====================================================== WARNING: possible circular locking dependency detected 4.14.295-syzkaller #0 Not tainted ------------------------------------------------------ kworker/u4:6/9326 is trying to acquire lock: ((&(&cp->cp_send_w)->work)){+.+.}, at: [] flush_work+0x88/0x770 kernel/workqueue.c:2887 but task is already holding lock: (k-sk_lock-AF_INET){+.+.}, at: [] lock_sock include/net/sock.h:1473 [inline] (k-sk_lock-AF_INET){+.+.}, at: [] rds_tcp_reset_callbacks+0x181/0x450 net/rds/tcp.c:165 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (k-sk_lock-AF_INET){+.+.}: lock_sock_nested+0xb7/0x100 net/core/sock.c:2813 lock_sock include/net/sock.h:1473 [inline] do_tcp_setsockopt.constprop.0+0xfb/0x1c10 net/ipv4/tcp.c:2564 tcp_setsockopt net/ipv4/tcp.c:2832 [inline] tcp_setsockopt+0xa7/0xc0 net/ipv4/tcp.c:2824 kernel_setsockopt+0xfb/0x1b0 net/socket.c:3396 rds_tcp_cork net/rds/tcp_send.c:43 [inline] rds_tcp_xmit_path_prepare+0xaf/0xe0 net/rds/tcp_send.c:50 rds_send_xmit+0x1ae/0x1c00 net/rds/send.c:187 rds_send_worker+0x6d/0x240 net/rds/threads.c:189 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 -> #0 ((&(&cp->cp_send_w)->work)){+.+.}: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 flush_work+0xad/0x770 kernel/workqueue.c:2890 __cancel_work_timer+0x321/0x460 kernel/workqueue.c:2965 rds_tcp_reset_callbacks+0x18d/0x450 net/rds/tcp.c:167 rds_tcp_accept_one+0x61a/0x8b0 net/rds/tcp_listen.c:194 rds_tcp_accept_worker+0x4d/0x70 net/rds/tcp.c:407 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(k-sk_lock-AF_INET); lock((&(&cp->cp_send_w)->work)); lock(k-sk_lock-AF_INET); lock((&(&cp->cp_send_w)->work)); *** DEADLOCK *** 4 locks held by kworker/u4:6/9326: #0: ("%s""krdsd"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088 #1: ((&rtn->rds_tcp_accept_w)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 #2: (&tc->t_conn_path_lock){+.+.}, at: [] rds_tcp_accept_one+0x502/0x8b0 net/rds/tcp_listen.c:186 #3: (k-sk_lock-AF_INET){+.+.}, at: [] lock_sock include/net/sock.h:1473 [inline] #3: (k-sk_lock-AF_INET){+.+.}, at: [] rds_tcp_reset_callbacks+0x181/0x450 net/rds/tcp.c:165 stack backtrace: CPU: 1 PID: 9326 Comm: kworker/u4:6 Not tainted 4.14.295-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Workqueue: krdsd rds_tcp_accept_worker Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1905 [inline] check_prevs_add kernel/locking/lockdep.c:2022 [inline] validate_chain kernel/locking/lockdep.c:2464 [inline] __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 flush_work+0xad/0x770 kernel/workqueue.c:2890 __cancel_work_timer+0x321/0x460 kernel/workqueue.c:2965 rds_tcp_reset_callbacks+0x18d/0x450 net/rds/tcp.c:167 rds_tcp_accept_one+0x61a/0x8b0 net/rds/tcp_listen.c:194 rds_tcp_accept_worker+0x4d/0x70 net/rds/tcp.c:407 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 audit: type=1326 audit(1665428370.423:2): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=9715 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faee044d5a9 code=0x7ffc0000 audit: type=1326 audit(1665428370.453:3): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=9715 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faee044d5a9 code=0x7ffc0000 audit: type=1326 audit(1665428370.453:4): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=9715 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=103 compat=0 ip=0x7faee044d5a9 code=0x7ffc0000 audit: type=1326 audit(1665428370.453:5): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=9715 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faee044d5a9 code=0x7ffc0000 audit: type=1326 audit(1665428370.453:6): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=9715 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faee044d5a9 code=0x7ffc0000 audit: type=1326 audit(1665428370.523:7): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=9728 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faee044d5a9 code=0x7ffc0000 audit: type=1326 audit(1665428370.523:8): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=9728 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=103 compat=0 ip=0x7faee044d5a9 code=0x7ffc0000 audit: type=1326 audit(1665428370.523:9): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=9728 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faee044d5a9 code=0x7ffc0000 audit: type=1326 audit(1665428370.563:10): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=9740 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faee044d5a9 code=0x7ffc0000 L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. audit: type=1326 audit(1665428370.563:11): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=9740 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faee044d5a9 code=0x7ffc0000 print_req_error: I/O error, dev loop5, sector 0 netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 176 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 36 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 176 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 176 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 176 bytes leftover after parsing attributes in process `syz-executor.0'. print_req_error: I/O error, dev loop1, sector 0 kauditd_printk_skb: 18 callbacks suppressed audit: type=1804 audit(1665428375.693:30): pid=10174 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir2315379882/syzkaller.iRGroB/27/bus" dev="sda1" ino=13975 res=1 attempt to access beyond end of device loop4: rw=0, want=562949953421312, limit=2048 audit: type=1800 audit(1665428375.693:31): pid=10174 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="bus" dev="sda1" ino=13975 res=0 NILFS (loop4): I/O error reading meta-data file (ino=5, block-offset=0) NILFS (loop4): error -5 while loading super root attempt to access beyond end of device loop4: rw=0, want=562949953421312, limit=2048 NILFS (loop4): I/O error reading meta-data file (ino=5, block-offset=0) audit: type=1804 audit(1665428376.473:32): pid=10219 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir2104346364/syzkaller.4Jq9Jp/32/bus" dev="sda1" ino=13989 res=1 audit: type=1800 audit(1665428376.473:33): pid=10219 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=13989 res=0 NILFS (loop4): error -5 while loading super root kvm: emulating exchange as write audit: type=1804 audit(1665428376.903:34): pid=10243 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir2315379882/syzkaller.iRGroB/28/bus" dev="sda1" ino=13994 res=1 audit: type=1800 audit(1665428376.903:35): pid=10243 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="bus" dev="sda1" ino=13994 res=0 attempt to access beyond end of device loop4: rw=0, want=562949953421312, limit=2048 NILFS (loop4): I/O error reading meta-data file (ino=5, block-offset=0) NILFS (loop4): error -5 while loading super root attempt to access beyond end of device loop4: rw=0, want=562949953421312, limit=2048 NILFS (loop4): I/O error reading meta-data file (ino=5, block-offset=0) audit: type=1804 audit(1665428378.093:36): pid=10290 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir2104346364/syzkaller.4Jq9Jp/33/bus" dev="sda1" ino=13988 res=1 audit: type=1800 audit(1665428378.093:37): pid=10290 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=13988 res=0 audit: type=1804 audit(1665428378.093:38): pid=10292 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir1061581446/syzkaller.giYxov/25/bus" dev="sda1" ino=13996 res=1 audit: type=1800 audit(1665428378.093:39): pid=10292 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="bus" dev="sda1" ino=13996 res=0 NILFS (loop4): error -5 while loading super root print_req_error: I/O error, dev loop4, sector 0 Buffer I/O error on dev loop4, logical block 0, async page read print_req_error: I/O error, dev loop4, sector 4 Buffer I/O error on dev loop4, logical block 2, async page read print_req_error: I/O error, dev loop4, sector 6 Buffer I/O error on dev loop4, logical block 3, async page read print_req_error: I/O error, dev loop1, sector 0