev loop7, logical block 9, lost async page write
print_req_error: I/O error, dev loop7, sector 10
print_req_error: I/O error, dev loop7, sector 11
Unknown ioctl 1076391951
Unknown ioctl 1076391951
caif:caif_disconnect_client(): nothing to disconnect
sctp: [Deprecated]: syz-executor.1 (pid 11151) Use of struct sctp_assoc_value in delayed_ack socket option.
Use struct sctp_sack_info instead
caif:caif_disconnect_client(): nothing to disconnect
netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'.
sctp: [Deprecated]: syz-executor.1 (pid 11184) Use of struct sctp_assoc_value in delayed_ack socket option.
Use struct sctp_sack_info instead
netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'.
Unknown ioctl 1076391951
sctp: [Deprecated]: syz-executor.1 (pid 11209) Use of struct sctp_assoc_value in delayed_ack socket option.
Use struct sctp_sack_info instead
caif:caif_disconnect_client(): nothing to disconnect
sctp: [Deprecated]: syz-executor.1 (pid 11228) Use of struct sctp_assoc_value in delayed_ack socket option.
Use struct sctp_sack_info instead
netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'.
EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
sctp: [Deprecated]: syz-executor.1 (pid 11270) Use of struct sctp_assoc_value in delayed_ack socket option.
Use struct sctp_sack_info instead
sctp: [Deprecated]: syz-executor.1 (pid 11318) Use of struct sctp_assoc_value in delayed_ack socket option.
Use struct sctp_sack_info instead
sctp: [Deprecated]: syz-executor.3 (pid 11322) Use of struct sctp_assoc_value in delayed_ack socket option.
Use struct sctp_sack_info instead
EXT4-fs (loop5): Unrecognized mount option "cpuacct.stat" or missing value
EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1
netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
overlayfs: failed to create directory ./file1/work (errno: 13); mounting read-only
FAT-fs (loop5): Unrecognized mount option "pcr=00000000000000000047" or missing value
EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop0): VFS: Can't find ext4 filesystem
sd 0:0:1:0: [sg0] tag#7414 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sg0] tag#7414 CDB: opcode=0xcd (vendor)
sd 0:0:1:0: [sg0] tag#7414 CDB[00]: cd 86 de 33 46 28 78 0e d7 05 29 d0 21 29 03 69
sd 0:0:1:0: [sg0] tag#7414 CDB[10]: 79 1f 91 03 cd b8 40 97 a6 43 06 4d de df 44 be
sd 0:0:1:0: [sg0] tag#7414 CDB[20]: f8
sd 0:0:1:0: [sg0] tag#1636 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sg0] tag#1636 CDB: opcode=0xcd (vendor)
sd 0:0:1:0: [sg0] tag#1636 CDB[00]: cd 86 de 33 46 28 78 0e d7 05 29 d0 21 29 03 69
sd 0:0:1:0: [sg0] tag#1636 CDB[10]: 79 1f 91 03 cd b8 40 97 a6 43 06 4d de df 44 be
sd 0:0:1:0: [sg0] tag#1636 CDB[20]: f8
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
sd 0:0:1:0: [sg0] tag#1636 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sg0] tag#1636 CDB: opcode=0xcd (vendor)
sd 0:0:1:0: [sg0] tag#1636 CDB[00]: cd 86 de 33 46 28 78 0e d7 05 29 d0 21 29 03 69
sd 0:0:1:0: [sg0] tag#1636 CDB[10]: 79 1f 91 03 cd b8 40 97 a6 43 06 4d de df 44 be
sd 0:0:1:0: [sg0] tag#1636 CDB[20]: f8
sd 0:0:1:0: [sg0] tag#1636 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sg0] tag#1636 CDB: opcode=0xcd (vendor)
sd 0:0:1:0: [sg0] tag#1636 CDB[00]: cd 86 de 33 46 28 78 0e d7 05 29 d0 21 29 03 69
sd 0:0:1:0: [sg0] tag#1636 CDB[10]: 79 1f 91 03 cd b8 40 97 a6 43 06 4d de df 44 be
sd 0:0:1:0: [sg0] tag#1636 CDB[20]: f8
EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (60729!=0)
EXT4-fs (loop0): group descriptors corrupted!
print_req_error: 1989 callbacks suppressed
print_req_error: I/O error, dev loop0, sector 0
buffer_io_error: 1990 callbacks suppressed
Buffer I/O error on dev loop0, logical block 0, async page read
print_req_error: I/O error, dev loop0, sector 6
Buffer I/O error on dev loop0, logical block 3, async page read
IPv6: ADDRCONF(NETDEV_UP): bond2: link is not ready
8021q: adding VLAN 0 to HW filter on device bond2
IPv6: ADDRCONF(NETDEV_UP): bond3: link is not ready
8021q: adding VLAN 0 to HW filter on device bond3
sd 0:0:1:0: [sg0] tag#1636 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sg0] tag#1636 CDB: opcode=0xcd (vendor)
sd 0:0:1:0: [sg0] tag#1636 CDB[00]: cd 86 de 33 46 28 78 0e d7 05 29 d0 21 29 03 69
sd 0:0:1:0: [sg0] tag#1636 CDB[10]: 79 1f 91 03 cd b8 40 97 a6 43 06 4d de df 44 be
sd 0:0:1:0: [sg0] tag#1636 CDB[20]: f8
IPv6: ADDRCONF(NETDEV_UP): bond4: link is not ready
8021q: adding VLAN 0 to HW filter on device bond4
batman_adv: batadv0: Interface deactivated: team0
batman_adv: batadv0: Removing interface: team0
8021q: adding VLAN 0 to HW filter on device team0
bond0: Enslaving team0 as an active interface with an up link
bond0: Releasing backup interface team0
bridge0: port 3(team0) entered blocking state
bridge0: port 3(team0) entered disabled state
device team0 entered promiscuous mode
device team_slave_0 entered promiscuous mode
device team_slave_1 entered promiscuous mode