bridge0: port 3(team0) entered blocking state ================================ WARNING: inconsistent lock state 4.14.290-syzkaller #0 Not tainted -------------------------------- bridge0: port 3(team0) entered disabled state inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage. kworker/1:3/8601 [HC0[0]:SC0[0]:HE1:SE1] takes: (&(&xprt->transport_lock)->rlock){+.?.}, at: [] spin_lock include/linux/spinlock.h:317 [inline] (&(&xprt->transport_lock)->rlock){+.?.}, at: [] xprt_destroy+0x68/0x1c0 net/sunrpc/xprt.c:1528 {IN-SOFTIRQ-W} state was registered at: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:176 spin_lock_bh include/linux/spinlock.h:322 [inline] xprt_disconnect_done+0x19/0x40 net/sunrpc/xprt.c:664 xs_sock_mark_closed net/sunrpc/xprtsock.c:811 [inline] xs_tcp_state_change+0x3c4/0x7e0 net/sunrpc/xprtsock.c:1637 device team0 entered promiscuous mode tcp_done+0x14f/0x210 net/ipv4/tcp.c:3427 device team_slave_0 entered promiscuous mode tcp_v4_err+0x7dd/0x1820 net/ipv4/tcp_ipv4.c:523 icmp_socket_deliver+0x1a7/0x330 net/ipv4/icmp.c:838 icmp_unreach+0x268/0xae0 net/ipv4/icmp.c:955 icmp_rcv+0xb7f/0x1240 net/ipv4/icmp.c:1136 ip_local_deliver_finish+0x3f2/0xab0 net/ipv4/ip_input.c:216 NF_HOOK include/linux/netfilter.h:250 [inline] ip_local_deliver+0x167/0x460 net/ipv4/ip_input.c:257 dst_input include/net/dst.h:476 [inline] ip_rcv_finish+0x6e3/0x19f0 net/ipv4/ip_input.c:396 NF_HOOK include/linux/netfilter.h:250 [inline] ip_rcv+0x8a7/0xf10 net/ipv4/ip_input.c:493 __netif_receive_skb_core+0x15ee/0x2a30 net/core/dev.c:4474 __netif_receive_skb+0x27/0x1a0 net/core/dev.c:4512 process_backlog+0x218/0x6f0 net/core/dev.c:5195 napi_poll net/core/dev.c:5604 [inline] net_rx_action+0x466/0xfd0 net/core/dev.c:5670 device team_slave_1 entered promiscuous mode __do_softirq+0x24d/0x9ff kernel/softirq.c:288 run_ksoftirqd+0x50/0x1a0 kernel/softirq.c:670 smpboot_thread_fn+0x5c1/0x920 kernel/smpboot.c:164 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 bridge0: port 3(team0) entered blocking state irq event stamp: 118173 hardirqs last enabled at (118173): [] kfree+0x14a/0x250 mm/slab.c:3816 hardirqs last disabled at (118172): [] kfree+0x6f/0x250 mm/slab.c:3809 softirqs last enabled at (118154): [] spin_unlock_bh include/linux/spinlock.h:362 [inline] softirqs last enabled at (118154): [] rpc_wake_up_first_on_wq+0x18d/0x480 net/sunrpc/sched.c:559 softirqs last disabled at (118152): [] spin_lock_bh include/linux/spinlock.h:322 [inline] softirqs last disabled at (118152): [] rpc_wake_up_first_on_wq+0x29/0x480 net/sunrpc/sched.c:551 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&(&xprt->transport_lock)->rlock); lock(&(&xprt->transport_lock)->rlock); bridge0: port 3(team0) entered forwarding state *** DEADLOCK *** 2 locks held by kworker/1:3/8601: #0: ("rpciod"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088 #1: device team0 left promiscuous mode ((&task->u.tk_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 stack backtrace: CPU: 1 PID: 8601 Comm: kworker/1:3 Not tainted 4.14.290-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 Workqueue: rpciod rpc_async_schedule Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_usage_bug.cold+0x42e/0x570 kernel/locking/lockdep.c:2589 device team_slave_0 left promiscuous mode valid_state kernel/locking/lockdep.c:2602 [inline] mark_lock_irq kernel/locking/lockdep.c:2796 [inline] mark_lock+0xb4d/0x1050 kernel/locking/lockdep.c:3194 mark_irqflags kernel/locking/lockdep.c:3090 [inline] __lock_acquire+0xd5c/0x3f20 kernel/locking/lockdep.c:3448 device team_slave_1 left promiscuous mode lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 bridge0: port 3(team0) entered disabled state __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:152 spin_lock include/linux/spinlock.h:317 [inline] xprt_destroy+0x68/0x1c0 net/sunrpc/xprt.c:1528 xprt_destroy_kref net/sunrpc/xprt.c:1542 [inline] kref_put include/linux/kref.h:70 [inline] xprt_put+0x32/0x40 net/sunrpc/xprt.c:1566 rpc_task_release_transport net/sunrpc/clnt.c:974 [inline] rpc_task_release_client+0x1cd/0x280 net/sunrpc/clnt.c:992 rpc_release_resources_task net/sunrpc/sched.c:1030 [inline] rpc_release_task net/sunrpc/sched.c:1069 [inline] __rpc_execute+0x66b/0xc90 net/sunrpc/sched.c:832 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 EXT4-fs (loop1): unsupported inode size: 0 EXT4-fs (loop1): blocksize: 4096 batman_adv: batadv0: Adding interface: team0 batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. batman_adv: batadv0: Interface activated: team0 audit: type=1800 audit(1659370800.130:11): pid=10794 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file0" dev="sda1" ino=13940 res=0 device team0 left promiscuous mode device team_slave_0 left promiscuous mode device team_slave_1 left promiscuous mode bridge0: port 3(team0) entered disabled state batman_adv: batadv0: Adding interface: team0 batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. EXT4-fs (loop1): unsupported inode size: 0 EXT4-fs (loop1): blocksize: 4096 batman_adv: batadv0: Interface activated: team0 batman_adv: batadv0: Interface deactivated: team0 batman_adv: batadv0: Removing interface: team0 ISO 9660 Extensions: Microsoft Joliet Level 0 bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered disabled state device team0 entered promiscuous mode EXT4-fs (loop1): unsupported inode size: 0 EXT4-fs (loop1): blocksize: 4096 device team_slave_0 entered promiscuous mode device team_slave_1 entered promiscuous mode bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered forwarding state device team0 left promiscuous mode device team_slave_0 left promiscuous mode print_req_error: I/O error, dev loop5, sector 0 device team_slave_1 left promiscuous mode ISO 9660 Extensions: Microsoft Joliet Level 0 ISO 9660 Extensions: Microsoft Joliet Level 0 bridge0: port 3(team0) entered disabled state batman_adv: batadv0: Adding interface: team0 audit: type=1800 audit(1659370801.020:12): pid=10929 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file0" dev="sda1" ino=13917 res=0 audit: type=1804 audit(1659370801.040:13): pid=10929 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir2990513494/syzkaller.KHpy2G/55/file0" dev="sda1" ino=13917 res=1 batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. batman_adv: batadv0: Interface activated: team0 print_req_error: I/O error, dev loop2, sector 0 ISO 9660 Extensions: Microsoft Joliet Level 0 ISO 9660 Extensions: Microsoft Joliet Level 0 ISO 9660 Extensions: Microsoft Joliet Level 0 ISO 9660 Extensions: Microsoft Joliet Level 0 sctp: [Deprecated]: syz-executor.4 (pid 11066) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead Unknown ioctl 1076391951 sctp: [Deprecated]: syz-executor.4 (pid 11076) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead caif:caif_disconnect_client(): nothing to disconnect ISO 9660 Extensions: Microsoft Joliet Level 0 sctp: [Deprecated]: syz-executor.4 (pid 11109) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead print_req_error: I/O error, dev loop7, sector 0 Buffer I/O error on dev loop7, logical block 0, lost async page write print_req_error: I/O error, dev loop7, sector 1 print_req_error: I/O error, dev loop7, sector 2 Buffer I/O error on dev loop7, logical block 1, lost async page write Buffer I/O error on dev loop7, logical block 2, lost async page write print_req_error: I/O error, dev loop7, sector 3 Buffer I/O error on dev loop7, logical block 3, lost async page write print_req_error: I/O error, dev loop7, sector 4 Buffer I/O error on dev loop7, logical block 4, lost async page write print_req_error: I/O error, dev loop7, sector 5 print_req_error: I/O error, dev loop7, sector 6 Buffer I/O error on dev loop7, logical block 5, lost async page write Buffer I/O error on dev loop7, logical block 6, lost async page write print_req_error: I/O error, dev loop7, sector 7 print_req_error: I/O error, dev loop7, sector 8 Buffer I/O error on dev loop7, logical block 7, lost async page write Buffer I/O error on dev loop7, logical block 8, lost async page write print_req_error: I/O error, dev loop7, sector 9 Buffer I/O error on dev loop7, logical block 9, lost async page write print_req_error: I/O error, dev loop7, sector 10 print_req_error: I/O error, dev loop7, sector 11 Unknown ioctl 1076391951 Unknown ioctl 1076391951 caif:caif_disconnect_client(): nothing to disconnect sctp: [Deprecated]: syz-executor.1 (pid 11151) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead caif:caif_disconnect_client(): nothing to disconnect netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. sctp: [Deprecated]: syz-executor.1 (pid 11184) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. Unknown ioctl 1076391951 sctp: [Deprecated]: syz-executor.1 (pid 11209) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead caif:caif_disconnect_client(): nothing to disconnect sctp: [Deprecated]: syz-executor.1 (pid 11228) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue sctp: [Deprecated]: syz-executor.1 (pid 11270) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor.1 (pid 11318) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor.3 (pid 11322) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead EXT4-fs (loop5): Unrecognized mount option "cpuacct.stat" or missing value EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1 netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. overlayfs: failed to create directory ./file1/work (errno: 13); mounting read-only FAT-fs (loop5): Unrecognized mount option "pcr=00000000000000000047" or missing value EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop0): VFS: Can't find ext4 filesystem sd 0:0:1:0: [sg0] tag#7414 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#7414 CDB: opcode=0xcd (vendor) sd 0:0:1:0: [sg0] tag#7414 CDB[00]: cd 86 de 33 46 28 78 0e d7 05 29 d0 21 29 03 69 sd 0:0:1:0: [sg0] tag#7414 CDB[10]: 79 1f 91 03 cd b8 40 97 a6 43 06 4d de df 44 be sd 0:0:1:0: [sg0] tag#7414 CDB[20]: f8 sd 0:0:1:0: [sg0] tag#1636 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#1636 CDB: opcode=0xcd (vendor) sd 0:0:1:0: [sg0] tag#1636 CDB[00]: cd 86 de 33 46 28 78 0e d7 05 29 d0 21 29 03 69 sd 0:0:1:0: [sg0] tag#1636 CDB[10]: 79 1f 91 03 cd b8 40 97 a6 43 06 4d de df 44 be sd 0:0:1:0: [sg0] tag#1636 CDB[20]: f8 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. sd 0:0:1:0: [sg0] tag#1636 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#1636 CDB: opcode=0xcd (vendor) sd 0:0:1:0: [sg0] tag#1636 CDB[00]: cd 86 de 33 46 28 78 0e d7 05 29 d0 21 29 03 69 sd 0:0:1:0: [sg0] tag#1636 CDB[10]: 79 1f 91 03 cd b8 40 97 a6 43 06 4d de df 44 be sd 0:0:1:0: [sg0] tag#1636 CDB[20]: f8 sd 0:0:1:0: [sg0] tag#1636 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#1636 CDB: opcode=0xcd (vendor) sd 0:0:1:0: [sg0] tag#1636 CDB[00]: cd 86 de 33 46 28 78 0e d7 05 29 d0 21 29 03 69 sd 0:0:1:0: [sg0] tag#1636 CDB[10]: 79 1f 91 03 cd b8 40 97 a6 43 06 4d de df 44 be sd 0:0:1:0: [sg0] tag#1636 CDB[20]: f8 EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (60729!=0) EXT4-fs (loop0): group descriptors corrupted! print_req_error: 1989 callbacks suppressed print_req_error: I/O error, dev loop0, sector 0 buffer_io_error: 1990 callbacks suppressed Buffer I/O error on dev loop0, logical block 0, async page read print_req_error: I/O error, dev loop0, sector 6 Buffer I/O error on dev loop0, logical block 3, async page read IPv6: ADDRCONF(NETDEV_UP): bond2: link is not ready 8021q: adding VLAN 0 to HW filter on device bond2 IPv6: ADDRCONF(NETDEV_UP): bond3: link is not ready 8021q: adding VLAN 0 to HW filter on device bond3 sd 0:0:1:0: [sg0] tag#1636 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#1636 CDB: opcode=0xcd (vendor) sd 0:0:1:0: [sg0] tag#1636 CDB[00]: cd 86 de 33 46 28 78 0e d7 05 29 d0 21 29 03 69 sd 0:0:1:0: [sg0] tag#1636 CDB[10]: 79 1f 91 03 cd b8 40 97 a6 43 06 4d de df 44 be sd 0:0:1:0: [sg0] tag#1636 CDB[20]: f8 IPv6: ADDRCONF(NETDEV_UP): bond4: link is not ready 8021q: adding VLAN 0 to HW filter on device bond4 batman_adv: batadv0: Interface deactivated: team0 batman_adv: batadv0: Removing interface: team0 8021q: adding VLAN 0 to HW filter on device team0 bond0: Enslaving team0 as an active interface with an up link bond0: Releasing backup interface team0 bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered disabled state device team0 entered promiscuous mode device team_slave_0 entered promiscuous mode device team_slave_1 entered promiscuous mode