program:
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, 0x0, 0x1, 0x7}, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
memfd_create(0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4001, 0x1, @dev={0xfe, 0x80, '\x00', 0x39}, 0x3e}, 0x1c)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x30, r2, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)={0x20, r4, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x48050}, 0x0)
[ 93.662924][ T5296] Bluetooth: hci0: command tx timeout
[ 93.697881][ T1359] cfg80211: failed to load regulatory.db
[ 93.873295][ T70]
[ 93.874544][ T70] ============================================
[ 93.877441][ T70] WARNING: possible recursive locking detected
[ 93.880130][ T70] syzkaller #0 Not tainted
[ 93.881910][ T70] --------------------------------------------
[ 93.884577][ T70] kworker/u4:4/70 is trying to acquire lock:
[ 93.887283][ T70] ffff88804152aa20 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: inet6_getname+0x1c8/0x740
[ 93.891581][ T70]
[ 93.891581][ T70] but task is already holding lock:
[ 93.894519][ T70] ffff88804152aa20 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_sock_set_cork+0x2c/0x2e0
[ 93.898375][ T70]
[ 93.898375][ T70] other info that might help us debug this:
[ 93.901544][ T70] Possible unsafe locking scenario:
[ 93.901544][ T70]
[ 93.904589][ T70] CPU0
[ 93.906004][ T70] ----
[ 93.907386][ T70] lock(k-sk_lock-AF_INET6);
[ 93.909401][ T70] lock(k-sk_lock-AF_INET6);
[ 93.911555][ T70]
[ 93.911555][ T70] *** DEADLOCK ***
[ 93.911555][ T70]
[ 93.915185][ T70] May be due to missing lock nesting notation
[ 93.915185][ T70]
[ 93.918736][ T70] 4 locks held by kworker/u4:4/70:
[ 93.921038][ T70] #0: ffff888035fc3948 ((wq_completion)krds_cp_wq#1/0){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830
[ 93.925961][ T70] #1: ffffc90000b0fc40 ((work_completion)(&(&cp->cp_send_w)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830
[ 93.931490][ T70] #2: ffff88804152aa20 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_sock_set_cork+0x2c/0x2e0
[ 93.935796][ T70] #3: ffff88804152abc8 (k-clock-AF_INET6){++.-}-{3:3}, at: rds_tcp_data_ready+0x113/0x9a0
[ 93.940021][ T70]
[ 93.940021][ T70] stack backtrace:
[ 93.942598][ T70] CPU: 0 UID: 0 PID: 70 Comm: kworker/u4:4 Not tainted syzkaller #0 PREEMPT(full)
[ 93.942612][ T70] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 93.942621][ T70] Workqueue: krds_cp_wq#1/0 rds_send_worker
[ 93.942640][ T70] Call Trace:
[ 93.942669][ T70]
[ 93.942711][ T70] dump_stack_lvl+0xe8/0x150
[ 93.942727][ T70] print_deadlock_bug+0x279/0x290
[ 93.942748][ T70] __lock_acquire+0x253f/0x2cf0
[ 93.942765][ T70] ? __update_page_owner_handle+0x5a/0x570
[ 93.942801][ T70] ? __update_page_owner_handle+0x51a/0x570
[ 93.942815][ T70] ? unwind_next_frame+0xa5/0x23c0
[ 93.942829][ T70] lock_acquire+0xf0/0x2e0
[ 93.942840][ T70] ? inet6_getname+0x1c8/0x740
[ 93.942852][ T70] lock_sock_nested+0x48/0x100
[ 93.942866][ T70] ? inet6_getname+0x1c8/0x740
[ 93.942875][ T70] inet6_getname+0x1c8/0x740
[ 93.942885][ T70] ? __pfx_inet6_getname+0x10/0x10
[ 93.942897][ T70] rds_tcp_conn_slots_available+0x288/0x470
[ 93.942908][ T70] ? __pfx_rds_tcp_conn_slots_available+0x10/0x10
[ 93.942922][ T70] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 93.942935][ T70] ? __pfx_rds_tcp_conn_slots_available+0x10/0x10
[ 93.942945][ T70] rds_recv_hs_exthdrs+0x60f/0x7c0
[ 93.942953][ T70] ? process_scheduled_works+0xb02/0x1830
[ 93.942961][ T70] ? worker_thread+0xa50/0xfc0
[ 93.942968][ T70] ? kthread+0x388/0x470
[ 93.942975][ T70] ? __pfx_rds_recv_hs_exthdrs+0x10/0x10
[ 93.942987][ T70] rds_recv_incoming+0x9f6/0x12d0
[ 93.942999][ T70] ? __pfx_rds_recv_incoming+0x10/0x10
[ 93.943009][ T70] ? skb_copy_bits+0x7e5/0x8f0
[ 93.943026][ T70] rds_tcp_data_recv+0x7f1/0xa40
[ 93.943045][ T70] __tcp_read_sock+0x196/0x970
[ 93.943061][ T70] ? __pfx_rds_tcp_data_recv+0x10/0x10
[ 93.943071][ T70] rds_tcp_data_ready+0x369/0x9a0
[ 93.943081][ T70] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 93.943093][ T70] ? __pfx_sock_def_readable+0x10/0x10
[ 93.943107][ T70] ? __pfx_rds_tcp_data_ready+0x10/0x10
[ 93.943120][ T70] tcp_rcv_established+0x19f4/0x2740
[ 93.943135][ T70] ? __pfx_tcp_rcv_established+0x10/0x10
[ 93.943149][ T70] tcp_v6_do_rcv+0x8eb/0x1ba0
[ 93.943170][ T70] ? __pfx_tcp_v6_do_rcv+0x10/0x10
[ 93.943182][ T70] __release_sock+0x1b8/0x3a0
[ 93.943197][ T70] release_sock+0x5f/0x1f0
[ 93.943205][ T70] ? __pfx_rds_tcp_xmit_path_complete+0x10/0x10
[ 93.943216][ T70] rds_send_xmit+0x207e/0x28d0
[ 93.943233][ T70] ? __pfx_rds_send_xmit+0x10/0x10
[ 93.943245][ T70] rds_send_worker+0x7d/0x2e0
[ 93.943257][ T70] ? process_scheduled_works+0xa25/0x1830
[ 93.943268][ T70] process_scheduled_works+0xb02/0x1830
[ 93.943285][ T70] ? __pfx_process_scheduled_works+0x10/0x10
[ 93.943296][ T70] ? assign_work+0x3d5/0x5e0
[ 93.943308][ T70] worker_thread+0xa50/0xfc0
[ 93.943324][ T70] kthread+0x388/0x470
[ 93.943333][ T70] ? __pfx_worker_thread+0x10/0x10
[ 93.943344][ T70] ? __pfx_kthread+0x10/0x10
[ 93.943352][ T70] ret_from_fork+0x51e/0xb90
[ 93.943365][ T70] ? __pfx_ret_from_fork+0x10/0x10
[ 93.943376][ T70] ? __switch_to+0xc7d/0x1450
[ 93.943387][ T70] ? __pfx_kthread+0x10/0x10
[ 93.943395][ T70] ret_from_fork_asm+0x1a/0x30
[ 93.943413][ T70]
[ 94.087970][ T70] BUG: sleeping function called from invalid context at net/core/sock.c:3782
[ 94.092082][ T70] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 70, name: kworker/u4:4
[ 94.096258][ T70] preempt_count: 201, expected: 0
[ 94.098628][ T70] RCU nest depth: 0, expected: 0
[ 94.100944][ T70] INFO: lockdep is turned off.
[ 94.103273][ T70] Preemption disabled at:
[ 94.103279][ T70] [<0000000000000000>] 0x0
[ 94.107474][ T70] CPU: 0 UID: 0 PID: 70 Comm: kworker/u4:4 Not tainted syzkaller #0 PREEMPT(full)
[ 94.107489][ T70] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 94.107497][ T70] Workqueue: krds_cp_wq#1/0 rds_send_worker
[ 94.107517][ T70] Call Trace:
[ 94.107525][ T70]
[ 94.107531][ T70] dump_stack_lvl+0xe8/0x150
[ 94.107548][ T70] __might_resched+0x378/0x4d0
[ 94.107567][ T70] lock_sock_nested+0x5d/0x100
[ 94.107615][ T70] inet6_getname+0x1c8/0x740
[ 94.107629][ T70] ? __pfx_inet6_getname+0x10/0x10
[ 94.107643][ T70] rds_tcp_conn_slots_available+0x288/0x470
[ 94.107656][ T70] ? __pfx_rds_tcp_conn_slots_available+0x10/0x10
[ 94.107671][ T70] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 94.107686][ T70] ? __pfx_rds_tcp_conn_slots_available+0x10/0x10
[ 94.107699][ T70] rds_recv_hs_exthdrs+0x60f/0x7c0
[ 94.107711][ T70] ? process_scheduled_works+0xb02/0x1830
[ 94.107725][ T70] ? worker_thread+0xa50/0xfc0
[ 94.107738][ T70] ? kthread+0x388/0x470
[ 94.107750][ T70] ? __pfx_rds_recv_hs_exthdrs+0x10/0x10
[ 94.107765][ T70] rds_recv_incoming+0x9f6/0x12d0
[ 94.107780][ T70] ? __pfx_rds_recv_incoming+0x10/0x10
[ 94.107793][ T70] ? skb_copy_bits+0x7e5/0x8f0
[ 94.107807][ T70] rds_tcp_data_recv+0x7f1/0xa40
[ 94.107823][ T70] __tcp_read_sock+0x196/0x970
[ 94.107840][ T70] ? __pfx_rds_tcp_data_recv+0x10/0x10
[ 94.107853][ T70] rds_tcp_data_ready+0x369/0x9a0
[ 94.107865][ T70] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 94.107878][ T70] ? __pfx_sock_def_readable+0x10/0x10
[ 94.107894][ T70] ? __pfx_rds_tcp_data_ready+0x10/0x10
[ 94.107908][ T70] tcp_rcv_established+0x19f4/0x2740
[ 94.107927][ T70] ? __pfx_tcp_rcv_established+0x10/0x10
[ 94.107943][ T70] tcp_v6_do_rcv+0x8eb/0x1ba0
[ 94.107963][ T70] ? __pfx_tcp_v6_do_rcv+0x10/0x10
[ 94.107978][ T70] __release_sock+0x1b8/0x3a0
[ 94.107994][ T70] release_sock+0x5f/0x1f0
[ 94.108005][ T70] ? __pfx_rds_tcp_xmit_path_complete+0x10/0x10
[ 94.108018][ T70] rds_send_xmit+0x207e/0x28d0
[ 94.108043][ T70] ? __pfx_rds_send_xmit+0x10/0x10
[ 94.108058][ T70] rds_send_worker+0x7d/0x2e0
[ 94.108072][ T70] ? process_scheduled_works+0xa25/0x1830
[ 94.108086][ T70] process_scheduled_works+0xb02/0x1830
[ 94.108105][ T70] ? __pfx_process_scheduled_works+0x10/0x10
[ 94.108120][ T70] ? assign_work+0x3d5/0x5e0
[ 94.108161][ T70] worker_thread+0xa50/0xfc0
[ 94.108182][ T70] kthread+0x388/0x470
[ 94.108193][ T70] ? __pfx_worker_thread+0x10/0x10
[ 94.108206][ T70] ? __pfx_kthread+0x10/0x10
[ 94.108216][ T70] ret_from_fork+0x51e/0xb90
[ 94.108231][ T70] ? __pfx_ret_from_fork+0x10/0x10
[ 94.108244][ T70] ? __switch_to+0xc7d/0x1450
[ 94.108258][ T70] ? __pfx_kthread+0x10/0x10
[ 94.108269][ T70] ret_from_fork_asm+0x1a/0x30
[ 94.108287][ T70]
[ 94.108342][ T70] BUG: scheduling while atomic: kworker/u4:4/70/0x00000202
[ 94.234153][ T70] INFO: lockdep is turned off.
[ 94.236085][ T70] Modules linked in:
[ 94.237924][ T70] Preemption disabled at:
[ 94.237931][ T70] [<0000000000000000>] 0x0
[ 94.241886][ T70] Kernel panic - not syncing: scheduling while atomic: panic_on_warn set ...
[ 94.245541][ T70] CPU: 0 UID: 0 PID: 70 Comm: kworker/u4:4 Tainted: G W syzkaller #0 PREEMPT(full)
[ 94.250301][ T70] Tainted: [W]=WARN
[ 94.252004][ T70] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 94.256337][ T70] Workqueue: krds_cp_wq#1/0 rds_send_worker
[ 94.259053][ T70] Call Trace:
[ 94.260620][ T70]
[ 94.261940][ T70] vpanic+0x56c/0xa60
[ 94.263760][ T70] ? __pfx_vpanic+0x10/0x10
[ 94.266106][ T70] ? rcu_is_watching+0x15/0xb0
[ 94.268609][ T70] panic+0xc5/0xd0
[ 94.270839][ T70] ? __pfx_panic+0x10/0x10
[ 94.273475][ T70] ? __pfx__printk+0x10/0x10
[ 94.276149][ T70] check_panic_on_warn+0x89/0xb0
[ 94.278865][ T70] __schedule_bug+0xf6/0x150
[ 94.281303][ T70] __schedule+0x16a9/0x5340
[ 94.283727][ T70] ? __wake_up_klogd+0xe6/0x120
[ 94.285756][ T70] ? vprintk_emit+0x4eb/0x560
[ 94.287918][ T70] ? __pfx_vprintk_emit+0x10/0x10
[ 94.290200][ T70] ? unwind_next_frame+0xa5/0x23c0
[ 94.292467][ T70] ? rcu_is_watching+0x15/0xb0
[ 94.294717][ T70] ? do_raw_spin_lock+0x12b/0x2f0
[ 94.296978][ T70] ? __pfx___schedule+0x10/0x10
[ 94.299198][ T70] ? rcu_is_watching+0x15/0xb0
[ 94.301252][ T70] ? rcu_is_watching+0x15/0xb0
[ 94.303556][ T70] ? lock_release+0x4b/0x3d0
[ 94.305538][ T70] ? schedule+0x90/0x360
[ 94.307432][ T70] ? wq_worker_sleeping+0x63/0x250
[ 94.309653][ T70] schedule+0x164/0x360
[ 94.311483][ T70] __lock_sock+0x161/0x2c0
[ 94.313354][ T70] ? __pfx___lock_sock+0x10/0x10
[ 94.315492][ T70] ? do_raw_spin_lock+0x12b/0x2f0
[ 94.317792][ T70] ? __pfx_autoremove_wake_function+0x10/0x10
[ 94.320662][ T70] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 94.323603][ T70] ? lock_sock_nested+0x6a/0x100
[ 94.325981][ T70] lock_sock_nested+0x9f/0x100
[ 94.328277][ T70] inet6_getname+0x1c8/0x740
[ 94.330487][ T70] ? __pfx_inet6_getname+0x10/0x10
[ 94.332727][ T70] rds_tcp_conn_slots_available+0x288/0x470
[ 94.335289][ T70] ? __pfx_rds_tcp_conn_slots_available+0x10/0x10
[ 94.338219][ T70] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 94.340708][ T70] ? __pfx_rds_tcp_conn_slots_available+0x10/0x10
[ 94.343737][ T70] rds_recv_hs_exthdrs+0x60f/0x7c0
[ 94.346247][ T70] ? process_scheduled_works+0xb02/0x1830
[ 94.348863][ T70] ? worker_thread+0xa50/0xfc0
[ 94.350932][ T70] ? kthread+0x388/0x470
[ 94.352776][ T70] ? __pfx_rds_recv_hs_exthdrs+0x10/0x10
[ 94.355241][ T70] rds_recv_incoming+0x9f6/0x12d0
[ 94.357409][ T70] ? __pfx_rds_recv_incoming+0x10/0x10
[ 94.360175][ T70] ? skb_copy_bits+0x7e5/0x8f0
[ 94.362523][ T70] rds_tcp_data_recv+0x7f1/0xa40
[ 94.364642][ T70] __tcp_read_sock+0x196/0x970
[ 94.366758][ T70] ? __pfx_rds_tcp_data_recv+0x10/0x10
[ 94.369143][ T70] rds_tcp_data_ready+0x369/0x9a0
[ 94.371499][ T70] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 94.373986][ T70] ? __pfx_sock_def_readable+0x10/0x10
[ 94.376547][ T70] ? __pfx_rds_tcp_data_ready+0x10/0x10
[ 94.378841][ T70] tcp_rcv_established+0x19f4/0x2740
[ 94.381152][ T70] ? __pfx_tcp_rcv_established+0x10/0x10
[ 94.383639][ T70] tcp_v6_do_rcv+0x8eb/0x1ba0
[ 94.385730][ T70] ? __pfx_tcp_v6_do_rcv+0x10/0x10
[ 94.388021][ T70] __release_sock+0x1b8/0x3a0
[ 94.390117][ T70] release_sock+0x5f/0x1f0
[ 94.391995][ T70] ? __pfx_rds_tcp_xmit_path_complete+0x10/0x10
[ 94.394746][ T70] rds_send_xmit+0x207e/0x28d0
[ 94.396891][ T70] ? __pfx_rds_send_xmit+0x10/0x10
[ 94.399183][ T70] rds_send_worker+0x7d/0x2e0
[ 94.401122][ T70] ? process_scheduled_works+0xa25/0x1830
[ 94.403706][ T70] process_scheduled_works+0xb02/0x1830
[ 94.406201][ T70] ? __pfx_process_scheduled_works+0x10/0x10
[ 94.408930][ T70] ? assign_work+0x3d5/0x5e0
[ 94.411031][ T70] worker_thread+0xa50/0xfc0
[ 94.413105][ T70] kthread+0x388/0x470
[ 94.414926][ T70] ? __pfx_worker_thread+0x10/0x10
[ 94.417203][ T70] ? __pfx_kthread+0x10/0x10
[ 94.419276][ T70] ret_from_fork+0x51e/0xb90
[ 94.421392][ T70] ? __pfx_ret_from_fork+0x10/0x10
[ 94.423724][ T70] ? __switch_to+0xc7d/0x1450
[ 94.425808][ T70] ? __pfx_kthread+0x10/0x10
[ 94.427841][ T70] ret_from_fork_asm+0x1a/0x30
[ 94.430103][ T70]
[ 94.431881][ T70] Kernel Offset: disabled
[ 94.433820][ T70] Rebooting in 86400 seconds..