[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.15.218' (ECDSA) to the list of known hosts. syzkaller login: [ 63.763590][ T6847] IPVS: ftp: loaded support on port[0] = 21 executing program [ 63.867548][ C0] [ 63.869908][ C0] ======================================================== [ 63.877100][ C0] WARNING: possible irq lock inversion dependency detected [ 63.884306][ C0] 5.9.0-rc5-next-20200916-syzkaller #0 Not tainted [ 63.890776][ C0] -------------------------------------------------------- [ 63.897982][ C0] syz-executor974/6847 just changed the state of lock: [ 63.905671][ C0] ffffffff8ae7a3c8 (&s->seqcount#9){+..-}-{0:0}, at: xfrm_policy_lookup_bytype+0x183/0xa40 [ 63.915676][ C0] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 63.923200][ C0] (&s->seqcount#8){+.+.}-{0:0} [ 63.923217][ C0] [ 63.923217][ C0] [ 63.923217][ C0] and interrupts could create inverse lock ordering between them. [ 63.923217][ C0] [ 63.942337][ C0] [ 63.942337][ C0] other info that might help us debug this: [ 63.950387][ C0] Possible interrupt unsafe locking scenario: [ 63.950387][ C0] [ 63.958699][ C0] CPU0 CPU1 [ 63.964123][ C0] ---- ---- [ 63.969468][ C0] lock(&s->seqcount#8); [ 63.973796][ C0] local_irq_disable(); [ 63.980534][ C0] lock(&s->seqcount#9); [ 63.987359][ C0] lock(&s->seqcount#8); [ 63.994185][ C0] [ 63.997637][ C0] lock(&s->seqcount#9); [ 64.002118][ C0] [ 64.002118][ C0] *** DEADLOCK *** [ 64.002118][ C0] [ 64.010251][ C0] 4 locks held by syz-executor974/6847: [ 64.015947][ C0] #0: ffffffff8aae80a8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3a/0x180 [ 64.024878][ C0] #1: ffffc90000007d80 ((&idev->mc_ifc_timer)){+.-.}-{0:0}, at: call_timer_fn+0xd5/0x6b0 [ 64.034773][ C0] #2: ffffffff89e71cc0 (rcu_read_lock){....}-{1:2}, at: mld_sendpack+0x165/0xdb0 [ 64.043965][ C0] #3: ffffffff89e71cc0 (rcu_read_lock){....}-{1:2}, at: xfrm_policy_lookup_bytype+0x104/0xa40 [ 64.054302][ C0] [ 64.054302][ C0] the shortest dependencies between 2nd lock and 1st lock: [ 64.063751][ C0] -> (&s->seqcount#8){+.+.}-{0:0} { [ 64.069031][ C0] HARDIRQ-ON-W at: [ 64.073084][ C0] lock_acquire+0x1f2/0xaa0 [ 64.079400][ C0] xfrm_set_spdinfo+0x302/0x660 [ 64.086054][ C0] xfrm_user_rcv_msg+0x414/0x700 [ 64.092832][ C0] netlink_rcv_skb+0x15a/0x430 [ 64.102351][ C0] xfrm_netlink_rcv+0x6b/0x90 [ 64.108845][ C0] netlink_unicast+0x533/0x7d0 [ 64.115406][ C0] netlink_sendmsg+0x856/0xd90 [ 64.121982][ C0] sock_sendmsg+0xcf/0x120 [ 64.128199][ C0] ____sys_sendmsg+0x6e8/0x810 [ 64.134764][ C0] ___sys_sendmsg+0xf3/0x170 [ 64.141165][ C0] __sys_sendmsg+0xe5/0x1b0 [ 64.147900][ C0] do_syscall_64+0x2d/0x70 [ 64.154115][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.161799][ C0] SOFTIRQ-ON-W at: [ 64.165852][ C0] lock_acquire+0x1f2/0xaa0 [ 64.172156][ C0] xfrm_set_spdinfo+0x302/0x660 [ 64.178806][ C0] xfrm_user_rcv_msg+0x414/0x700 [ 64.185553][ C0] netlink_rcv_skb+0x15a/0x430 [ 64.192127][ C0] xfrm_netlink_rcv+0x6b/0x90 [ 64.198602][ C0] netlink_unicast+0x533/0x7d0 [ 64.205197][ C0] netlink_sendmsg+0x856/0xd90 [ 64.211768][ C0] sock_sendmsg+0xcf/0x120 [ 64.217984][ C0] ____sys_sendmsg+0x6e8/0x810 [ 64.224555][ C0] ___sys_sendmsg+0xf3/0x170 [ 64.230954][ C0] __sys_sendmsg+0xe5/0x1b0 [ 64.237264][ C0] do_syscall_64+0x2d/0x70 [ 64.243525][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.251213][ C0] INITIAL USE at: [ 64.255189][ C0] lock_acquire+0x1f2/0xaa0 [ 64.261406][ C0] xfrm_set_spdinfo+0x302/0x660 [ 64.267985][ C0] xfrm_user_rcv_msg+0x414/0x700 [ 64.274636][ C0] netlink_rcv_skb+0x15a/0x430 [ 64.281114][ C0] xfrm_netlink_rcv+0x6b/0x90 [ 64.287530][ C0] netlink_unicast+0x533/0x7d0 [ 64.294097][ C0] netlink_sendmsg+0x856/0xd90 [ 64.300572][ C0] sock_sendmsg+0xcf/0x120 [ 64.306704][ C0] ____sys_sendmsg+0x6e8/0x810 [ 64.313207][ C0] ___sys_sendmsg+0xf3/0x170 [ 64.319525][ C0] __sys_sendmsg+0xe5/0x1b0 [ 64.325754][ C0] do_syscall_64+0x2d/0x70 [ 64.331924][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.339716][ C0] (null) at: [ 64.343276][ C0] general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN [ 64.354971][ C0] KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] [ 64.363364][ C0] CPU: 0 PID: 6847 Comm: syz-executor974 Not tainted 5.9.0-rc5-next-20200916-syzkaller #0 [ 64.373233][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.383379][ C0] RIP: 0010:print_shortest_lock_dependencies.cold+0x110/0x2af [ 64.390828][ C0] Code: 48 8b 04 24 48 c1 e8 03 42 80 3c 20 00 74 09 48 8b 3c 24 e8 c1 2b d9 f9 48 8b 04 24 48 8b 00 48 8d 78 14 48 89 fa 48 c1 ea 03 <42> 0f b6 0c 22 48 89 fa 83 e2 07 83 c2 03 38 ca 7c 08 84 c9 0f 85 [ 64.410414][ C0] RSP: 0018:ffffc90000007470 EFLAGS: 00010007 [ 64.416462][ C0] RAX: 0000000000000008 RBX: ffffffff8cbe3eb0 RCX: 0000000000000000 [ 64.424432][ C0] RDX: 0000000000000003 RSI: ffffffff815c26b7 RDI: 000000000000001c [ 64.432397][ C0] RBP: ffffc900000075a0 R08: 0000000000000004 R09: ffff8880ae620f8b [ 64.440373][ C0] R10: 0000000000000000 R11: 6c756e2820202020 R12: dffffc0000000000 [ 64.448326][ C0] R13: ffffffff8ca092f8 R14: 0000000000000009 R15: 0000000000000001 [ 64.456277][ C0] FS: 0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 64.465182][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 64.471750][ C0] CR2: 00000000004c7fe8 CR3: 0000000009c8e000 CR4: 00000000001506f0 [ 64.479703][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 64.487658][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 64.495610][ C0] Call Trace: [ 64.498993][ C0] [ 64.501831][ C0] print_irq_inversion_bug.part.0+0x2c6/0x2ee [ 64.507892][ C0] mark_lock.cold+0x94/0x10d [ 64.512461][ C0] ? lock_chain_count+0x20/0x20 [ 64.517432][ C0] ? lock_chain_count+0x20/0x20 [ 64.522278][ C0] ? is_bpf_text_address+0xa9/0x160 [ 64.527558][ C0] __lock_acquire+0x1402/0x55d0 [ 64.532393][ C0] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 64.538354][ C0] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 64.544318][ C0] ? create_prof_cpu_mask+0x20/0x20 [ 64.549506][ C0] ? arch_stack_walk+0x97/0xf0 [ 64.554263][ C0] lock_acquire+0x1f2/0xaa0 [ 64.558746][ C0] ? xfrm_policy_lookup_bytype+0x183/0xa40 [ 64.564542][ C0] ? lock_release+0x890/0x890 [ 64.569196][ C0] ? lock_release+0x890/0x890 [ 64.573864][ C0] ? seqcount_lockdep_reader_access+0x11b/0x1a0 [ 64.580081][ C0] seqcount_lockdep_reader_access+0x139/0x1a0 [ 64.586137][ C0] ? xfrm_policy_lookup_bytype+0x183/0xa40 [ 64.591929][ C0] xfrm_policy_lookup_bytype+0x183/0xa40 [ 64.597550][ C0] ? xfrm_policy_match+0x2d0/0x2d0 [ 64.602641][ C0] ? mark_lock+0xf7/0x2300 [ 64.607034][ C0] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 64.612989][ C0] ? lock_chain_count+0x20/0x20 [ 64.617822][ C0] xfrm_lookup_with_ifid+0x5e3/0x2100 [ 64.623170][ C0] ? icmp6_dst_alloc+0x43b/0x6c0 [ 64.628086][ C0] ? xfrm_expand_policies+0x650/0x650 [ 64.633430][ C0] ? mark_held_locks+0x9f/0xe0 [ 64.638170][ C0] ? icmp6_dst_alloc+0x43b/0x6c0 [ 64.643098][ C0] ? __local_bh_enable_ip+0x10f/0x1f0 [ 64.649931][ C0] ? icmp6_dst_alloc+0x43b/0x6c0 [ 64.654844][ C0] icmp6_dst_alloc+0x489/0x6c0 [ 64.659587][ C0] mld_sendpack+0x5c3/0xdb0 [ 64.664072][ C0] ? mld_ifc_timer_expire+0x5f8/0xf10 [ 64.669420][ C0] ? nf_hook.constprop.0+0x510/0x510 [ 64.674680][ C0] ? mld_ifc_timer_expire+0x5f8/0xf10 [ 64.680038][ C0] ? __local_bh_enable_ip+0x10f/0x1f0 [ 64.685391][ C0] ? mld_ifc_timer_expire+0x5f8/0xf10 [ 64.690748][ C0] mld_ifc_timer_expire+0x60a/0xf10 [ 64.695937][ C0] ? mld_send_initial_cr.part.0+0x150/0x150 [ 64.701810][ C0] call_timer_fn+0x1a5/0x6b0 [ 64.706373][ C0] ? add_timer_on+0x450/0x450 [ 64.711040][ C0] ? _raw_spin_unlock_irq+0x1f/0x80 [ 64.716221][ C0] ? mld_send_initial_cr.part.0+0x150/0x150 [ 64.722100][ C0] __run_timers.part.0+0x67c/0xa50 [ 64.727211][ C0] ? call_timer_fn+0x6b0/0x6b0 [ 64.731952][ C0] ? lapic_next_event+0x4d/0x80 [ 64.736786][ C0] ? clockevents_program_event+0x12b/0x350 [ 64.742568][ C0] ? mark_held_locks+0x9f/0xe0 [ 64.747308][ C0] run_timer_softirq+0xae/0x1a0 [ 64.752135][ C0] __do_softirq+0x202/0xa42 [ 64.756612][ C0] asm_call_on_stack+0xf/0x20 [ 64.761258][ C0] [ 64.764175][ C0] do_softirq_own_stack+0x9d/0xd0 [ 64.769194][ C0] do_softirq+0x154/0x1b0 [ 64.773516][ C0] ? dev_deactivate_many+0x455/0xc10 [ 64.778788][ C0] __local_bh_enable_ip+0x196/0x1f0 [ 64.783974][ C0] dev_deactivate_many+0x47a/0xc10 [ 64.789075][ C0] __dev_close_many+0x130/0x2e0 [ 64.793902][ C0] ? napi_reuse_skb+0x4b0/0x4b0 [ 64.798732][ C0] ? __queue_work+0x610/0xeb0 [ 64.803396][ C0] dev_close_many+0x238/0x650 [ 64.808050][ C0] ? __queue_work+0x610/0xeb0 [ 64.812719][ C0] ? napi_watchdog+0xc0/0xc0 [ 64.817285][ C0] ? lock_downgrade+0x830/0x830 [ 64.822128][ C0] rollback_registered_many+0x3a8/0x14f0 [ 64.827751][ C0] ? __queue_work+0x632/0xeb0 [ 64.832411][ C0] ? netdev_pick_tx+0xb00/0xb00 [ 64.837268][ C0] ? check_preemption_disabled+0x50/0x130 [ 64.842965][ C0] ? queue_delayed_work_on+0x15d/0x1d0 [ 64.848400][ C0] unregister_netdevice_queue+0x2dd/0x570 [ 64.854097][ C0] ? unregister_netdevice_many+0x50/0x50 [ 64.859705][ C0] ? linkwatch_schedule_work+0x181/0x1c0 [ 64.865319][ C0] ? linkwatch_fire_event+0x65/0x1d0 [ 64.870598][ C0] __tun_detach+0x100b/0x1320 [ 64.875263][ C0] ? lock_is_held_type+0xbb/0xf0 [ 64.880176][ C0] tun_chr_close+0xd9/0x180 [ 64.884673][ C0] __fput+0x285/0x920 [ 64.888641][ C0] ? __tun_detach+0x1320/0x1320 [ 64.893477][ C0] task_work_run+0xdd/0x190 [ 64.897955][ C0] do_exit+0xb23/0x2930 [ 64.902099][ C0] ? mm_update_next_owner+0x7a0/0x7a0 [ 64.907454][ C0] ? vmacache_update+0xce/0x140 [ 64.912294][ C0] do_group_exit+0x125/0x310 [ 64.916860][ C0] __x64_sys_exit_group+0x3a/0x50 [ 64.921878][ C0] do_syscall_64+0x2d/0x70 [ 64.926271][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.932138][ C0] RIP: 0033:0x441698 [ 64.936011][ C0] Code: Bad RIP value. [ 64.940067][ C0] RSP: 002b:00007ffd2fddd438 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 64.948462][ C0] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000441698 [ 64.956417][ C0] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001 [ 64.964485][ C0] RBP: 00000000004c7fb0 R08: 00000000000000e7 R09: ffffffffffffffd4 [ 64.972443][ C0] R10: 0000000001000002 R11: 0000000000000246 R12: 0000000000000001 [ 64.980405][ C0] R13: 00000000006da5e0 R14: 0000000000000000 R15: 0000000000000000 [ 64.988355][ C0] Modules linked in: [ 64.992245][ C0] ---[ end trace fa8e7a53e9954f16 ]--- [ 64.997684][ C0] RIP: 0010:print_shortest_lock_dependencies.cold+0x110/0x2af [ 65.005115][ C0] Code: 48 8b 04 24 48 c1 e8 03 42 80 3c 20 00 74 09 48 8b 3c 24 e8 c1 2b d9 f9 48 8b 04 24 48 8b 00 48 8d 78 14 48 89 fa 48 c1 ea 03 <42> 0f b6 0c 22 48 89 fa 83 e2 07 83 c2 03 38 ca 7c 08 84 c9 0f 85 [ 65.024699][ C0] RSP: 0018:ffffc90000007470 EFLAGS: 00010007 [ 65.030744][ C0] RAX: 0000000000000008 RBX: ffffffff8cbe3eb0 RCX: 0000000000000000 [ 65.038707][ C0] RDX: 0000000000000003 RSI: ffffffff815c26b7 RDI: 000000000000001c [ 65.046677][ C0] RBP: ffffc900000075a0 R08: 0000000000000004 R09: ffff8880ae620f8b [ 65.054625][ C0] R10: 0000000000000000 R11: 6c756e2820202020 R12: dffffc0000000000 [ 65.062590][ C0] R13: ffffffff8ca092f8 R14: 0000000000000009 R15: 0000000000000001 [ 65.070540][ C0] FS: 0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 65.079455][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 65.086041][ C0] CR2: 00000000004c7fe8 CR3: 0000000009c8e000 CR4: 00000000001506f0 [ 65.094000][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 65.101950][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 65.109899][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 65.118315][ C0] Kernel Offset: disabled [ 65.122654][ C0] Rebooting in 86400 seconds..