=====================================================
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
5.9.0-rc5-next-20200916-syzkaller #0 Not tainted
-----------------------------------------------------
syz-executor.1/14205 [HC0[0]:SC0[6]:HE0:SE0] is trying to acquire:
ffff8880a735de28 (&s->seqcount#10){+.+.}-{0:0}, at: xfrm_policy_lookup_inexact_addr+0x57/0x200 net/xfrm/xfrm_policy.c:1909
and this task is already holding:
ffff8880a62081a0 (k-slock-AF_INET6){+.-.}-{2:2}, at: spin_trylock include/linux/spinlock.h:364 [inline]
ffff8880a62081a0 (k-slock-AF_INET6){+.-.}-{2:2}, at: icmpv6_xmit_lock net/ipv6/icmp.c:117 [inline]
ffff8880a62081a0 (k-slock-AF_INET6){+.-.}-{2:2}, at: icmp6_send+0xe82/0x2670 net/ipv6/icmp.c:538
which would create a new lock dependency:
(k-slock-AF_INET6){+.-.}-{2:2} -> (&s->seqcount#10){+.+.}-{0:0}
but this new dependency connects a SOFTIRQ-irq-safe lock:
(k-slock-AF_INET6
){+.-.}-{2:2}
... which became SOFTIRQ-irq-safe at:
lock_acquire+0x1f2/0xaa0 kernel/locking/lockdep.c:5398
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151
spin_lock include/linux/spinlock.h:354 [inline]
sk_clone_lock+0x2a1/0x10b0 net/core/sock.c:1881
inet_csk_clone_lock+0x21/0x480 net/ipv4/inet_connection_sock.c:830
tcp_create_openreq_child+0x2d/0x1700 net/ipv4/tcp_minisocks.c:460
tcp_v6_syn_recv_sock+0x192/0x2240 net/ipv6/tcp_ipv6.c:1270
tcp_check_req+0x607/0x17b0 net/ipv4/tcp_minisocks.c:773
tcp_v6_rcv+0x1f15/0x3480 net/ipv6/tcp_ipv6.c:1632
ip6_protocol_deliver_rcu+0x2e8/0x1680 net/ipv6/ip6_input.c:433
ip6_input_finish+0x7f/0x160 net/ipv6/ip6_input.c:474
NF_HOOK include/linux/netfilter.h:301 [inline]
NF_HOOK include/linux/netfilter.h:295 [inline]
ip6_input+0x9c/0xd0 net/ipv6/ip6_input.c:483
dst_input include/net/dst.h:449 [inline]
ip6_rcv_finish net/ipv6/ip6_input.c:76 [inline]
NF_HOOK include/linux/netfilter.h:301 [inline]
NF_HOOK include/linux/netfilter.h:295 [inline]
ipv6_rcv+0x28e/0x3c0 net/ipv6/ip6_input.c:307
__netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:5287
__netif_receive_skb+0x27/0x1c0 net/core/dev.c:5401
process_backlog+0x2e1/0x8e0 net/core/dev.c:6286
napi_poll net/core/dev.c:6730 [inline]
net_rx_action+0x587/0x1320 net/core/dev.c:6800
__do_softirq+0x203/0xab6 kernel/softirq.c:298
asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:786
__run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline]
run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline]
do_softirq_own_stack+0x9d/0xd0 arch/x86/kernel/irq_64.c:77
do_softirq kernel/softirq.c:343 [inline]
do_softirq+0x154/0x1b0 kernel/softirq.c:330
__local_bh_enable_ip+0x196/0x1f0 kernel/softirq.c:195
local_bh_enable include/linux/bottom_half.h:32 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:730 [inline]
ip6_finish_output2+0x953/0x1770 net/ipv6/ip6_output.c:118
__ip6_finish_output net/ipv6/ip6_output.c:143 [inline]
__ip6_finish_output+0x447/0xab0 net/ipv6/ip6_output.c:128
ip6_finish_output+0x34/0x1f0 net/ipv6/ip6_output.c:153
NF_HOOK_COND include/linux/netfilter.h:290 [inline]
ip6_output+0x1db/0x520 net/ipv6/ip6_output.c:176
dst_output include/net/dst.h:443 [inline]
NF_HOOK include/linux/netfilter.h:301 [inline]
NF_HOOK include/linux/netfilter.h:295 [inline]
ip6_xmit+0x1258/0x1e80 net/ipv6/ip6_output.c:280
inet6_csk_xmit+0x339/0x610 net/ipv6/inet6_connection_sock.c:135
__tcp_transmit_skb+0x18cc/0x3760 net/ipv4/tcp_output.c:1404
__tcp_send_ack.part.0+0x3e0/0x5d0 net/ipv4/tcp_output.c:3965
__tcp_send_ack net/ipv4/tcp_output.c:3971 [inline]
tcp_send_ack+0x7d/0xa0 net/ipv4/tcp_output.c:3971
tcp_rcv_synsent_state_process net/ipv4/tcp_input.c:6159 [inline]
tcp_rcv_state_process+0x389b/0x4ca0 net/ipv4/tcp_input.c:6328
tcp_v6_do_rcv+0x7ad/0x1290 net/ipv6/tcp_ipv6.c:1483
sk_backlog_rcv include/net/sock.h:1010 [inline]
__release_sock+0x134/0x3a0 net/core/sock.c:2528
release_sock+0x54/0x1b0 net/core/sock.c:3051
inet_wait_for_connect net/ipv4/af_inet.c:594 [inline]
__inet_stream_connect+0x579/0xe30 net/ipv4/af_inet.c:686
inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:725
mptcp_stream_connect+0x156/0x7a0 net/mptcp/protocol.c:2495
__sys_connect_file+0x155/0x1a0 net/socket.c:1852
__sys_connect+0x161/0x190 net/socket.c:1869
__do_sys_connect net/socket.c:1879 [inline]
__se_sys_connect net/socket.c:1876 [inline]
__x64_sys_connect+0x6f/0xb0 net/socket.c:1876
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
to a SOFTIRQ-irq-unsafe lock:
(
&s->seqcount#10){+.+.}-{0:0}
... which became SOFTIRQ-irq-unsafe at:
...
lock_acquire+0x1f2/0xaa0 kernel/locking/lockdep.c:5398
write_seqcount_t_begin_nested include/linux/seqlock.h:509 [inline]
write_seqcount_t_begin include/linux/seqlock.h:535 [inline]
write_seqlock include/linux/seqlock.h:883 [inline]
xfrm_set_spdinfo+0x302/0x660 net/xfrm/xfrm_user.c:1185
xfrm_user_rcv_msg+0x41e/0x720 net/xfrm/xfrm_user.c:2684
netlink_rcv_skb+0x15a/0x430 net/netlink/af_netlink.c:2470
xfrm_netlink_rcv+0x6b/0x90 net/xfrm/xfrm_user.c:2692
netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1330
netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1919
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:671
____sys_sendmsg+0x6e8/0x810 net/socket.c:2362
___sys_sendmsg+0xf3/0x170 net/socket.c:2416
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2449
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
other info that might help us debug this:
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&s->seqcount#10);
local_irq_disable();
lock(k-slock-AF_INET6);
lock(&s->seqcount#10);
<Interrupt>
lock(k-slock-AF_INET6);
*** DEADLOCK ***
4 locks held by syz-executor.1/14205:
#0: ffffffff8a1034a0 (rcu_read_lock_bh){....}-{1:2}, at: lwtunnel_xmit_redirect include/net/lwtunnel.h:92 [inline]
#0: ffffffff8a1034a0 (rcu_read_lock_bh){....}-{1:2}, at: ip6_finish_output2+0x190/0x1770 net/ipv6/ip6_output.c:103
#1: ffffffff8a1034a0 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x1d7/0x2d30 net/core/dev.c:4072
#2: ffff8880a62081a0 (k-slock-AF_INET6){+.-.}-{2:2}, at: spin_trylock include/linux/spinlock.h:364 [inline]
#2: ffff8880a62081a0 (k-slock-AF_INET6){+.-.}-{2:2}, at: icmpv6_xmit_lock net/ipv6/icmp.c:117 [inline]
#2: ffff8880a62081a0 (k-slock-AF_INET6){+.-.}-{2:2}, at: icmp6_send+0xe82/0x2670 net/ipv6/icmp.c:538
#3: ffffffff8a103500 (rcu_read_lock){....}-{1:2}, at: xfrm_policy_lookup_bytype+0x104/0xa40 net/xfrm/xfrm_policy.c:2082
the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
-> (k-slock-AF_INET6){+.-.}-{2:2} {
HARDIRQ-ON-W at:
lock_acquire+0x1f2/0xaa0 kernel/locking/lockdep.c:5398
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
_raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:175
spin_lock_bh include/linux/spinlock.h:359 [inline]
lock_sock_nested+0x3b/0x110 net/core/sock.c:3034
lock_sock include/net/sock.h:1581 [inline]
tcp_sock_set_nodelay+0x18/0xe0 net/ipv4/tcp.c:2916
rds_tcp_listen_init+0x132/0x4d0 net/rds/tcp_listen.c:275
rds_tcp_init_net+0x265/0x4e0 net/rds/tcp.c:559
ops_init+0xaf/0x470 net/core/net_namespace.c:151
__register_pernet_operations net/core/net_namespace.c:1140 [inline]
register_pernet_operations+0x35a/0x850 net/core/net_namespace.c:1217
register_pernet_device+0x26/0x70 net/core/net_namespace.c:1304
rds_tcp_init+0x77/0xe0 net/rds/tcp.c:717
do_one_initcall+0x103/0x6f0 init/main.c:1204
do_initcall_level init/main.c:1277 [inline]
do_initcalls init/main.c:1293 [inline]
do_basic_setup init/main.c:1313 [inline]
kernel_init_freeable+0x652/0x6d6 init/main.c:1512
kernel_init+0xd/0x1b8 init/main.c:1402
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296
IN-SOFTIRQ-W at:
lock_acquire+0x1f2/0xaa0 kernel/locking/lockdep.c:5398
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151
spin_lock include/linux/spinlock.h:354 [inline]
sk_clone_lock+0x2a1/0x10b0 net/core/sock.c:1881
inet_csk_clone_lock+0x21/0x480 net/ipv4/inet_connection_sock.c:830
tcp_create_openreq_child+0x2d/0x1700 net/ipv4/tcp_minisocks.c:460
tcp_v6_syn_recv_sock+0x192/0x2240 net/ipv6/tcp_ipv6.c:1270
tcp_check_req+0x607/0x17b0 net/ipv4/tcp_minisocks.c:773
tcp_v6_rcv+0x1f15/0x3480 net/ipv6/tcp_ipv6.c:1632
ip6_protocol_deliver_rcu+0x2e8/0x1680 net/ipv6/ip6_input.c:433
ip6_input_finish+0x7f/0x160 net/ipv6/ip6_input.c:474
NF_HOOK include/linux/netfilter.h:301 [inline]
NF_HOOK include/linux/netfilter.h:295 [inline]
ip6_input+0x9c/0xd0 net/ipv6/ip6_input.c:483
dst_input include/net/dst.h:449 [inline]
ip6_rcv_finish net/ipv6/ip6_input.c:76 [inline]
NF_HOOK include/linux/netfilter.h:301 [inline]
NF_HOOK include/linux/netfilter.h:295 [inline]
ipv6_rcv+0x28e/0x3c0 net/ipv6/ip6_input.c:307
__netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:5287
__netif_receive_skb+0x27/0x1c0 net/core/dev.c:5401
process_backlog+0x2e1/0x8e0 net/core/dev.c:6286
napi_poll net/core/dev.c:6730 [inline]
net_rx_action+0x587/0x1320 net/core/dev.c:6800
__do_softirq+0x203/0xab6 kernel/softirq.c:298
asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:786
__run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline]
run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline]
do_softirq_own_stack+0x9d/0xd0 arch/x86/kernel/irq_64.c:77
do_softirq kernel/softirq.c:343 [inline]
do_softirq+0x154/0x1b0 kernel/softirq.c:330
__local_bh_enable_ip+0x196/0x1f0 kernel/softirq.c:195
local_bh_enable include/linux/bottom_half.h:32 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:730 [inline]
ip6_finish_output2+0x953/0x1770 net/ipv6/ip6_output.c:118
__ip6_finish_output net/ipv6/ip6_output.c:143 [inline]
__ip6_finish_output+0x447/0xab0 net/ipv6/ip6_output.c:128
ip6_finish_output+0x34/0x1f0 net/ipv6/ip6_output.c:153
NF_HOOK_COND include/linux/netfilter.h:290 [inline]
ip6_output+0x1db/0x520 net/ipv6/ip6_output.c:176
dst_output include/net/dst.h:443 [inline]
NF_HOOK include/linux/netfilter.h:301 [inline]
NF_HOOK include/linux/netfilter.h:295 [inline]
ip6_xmit+0x1258/0x1e80 net/ipv6/ip6_output.c:280
inet6_csk_xmit+0x339/0x610 net/ipv6/inet6_connection_sock.c:135
__tcp_transmit_skb+0x18cc/0x3760 net/ipv4/tcp_output.c:1404
__tcp_send_ack.part.0+0x3e0/0x5d0 net/ipv4/tcp_output.c:3965
__tcp_send_ack net/ipv4/tcp_output.c:3971 [inline]
tcp_send_ack+0x7d/0xa0 net/ipv4/tcp_output.c:3971
tcp_rcv_synsent_state_process net/ipv4/tcp_input.c:6159 [inline]
tcp_rcv_state_process+0x389b/0x4ca0 net/ipv4/tcp_input.c:6328
tcp_v6_do_rcv+0x7ad/0x1290 net/ipv6/tcp_ipv6.c:1483
sk_backlog_rcv include/net/sock.h:1010 [inline]
__release_sock+0x134/0x3a0 net/core/sock.c:2528
release_sock+0x54/0x1b0 net/core/sock.c:3051
inet_wait_for_connect net/ipv4/af_inet.c:594 [inline]
__inet_stream_connect+0x579/0xe30 net/ipv4/af_inet.c:686
inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:725
mptcp_stream_connect+0x156/0x7a0 net/mptcp/protocol.c:2495
__sys_connect_file+0x155/0x1a0 net/socket.c:1852
__sys_connect+0x161/0x190 net/socket.c:1869
__do_sys_connect net/socket.c:1879 [inline]
__se_sys_connect net/socket.c:1876 [inline]
__x64_sys_connect+0x6f/0xb0 net/socket.c:1876
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
INITIAL USE at:
lock_acquire+0x1f2/0xaa0 kernel/locking/lockdep.c:5398
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
_raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:175
spin_lock_bh include/linux/spinlock.h:359 [inline]
lock_sock_nested+0x3b/0x110 net/core/sock.c:3034
lock_sock include/net/sock.h:1581 [inline]
tcp_sock_set_nodelay+0x18/0xe0 net/ipv4/tcp.c:2916
rds_tcp_listen_init+0x132/0x4d0 net/rds/tcp_listen.c:275
rds_tcp_init_net+0x265/0x4e0 net/rds/tcp.c:559
ops_init+0xaf/0x470 net/core/net_namespace.c:151
__register_pernet_operations net/core/net_namespace.c:1140 [inline]
register_pernet_operations+0x35a/0x850 net/core/net_namespace.c:1217
register_pernet_device+0x26/0x70 net/core/net_namespace.c:1304
rds_tcp_init+0x77/0xe0 net/rds/tcp.c:717
do_one_initcall+0x103/0x6f0 init/main.c:1204
do_initcall_level init/main.c:1277 [inline]
do_initcalls init/main.c:1293 [inline]
do_basic_setup init/main.c:1313 [inline]
kernel_init_freeable+0x652/0x6d6 init/main.c:1512
kernel_init+0xd/0x1b8 init/main.c:1402
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296
}
... key at: [<ffffffff8e18f680>] af_family_kern_slock_keys+0xa0/0x300
... acquired at:
lock_acquire+0x1f2/0xaa0 kernel/locking/lockdep.c:5398
seqcount_lockdep_reader_access+0x139/0x1a0 include/linux/seqlock.h:103
xfrm_policy_lookup_inexact_addr+0x57/0x200 net/xfrm/xfrm_policy.c:1909
xfrm_policy_find_inexact_candidates+0xac/0x1d0 net/xfrm/xfrm_policy.c:1953
xfrm_policy_lookup_bytype+0x4b8/0xa40 net/xfrm/xfrm_policy.c:2108
xfrm_policy_lookup net/xfrm/xfrm_policy.c:2144 [inline]
xfrm_bundle_lookup net/xfrm/xfrm_policy.c:2944 [inline]
xfrm_lookup_with_ifid+0xab3/0x2130 net/xfrm/xfrm_policy.c:3085
icmpv6_route_lookup+0x2af/0x470 net/ipv6/icmp.c:377
icmp6_send+0x12f2/0x2670 net/ipv6/icmp.c:588
icmpv6_send include/linux/icmpv6.h:24 [inline]
ip6_link_failure+0x29/0x510 net/ipv6/route.c:2669
dst_link_failure include/net/dst.h:426 [inline]
vti_xmit net/ipv4/ip_vti.c:273 [inline]
vti_tunnel_xmit+0xa53/0x1980 net/ipv4/ip_vti.c:309
__netdev_start_xmit include/linux/netdevice.h:4656 [inline]
netdev_start_xmit include/linux/netdevice.h:4670 [inline]
xmit_one net/core/dev.c:3562 [inline]
dev_hard_start_xmit+0x188/0x880 net/core/dev.c:3578
__dev_queue_xmit+0x2062/0x2d30 net/core/dev.c:4137
neigh_connected_output+0x299/0x370 net/core/neighbour.c:1518
neigh_output include/net/neighbour.h:509 [inline]
ip6_finish_output2+0x8ec/0x1770 net/ipv6/ip6_output.c:117
__ip6_finish_output net/ipv6/ip6_output.c:143 [inline]
__ip6_finish_output+0x447/0xab0 net/ipv6/ip6_output.c:128
ip6_finish_output+0x34/0x1f0 net/ipv6/ip6_output.c:153
NF_HOOK_COND include/linux/netfilter.h:290 [inline]
ip6_output+0x1db/0x520 net/ipv6/ip6_output.c:176
dst_output include/net/dst.h:443 [inline]
ip6_local_out+0xaf/0x1a0 net/ipv6/output_core.c:179
ip6_send_skb+0xb7/0x340 net/ipv6/ip6_output.c:1867
udp_v6_send_skb+0x7c2/0x15d0 net/ipv6/udp.c:1233
udpv6_sendmsg+0x2300/0x2b90 net/ipv6/udp.c:1531
inet6_sendmsg+0x99/0xe0 net/ipv6/af_inet6.c:638
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:671
____sys_sendmsg+0x331/0x810 net/socket.c:2362
___sys_sendmsg+0xf3/0x170 net/socket.c:2416
__sys_sendmmsg+0x196/0x4b0 net/socket.c:2506
__do_sys_sendmmsg net/socket.c:2535 [inline]
__se_sys_sendmmsg net/socket.c:2532 [inline]
__x64_sys_sendmmsg+0x99/0x100 net/socket.c:2532
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
the dependencies between the lock to be acquired
and SOFTIRQ-irq-unsafe lock:
-> (&s->seqcount#10){+.+.}-{0:0} {
HARDIRQ-ON-W at:
lock_acquire+0x1f2/0xaa0 kernel/locking/lockdep.c:5398
write_seqcount_t_begin_nested include/linux/seqlock.h:509 [inline]
write_seqcount_t_begin include/linux/seqlock.h:535 [inline]
write_seqlock include/linux/seqlock.h:883 [inline]
xfrm_set_spdinfo+0x302/0x660 net/xfrm/xfrm_user.c:1185
xfrm_user_rcv_msg+0x41e/0x720 net/xfrm/xfrm_user.c:2684
netlink_rcv_skb+0x15a/0x430 net/netlink/af_netlink.c:2470
xfrm_netlink_rcv+0x6b/0x90 net/xfrm/xfrm_user.c:2692
netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1330
netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1919
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:671
____sys_sendmsg+0x6e8/0x810 net/socket.c:2362
___sys_sendmsg+0xf3/0x170 net/socket.c:2416
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2449
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
SOFTIRQ-ON-W at:
lock_acquire+0x1f2/0xaa0 kernel/locking/lockdep.c:5398
write_seqcount_t_begin_nested include/linux/seqlock.h:509 [inline]
write_seqcount_t_begin include/linux/seqlock.h:535 [inline]
write_seqlock include/linux/seqlock.h:883 [inline]
xfrm_set_spdinfo+0x302/0x660 net/xfrm/xfrm_user.c:1185
xfrm_user_rcv_msg+0x41e/0x720 net/xfrm/xfrm_user.c:2684
netlink_rcv_skb+0x15a/0x430 net/netlink/af_netlink.c:2470
xfrm_netlink_rcv+0x6b/0x90 net/xfrm/xfrm_user.c:2692
netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1330
netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1919
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:671
____sys_sendmsg+0x6e8/0x810 net/socket.c:2362
___sys_sendmsg+0xf3/0x170 net/socket.c:2416
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2449
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
INITIAL USE at:
lock_acquire+0x1f2/0xaa0 kernel/locking/lockdep.c:5398
write_seqcount_t_begin_nested include/linux/seqlock.h:509 [inline]
write_seqcount_t_begin include/linux/seqlock.h:535 [inline]
write_seqlock include/linux/seqlock.h:883 [inline]
xfrm_set_spdinfo+0x302/0x660 net/xfrm/xfrm_user.c:1185
xfrm_user_rcv_msg+0x41e/0x720 net/xfrm/xfrm_user.c:2684
netlink_rcv_skb+0x15a/0x430 net/netlink/af_netlink.c:2470
xfrm_netlink_rcv+0x6b/0x90 net/xfrm/xfrm_user.c:2692
netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1330
netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1919
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:671
____sys_sendmsg+0x6e8/0x810 net/socket.c:2362
___sys_sendmsg+0xf3/0x170 net/socket.c:2416
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2449
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
(null) at:
================================================================================
UBSAN: array-index-out-of-bounds in kernel/locking/lockdep.c:2240:40
index 9 is out of range for type 'lock_trace *[9]'
CPU: 0 PID: 14205 Comm: syz-executor.1 Not tainted 5.9.0-rc5-next-20200916-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x198/0x1fb lib/dump_stack.c:118
ubsan_epilogue+0xb/0x5a lib/ubsan.c:148
__ubsan_handle_out_of_bounds.cold+0x62/0x6c lib/ubsan.c:356
print_lock_class_header kernel/locking/lockdep.c:2240 [inline]
print_shortest_lock_dependencies.cold+0x11c/0x2e2 kernel/locking/lockdep.c:2263
print_bad_irq_dependency kernel/locking/lockdep.c:2402 [inline]
check_irq_usage.cold+0x49c/0x613 kernel/locking/lockdep.c:2634
check_prev_add kernel/locking/lockdep.c:2823 [inline]
check_prevs_add kernel/locking/lockdep.c:2944 [inline]
validate_chain kernel/locking/lockdep.c:3562 [inline]
__lock_acquire+0x2873/0x56d0 kernel/locking/lockdep.c:4796
lock_acquire+0x1f2/0xaa0 kernel/locking/lockdep.c:5398
seqcount_lockdep_reader_access+0x139/0x1a0 include/linux/seqlock.h:103
xfrm_policy_lookup_inexact_addr+0x57/0x200 net/xfrm/xfrm_policy.c:1909
xfrm_policy_find_inexact_candidates+0xac/0x1d0 net/xfrm/xfrm_policy.c:1953
xfrm_policy_lookup_bytype+0x4b8/0xa40 net/xfrm/xfrm_policy.c:2108
xfrm_policy_lookup net/xfrm/xfrm_policy.c:2144 [inline]
xfrm_bundle_lookup net/xfrm/xfrm_policy.c:2944 [inline]
xfrm_lookup_with_ifid+0xab3/0x2130 net/xfrm/xfrm_policy.c:3085
icmpv6_route_lookup+0x2af/0x470 net/ipv6/icmp.c:377
icmp6_send+0x12f2/0x2670 net/ipv6/icmp.c:588
icmpv6_send include/linux/icmpv6.h:24 [inline]
ip6_link_failure+0x29/0x510 net/ipv6/route.c:2669
dst_link_failure include/net/dst.h:426 [inline]
vti_xmit net/ipv4/ip_vti.c:273 [inline]
vti_tunnel_xmit+0xa53/0x1980 net/ipv4/ip_vti.c:309
__netdev_start_xmit include/linux/netdevice.h:4656 [inline]
netdev_start_xmit include/linux/netdevice.h:4670 [inline]
xmit_one net/core/dev.c:3562 [inline]
dev_hard_start_xmit+0x188/0x880 net/core/dev.c:3578
__dev_queue_xmit+0x2062/0x2d30 net/core/dev.c:4137
neigh_connected_output+0x299/0x370 net/core/neighbour.c:1518
neigh_output include/net/neighbour.h:509 [inline]
ip6_finish_output2+0x8ec/0x1770 net/ipv6/ip6_output.c:117
__ip6_finish_output net/ipv6/ip6_output.c:143 [inline]
__ip6_finish_output+0x447/0xab0 net/ipv6/ip6_output.c:128
ip6_finish_output+0x34/0x1f0 net/ipv6/ip6_output.c:153
NF_HOOK_COND include/linux/netfilter.h:290 [inline]
ip6_output+0x1db/0x520 net/ipv6/ip6_output.c:176
dst_output include/net/dst.h:443 [inline]
ip6_local_out+0xaf/0x1a0 net/ipv6/output_core.c:179
ip6_send_skb+0xb7/0x340 net/ipv6/ip6_output.c:1867
udp_v6_send_skb+0x7c2/0x15d0 net/ipv6/udp.c:1233
udpv6_sendmsg+0x2300/0x2b90 net/ipv6/udp.c:1531
inet6_sendmsg+0x99/0xe0 net/ipv6/af_inet6.c:638
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:671
____sys_sendmsg+0x331/0x810 net/socket.c:2362
___sys_sendmsg+0xf3/0x170 net/socket.c:2416
__sys_sendmmsg+0x196/0x4b0 net/socket.c:2506
__do_sys_sendmmsg net/socket.c:2535 [inline]
__se_sys_sendmmsg net/socket.c:2532 [inline]
__x64_sys_sendmmsg+0x99/0x100 net/socket.c:2532
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45d5f9
Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f5d88496c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 0000000000027a40 RCX: 000000000045d5f9
RDX: 0000000000000066 RSI: 000000002000ac80 RDI: 0000000000000005
RBP: 000000000118cf88 R08: 0000000000000000 R09: 0000000000000000
R10: 2000000000000000 R11: 0000000000000246 R12: 000000000118cf4c
R13: 00007fff6a887eaf R14: 00007f5d884979c0 R15: 000000000118cf4c
================================================================================