================================
WARNING: inconsistent lock state
4.14.307-syzkaller #0 Not tainted
--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
syz-executor.3/10578 [HC0[0]:SC1[1]:HE1:SE0] takes:
 (&(&local->client_conns_lock)->rlock){+.?.}, at: [<ffffffff867de3a1>] spin_lock include/linux/spinlock.h:317 [inline]
 (&(&local->client_conns_lock)->rlock){+.?.}, at: [<ffffffff867de3a1>] rxrpc_put_one_client_conn net/rxrpc/conn_client.c:905 [inline]
 (&(&local->client_conns_lock)->rlock){+.?.}, at: [<ffffffff867de3a1>] rxrpc_put_client_conn+0x661/0xac0 net/rxrpc/conn_client.c:957
{SOFTIRQ-ON-W} state was registered at:
  lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
  __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
  _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:152
  spin_lock include/linux/spinlock.h:317 [inline]
  rxrpc_get_client_conn net/rxrpc/conn_client.c:306 [inline]
  rxrpc_connect_call+0x2bb/0x3e10 net/rxrpc/conn_client.c:692
  rxrpc_new_client_call+0x8f4/0x1a10 net/rxrpc/call_object.c:276
  rxrpc_new_client_call_for_sendmsg net/rxrpc/sendmsg.c:531 [inline]
  rxrpc_do_sendmsg+0x8dc/0xfb0 net/rxrpc/sendmsg.c:583
  rxrpc_sendmsg+0x3cf/0x5f0 net/rxrpc/af_rxrpc.c:543
  sock_sendmsg_nosec net/socket.c:646 [inline]
  sock_sendmsg+0xb5/0x100 net/socket.c:656
  ___sys_sendmsg+0x6c8/0x800 net/socket.c:2062
  __sys_sendmsg+0xa3/0x120 net/socket.c:2096
  SYSC_sendmsg net/socket.c:2107 [inline]
  SyS_sendmsg+0x27/0x40 net/socket.c:2103
  do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
irq event stamp: 19634
hardirqs last  enabled at (19634): [<ffffffff8724fcb9>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last  enabled at (19634): [<ffffffff8724fcb9>] _raw_spin_unlock_irqrestore+0x79/0xe0 kernel/locking/spinlock.c:192
hardirqs last disabled at (19633): [<ffffffff8724f946>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (19633): [<ffffffff8724f946>] _raw_spin_lock_irqsave+0x66/0xc0 kernel/locking/spinlock.c:160
softirqs last  enabled at (19576): [<ffffffff8636579b>] rcu_read_unlock_bh include/linux/rcupdate.h:721 [inline]
softirqs last  enabled at (19576): [<ffffffff8636579b>] ipv6_add_addr+0x29b/0x1760 net/ipv6/addrconf.c:1074
softirqs last disabled at (19591): [<ffffffff81322e63>] invoke_softirq kernel/softirq.c:368 [inline]
softirqs last disabled at (19591): [<ffffffff81322e63>] irq_exit+0x193/0x240 kernel/softirq.c:409

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&(&local->client_conns_lock)->rlock);
  <Interrupt>
    lock(&(&local->client_conns_lock)->rlock);

 *** DEADLOCK ***

3 locks held by syz-executor.3/10578:
JFS: discard option not supported on device
 #0:  (rtnl_mutex){+.+.}, at: [<ffffffff85cb2734>] dev_ioctl+0x214/0xbe0 net/core/dev_ioctl.c:565
 #1:  (rcu_read_lock){....}, at: [<ffffffff8137bfb0>] __atomic_notifier_call_chain+0x0/0x140 kernel/notifier.c:394
 #2:  (rcu_callback){....}, at: [<ffffffff8146ee4e>] __rcu_reclaim kernel/rcu/rcu.h:185 [inline]
 #2:  (rcu_callback){....}, at: [<ffffffff8146ee4e>] rcu_do_batch kernel/rcu/tree.c:2699 [inline]
 #2:  (rcu_callback){....}, at: [<ffffffff8146ee4e>] invoke_rcu_callbacks kernel/rcu/tree.c:2962 [inline]
 #2:  (rcu_callback){....}, at: [<ffffffff8146ee4e>] __rcu_process_callbacks kernel/rcu/tree.c:2929 [inline]
 #2:  (rcu_callback){....}, at: [<ffffffff8146ee4e>] rcu_process_callbacks+0x84e/0x1180 kernel/rcu/tree.c:2946

stack backtrace:
CPU: 0 PID: 10578 Comm: syz-executor.3 Not tainted 4.14.307-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 print_usage_bug.cold+0x42e/0x570 kernel/locking/lockdep.c:2589
 valid_state kernel/locking/lockdep.c:2602 [inline]
 mark_lock_irq kernel/locking/lockdep.c:2796 [inline]
 mark_lock+0xb4d/0x1050 kernel/locking/lockdep.c:3194
 mark_irqflags kernel/locking/lockdep.c:3072 [inline]
 __lock_acquire+0xc81/0x3f20 kernel/locking/lockdep.c:3448
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
 _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:152
 spin_lock include/linux/spinlock.h:317 [inline]
 rxrpc_put_one_client_conn net/rxrpc/conn_client.c:905 [inline]
 rxrpc_put_client_conn+0x661/0xac0 net/rxrpc/conn_client.c:957
 rxrpc_put_connection net/rxrpc/ar-internal.h:862 [inline]
 rxrpc_rcu_destroy_call+0x83/0x190 net/rxrpc/call_object.c:653
 __rcu_reclaim kernel/rcu/rcu.h:195 [inline]
 rcu_do_batch kernel/rcu/tree.c:2699 [inline]
 invoke_rcu_callbacks kernel/rcu/tree.c:2962 [inline]
 __rcu_process_callbacks kernel/rcu/tree.c:2929 [inline]
 rcu_process_callbacks+0x780/0x1180 kernel/rcu/tree.c:2946
 __do_softirq+0x24d/0x9ff kernel/softirq.c:288
 invoke_softirq kernel/softirq.c:368 [inline]
 irq_exit+0x193/0x240 kernel/softirq.c:409
 exiting_irq arch/x86/include/asm/apic.h:638 [inline]
 smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106
 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:796
 </IRQ>
RIP: 0010:orc_find arch/x86/kernel/unwind_orc.c:108 [inline]
RIP: 0010:unwind_next_frame+0x490/0x17d0 arch/x86/kernel/unwind_orc.c:348
RSP: 0018:ffff88809770f3a0 EFLAGS: 00000a07 ORIG_RAX: ffffffffffffff10
RAX: dffffc0000000000 RBX: 1ffff11012ee1e7b RCX: ffffffff863657ed
RDX: 0000000000053657 RSI: 0000000000053657 RDI: ffffffff8afbec44
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001
R10: ffff88809770f870 R11: 0000000000066071 R12: ffff88809770f495
R13: ffff88809770f498 R14: ffff88809770f4b0 R15: ffff88809770f460
 __save_stack_trace+0x90/0x160 arch/x86/kernel/stacktrace.c:44
 save_stack mm/kasan/kasan.c:447 [inline]
 set_track mm/kasan/kasan.c:459 [inline]
 kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:551
 kmem_cache_alloc_trace+0x131/0x3d0 mm/slab.c:3618
 kmalloc include/linux/slab.h:488 [inline]
 kzalloc include/linux/slab.h:661 [inline]
 sctp_inet6addr_event+0x380/0x790 net/sctp/ipv6.c:100
 notifier_call_chain+0x108/0x1a0 kernel/notifier.c:93
 __atomic_notifier_call_chain+0x7c/0x140 kernel/notifier.c:183
 ipv6_add_addr+0x2ee/0x1760 net/ipv6/addrconf.c:1077
 add_addr+0x34/0x180 net/ipv6/addrconf.c:2971
 sit_add_v4_addrs net/ipv6/addrconf.c:3036 [inline]
 addrconf_sit_config net/ipv6/addrconf.c:3277 [inline]
 addrconf_notify+0x11ef/0x1c50 net/ipv6/addrconf.c:3463
 notifier_call_chain+0x108/0x1a0 kernel/notifier.c:93
 call_netdevice_notifiers_info net/core/dev.c:1667 [inline]
 call_netdevice_notifiers net/core/dev.c:1683 [inline]
 __dev_notify_flags+0xdf/0x260 net/core/dev.c:6840
 dev_change_flags+0xe6/0x130 net/core/dev.c:6873
 dev_ifsioc+0x23c/0x7d0 net/core/dev_ioctl.c:257
 dev_ioctl+0x222/0xbe0 net/core/dev_ioctl.c:566
 sock_do_ioctl net/socket.c:981 [inline]
 sock_ioctl+0x164/0x4c0 net/socket.c:1071
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7f5186f4f0f9
RSP: 002b:00007f51854c1168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f518706ef80 RCX: 00007f5186f4f0f9
RDX: 0000000020000080 RSI: 0000000000008914 RDI: 0000000000000005
RBP: 00007f5186faaae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe6a2f023f R14: 00007f51854c1300 R15: 0000000000022000
gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
gfs2: fsid=syz:syz: Now mounting FS...
gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents
gfs2: fsid=syz:syz.0: jid=0, already locked for use
gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
gfs2: fsid=syz:syz.0: jid=0: Done
gfs2: fsid=syz:syz.0: first mount done, others may mount
JFS: discard option not supported on device
gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
gfs2: fsid=syz:syz: Now mounting FS...
gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents
gfs2: fsid=syz:syz.0: jid=0, already locked for use
gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
gfs2: fsid=syz:syz.0: jid=0: Done
gfs2: fsid=syz:syz.0: first mount done, others may mount
gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
gfs2: fsid=syz:syz: Now mounting FS...
gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents
gfs2: fsid=syz:syz.0: jid=0, already locked for use
gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
gfs2: fsid=syz:syz.0: jid=0: Done
gfs2: fsid=syz:syz.0: first mount done, others may mount
gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
gfs2: fsid=syz:syz: Now mounting FS...
gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents
gfs2: fsid=syz:syz.0: jid=0, already locked for use
gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
gfs2: fsid=syz:syz.0: jid=0: Done
gfs2: fsid=syz:syz.0: first mount done, others may mount
======================================================
WARNING: the mand mount option is being deprecated and
         will be removed in v5.15!
======================================================
audit: type=1326 audit(1677335329.008:24): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=10963 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16c7d820f9 code=0x7ffc0000
audit: type=1326 audit(1677335329.008:25): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=10963 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16c7d820f9 code=0x7ffc0000
audit: type=1326 audit(1677335329.038:26): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=10963 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f16c7d820f9 code=0x7ffc0000
audit: type=1326 audit(1677335329.038:27): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=10963 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16c7d820f9 code=0x7ffc0000
audit: type=1326 audit(1677335329.038:28): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=10963 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16c7d820f9 code=0x7ffc0000
audit: type=1326 audit(1677335329.038:29): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=10963 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=87 compat=0 ip=0x7f16c7d820f9 code=0x7ffc0000
audit: type=1326 audit(1677335329.038:30): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=10963 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16c7d820f9 code=0x7ffc0000
audit: type=1326 audit(1677335329.038:31): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=10963 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16c7d820f9 code=0x7ffc0000
audit: type=1326 audit(1677335329.038:32): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=10963 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f16c7d820f9 code=0x7ffc0000
audit: type=1326 audit(1677335329.038:33): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=10963 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16c7d820f9 code=0x7ffc0000
caif:caif_disconnect_client(): nothing to disconnect
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
caif:caif_disconnect_client(): nothing to disconnect