IPVS: sync thread started: state = BACKUP, mcast_ifn = vlan0, syncid = 3, id = 0 ====================================================== WARNING: possible circular locking dependency detected 4.14.291-syzkaller #0 Not tainted ------------------------------------------------------ kworker/u4:6/9339 is trying to acquire lock: ((&(&cp->cp_send_w)->work)){+.+.}, at: [] flush_work+0x88/0x770 kernel/workqueue.c:2887 but task is already holding lock: (k-sk_lock-AF_INET){+.+.}, at: [] lock_sock include/net/sock.h:1473 [inline] (k-sk_lock-AF_INET){+.+.}, at: [] rds_tcp_reset_callbacks+0x181/0x450 net/rds/tcp.c:165 which lock already depends on the new lock. NILFS (loop1): recovery complete the existing dependency chain (in reverse order) is: -> #1 (k-sk_lock-AF_INET){+.+.}: lock_sock_nested+0xb7/0x100 net/core/sock.c:2813 lock_sock include/net/sock.h:1473 [inline] do_tcp_setsockopt.constprop.0+0xfb/0x1c10 net/ipv4/tcp.c:2564 tcp_setsockopt net/ipv4/tcp.c:2832 [inline] tcp_setsockopt+0xa7/0xc0 net/ipv4/tcp.c:2824 kernel_setsockopt+0xfb/0x1b0 net/socket.c:3396 rds_tcp_cork net/rds/tcp_send.c:43 [inline] rds_tcp_xmit_path_prepare+0xaf/0xe0 net/rds/tcp_send.c:50 rds_send_xmit+0x1ae/0x1c00 net/rds/send.c:187 NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds rds_send_worker+0x6d/0x240 net/rds/threads.c:189 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 -> #0 ((&(&cp->cp_send_w)->work)){+.+.}: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 flush_work+0xad/0x770 kernel/workqueue.c:2890 __cancel_work_timer+0x321/0x460 kernel/workqueue.c:2965 rds_tcp_reset_callbacks+0x18d/0x450 net/rds/tcp.c:167 rds_tcp_accept_one+0x61a/0x8b0 net/rds/tcp_listen.c:194 rds_tcp_accept_worker+0x4d/0x70 net/rds/tcp.c:407 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(k-sk_lock-AF_INET); lock((&(&cp->cp_send_w)->work)); lock(k-sk_lock-AF_INET); lock((&(&cp->cp_send_w)->work)); *** DEADLOCK *** 4 locks held by kworker/u4:6/9339: #0: ("%s""krdsd"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088 #1: ((&rtn->rds_tcp_accept_w)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 #2: (&tc->t_conn_path_lock){+.+.}, at: [] rds_tcp_accept_one+0x502/0x8b0 net/rds/tcp_listen.c:186 #3: (k-sk_lock-AF_INET){+.+.}, at: [] lock_sock include/net/sock.h:1473 [inline] #3: (k-sk_lock-AF_INET){+.+.}, at: [] rds_tcp_reset_callbacks+0x181/0x450 net/rds/tcp.c:165 stack backtrace: CPU: 1 PID: 9339 Comm: kworker/u4:6 Not tainted 4.14.291-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 Workqueue: krdsd rds_tcp_accept_worker Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1905 [inline] check_prevs_add kernel/locking/lockdep.c:2022 [inline] validate_chain kernel/locking/lockdep.c:2464 [inline] __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 flush_work+0xad/0x770 kernel/workqueue.c:2890 __cancel_work_timer+0x321/0x460 kernel/workqueue.c:2965 rds_tcp_reset_callbacks+0x18d/0x450 net/rds/tcp.c:167 rds_tcp_accept_one+0x61a/0x8b0 net/rds/tcp_listen.c:194 rds_tcp_accept_worker+0x4d/0x70 net/rds/tcp.c:407 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) NILFS (loop1): mounting unchecked fs NILFS (loop1): recovery complete NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. NILFS (loop1): mounting unchecked fs netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. NILFS (loop1): recovery complete NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds audit: type=1804 audit(1661836007.437:48): pid=11647 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir2075468961/syzkaller.xBk6g9/67/bus" dev="sda1" ino=14065 res=1 netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. overlayfs: fs on 'file0' does not support file handles, falling back to index=off. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. overlayfs: fs on './file0' does not support file handles, falling back to index=off. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. overlayfs: fs on 'file0' does not support file handles, falling back to index=off. overlayfs: fs on 'file0' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. audit: type=1804 audit(1661836008.187:49): pid=11725 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir3197706601/syzkaller.YWX8Tt/79/bus" dev="sda1" ino=13845 res=1 audit: type=1804 audit(1661836008.217:50): pid=11717 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir2075468961/syzkaller.xBk6g9/68/bus" dev="sda1" ino=14153 res=1 netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. overlayfs: fs on 'file0' does not support file handles, falling back to index=off. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. overlayfs: fs on 'file0' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. overlayfs: fs on 'file0' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. audit: type=1804 audit(1661836008.937:51): pid=11767 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir3197706601/syzkaller.YWX8Tt/80/bus" dev="sda1" ino=14156 res=1 audit: type=1804 audit(1661836009.047:52): pid=11782 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir2075468961/syzkaller.xBk6g9/69/bus" dev="sda1" ino=14095 res=1 overlayfs: fs on 'file0' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. audit: type=1804 audit(1661836009.627:53): pid=11819 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir3197706601/syzkaller.YWX8Tt/81/bus" dev="sda1" ino=13874 res=1 audit: type=1804 audit(1661836009.717:54): pid=11838 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir2075468961/syzkaller.xBk6g9/70/bus" dev="sda1" ino=13877 res=1 Unknown ioctl 1080602275 Unknown ioctl 1080602275 Unknown ioctl 1080602275 Unknown ioctl 1080602275 Unknown ioctl 1080602275 Unknown ioctl 1080602275 Unknown ioctl 1080602275 Unknown ioctl 1080602275 Unknown ioctl 1080602275 Unknown ioctl 1080602275 Unknown ioctl 1080602275 Unknown ioctl 1080602275 Unknown ioctl 1080602275 Unknown ioctl 1080602275 Unknown ioctl 1080602275 Unknown ioctl 1080602275 Unknown ioctl 1080602275 Unknown ioctl 1080602275 Unknown ioctl 1080602275 Unknown ioctl 1080602275 Unknown ioctl 1080602275 8021q: adding VLAN 0 to HW filter on device team0 XFS (loop5): Invalid superblock magic number Unknown ioctl 1080602275 bond0: Enslaving team0 as an active interface with an up link Unknown ioctl 1080602275 Unknown ioctl 1080602275 bond0: Releasing backup interface team0 Unknown ioctl 1080602275 bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered disabled state device team0 entered promiscuous mode device team_slave_0 entered promiscuous mode device team_slave_1 entered promiscuous mode syz-executor.3 (12074) used greatest stack depth: 24288 bytes left device team0 left promiscuous mode device team_slave_0 left promiscuous mode device team_slave_1 left promiscuous mode bridge0: port 3(team0) entered disabled state 8021q: adding VLAN 0 to HW filter on device team0 Unknown ioctl 1080602275 bond0: Enslaving team0 as an active interface with an up link Unknown ioctl 1080602275 Unknown ioctl 1080602275 8021q: adding VLAN 0 to HW filter on device team0 bond0: Enslaving team0 as an active interface with an up link bond0: Releasing backup interface team0 bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered disabled state device team0 entered promiscuous mode device team_slave_0 entered promiscuous mode device team_slave_1 entered promiscuous mode bond0: Releasing backup interface team0 bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered disabled state syz-executor.3 (12133) used greatest stack depth: 23800 bytes left device team0 entered promiscuous mode device team_slave_0 entered promiscuous mode device team_slave_1 entered promiscuous mode bridge0: port 3(ipvlan2) entered blocking state bridge0: port 3(ipvlan2) entered disabled state device vxlan0 entered promiscuous mode device team0 left promiscuous mode device team_slave_0 left promiscuous mode device team_slave_1 left promiscuous mode bridge0: port 3(team0) entered disabled state 8021q: adding VLAN 0 to HW filter on device team0 bond0: Enslaving team0 as an active interface with an up link bond0: Releasing backup interface team0 bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered disabled state device team0 entered promiscuous mode device team_slave_0 entered promiscuous mode device team_slave_1 entered promiscuous mode device team0 left promiscuous mode device team_slave_0 left promiscuous mode device team_slave_1 left promiscuous mode bridge0: port 3(team0) entered disabled state 8021q: adding VLAN 0 to HW filter on device team0 bond0: Enslaving team0 as an active interface with an up link bond0: Releasing backup interface team0 bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered disabled state device team0 entered promiscuous mode device team_slave_0 entered promiscuous mode device team_slave_1 entered promiscuous mode device team0 left promiscuous mode device team_slave_0 left promiscuous mode device team_slave_1 left promiscuous mode bridge0: port 3(team0) entered disabled state 8021q: adding VLAN 0 to HW filter on device team0 bond0: Enslaving team0 as an active interface with an up link bridge0: port 3(ipvlan2) entered blocking state bridge0: port 3(ipvlan2) entered disabled state bond0: Releasing backup interface team0 bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered disabled state device team0 entered promiscuous mode device team_slave_0 entered promiscuous mode device team_slave_1 entered promiscuous mode device vxlan0 entered promiscuous mode device team0 left promiscuous mode device team_slave_0 left promiscuous mode device team_slave_1 left promiscuous mode bridge0: port 3(team0) entered disabled state 8021q: adding VLAN 0 to HW filter on device team0 bond0: Enslaving team0 as an active interface with an up link bond0: Releasing backup interface team0 bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered disabled state device team0 entered promiscuous mode device team_slave_0 entered promiscuous mode device team_slave_1 entered promiscuous mode device vxlan0 entered promiscuous mode device vxlan0 entered promiscuous mode