===================================================== WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected 5.9.0-rc5-next-20200916-syzkaller #0 Not tainted ----------------------------------------------------- syz-executor.1/14205 [HC0[0]:SC0[6]:HE0:SE0] is trying to acquire: ffff8880a735de28 (&s->seqcount#10){+.+.}-{0:0}, at: xfrm_policy_lookup_inexact_addr+0x57/0x200 net/xfrm/xfrm_policy.c:1909 and this task is already holding: ffff8880a62081a0 (k-slock-AF_INET6){+.-.}-{2:2}, at: spin_trylock include/linux/spinlock.h:364 [inline] ffff8880a62081a0 (k-slock-AF_INET6){+.-.}-{2:2}, at: icmpv6_xmit_lock net/ipv6/icmp.c:117 [inline] ffff8880a62081a0 (k-slock-AF_INET6){+.-.}-{2:2}, at: icmp6_send+0xe82/0x2670 net/ipv6/icmp.c:538 which would create a new lock dependency: (k-slock-AF_INET6){+.-.}-{2:2} -> (&s->seqcount#10){+.+.}-{0:0} but this new dependency connects a SOFTIRQ-irq-safe lock: (k-slock-AF_INET6 ){+.-.}-{2:2} ... which became SOFTIRQ-irq-safe at: lock_acquire+0x1f2/0xaa0 kernel/locking/lockdep.c:5398 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:354 [inline] sk_clone_lock+0x2a1/0x10b0 net/core/sock.c:1881 inet_csk_clone_lock+0x21/0x480 net/ipv4/inet_connection_sock.c:830 tcp_create_openreq_child+0x2d/0x1700 net/ipv4/tcp_minisocks.c:460 tcp_v6_syn_recv_sock+0x192/0x2240 net/ipv6/tcp_ipv6.c:1270 tcp_check_req+0x607/0x17b0 net/ipv4/tcp_minisocks.c:773 tcp_v6_rcv+0x1f15/0x3480 net/ipv6/tcp_ipv6.c:1632 ip6_protocol_deliver_rcu+0x2e8/0x1680 net/ipv6/ip6_input.c:433 ip6_input_finish+0x7f/0x160 net/ipv6/ip6_input.c:474 NF_HOOK include/linux/netfilter.h:301 [inline] NF_HOOK include/linux/netfilter.h:295 [inline] ip6_input+0x9c/0xd0 net/ipv6/ip6_input.c:483 dst_input include/net/dst.h:449 [inline] ip6_rcv_finish net/ipv6/ip6_input.c:76 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] NF_HOOK include/linux/netfilter.h:295 [inline] ipv6_rcv+0x28e/0x3c0 net/ipv6/ip6_input.c:307 __netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:5287 __netif_receive_skb+0x27/0x1c0 net/core/dev.c:5401 process_backlog+0x2e1/0x8e0 net/core/dev.c:6286 napi_poll net/core/dev.c:6730 [inline] net_rx_action+0x587/0x1320 net/core/dev.c:6800 __do_softirq+0x203/0xab6 kernel/softirq.c:298 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:786 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline] do_softirq_own_stack+0x9d/0xd0 arch/x86/kernel/irq_64.c:77 do_softirq kernel/softirq.c:343 [inline] do_softirq+0x154/0x1b0 kernel/softirq.c:330 __local_bh_enable_ip+0x196/0x1f0 kernel/softirq.c:195 local_bh_enable include/linux/bottom_half.h:32 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:730 [inline] ip6_finish_output2+0x953/0x1770 net/ipv6/ip6_output.c:118 __ip6_finish_output net/ipv6/ip6_output.c:143 [inline] __ip6_finish_output+0x447/0xab0 net/ipv6/ip6_output.c:128 ip6_finish_output+0x34/0x1f0 net/ipv6/ip6_output.c:153 NF_HOOK_COND include/linux/netfilter.h:290 [inline] ip6_output+0x1db/0x520 net/ipv6/ip6_output.c:176 dst_output include/net/dst.h:443 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] NF_HOOK include/linux/netfilter.h:295 [inline] ip6_xmit+0x1258/0x1e80 net/ipv6/ip6_output.c:280 inet6_csk_xmit+0x339/0x610 net/ipv6/inet6_connection_sock.c:135 __tcp_transmit_skb+0x18cc/0x3760 net/ipv4/tcp_output.c:1404 __tcp_send_ack.part.0+0x3e0/0x5d0 net/ipv4/tcp_output.c:3965 __tcp_send_ack net/ipv4/tcp_output.c:3971 [inline] tcp_send_ack+0x7d/0xa0 net/ipv4/tcp_output.c:3971 tcp_rcv_synsent_state_process net/ipv4/tcp_input.c:6159 [inline] tcp_rcv_state_process+0x389b/0x4ca0 net/ipv4/tcp_input.c:6328 tcp_v6_do_rcv+0x7ad/0x1290 net/ipv6/tcp_ipv6.c:1483 sk_backlog_rcv include/net/sock.h:1010 [inline] __release_sock+0x134/0x3a0 net/core/sock.c:2528 release_sock+0x54/0x1b0 net/core/sock.c:3051 inet_wait_for_connect net/ipv4/af_inet.c:594 [inline] __inet_stream_connect+0x579/0xe30 net/ipv4/af_inet.c:686 inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:725 mptcp_stream_connect+0x156/0x7a0 net/mptcp/protocol.c:2495 __sys_connect_file+0x155/0x1a0 net/socket.c:1852 __sys_connect+0x161/0x190 net/socket.c:1869 __do_sys_connect net/socket.c:1879 [inline] __se_sys_connect net/socket.c:1876 [inline] __x64_sys_connect+0x6f/0xb0 net/socket.c:1876 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 to a SOFTIRQ-irq-unsafe lock: ( &s->seqcount#10){+.+.}-{0:0} ... which became SOFTIRQ-irq-unsafe at: ... lock_acquire+0x1f2/0xaa0 kernel/locking/lockdep.c:5398 write_seqcount_t_begin_nested include/linux/seqlock.h:509 [inline] write_seqcount_t_begin include/linux/seqlock.h:535 [inline] write_seqlock include/linux/seqlock.h:883 [inline] xfrm_set_spdinfo+0x302/0x660 net/xfrm/xfrm_user.c:1185 xfrm_user_rcv_msg+0x41e/0x720 net/xfrm/xfrm_user.c:2684 netlink_rcv_skb+0x15a/0x430 net/netlink/af_netlink.c:2470 xfrm_netlink_rcv+0x6b/0x90 net/xfrm/xfrm_user.c:2692 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:671 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2362 ___sys_sendmsg+0xf3/0x170 net/socket.c:2416 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2449 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&s->seqcount#10); local_irq_disable(); lock(k-slock-AF_INET6); lock(&s->seqcount#10); lock(k-slock-AF_INET6); *** DEADLOCK *** 4 locks held by syz-executor.1/14205: #0: ffffffff8a1034a0 (rcu_read_lock_bh){....}-{1:2}, at: lwtunnel_xmit_redirect include/net/lwtunnel.h:92 [inline] #0: ffffffff8a1034a0 (rcu_read_lock_bh){....}-{1:2}, at: ip6_finish_output2+0x190/0x1770 net/ipv6/ip6_output.c:103 #1: ffffffff8a1034a0 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x1d7/0x2d30 net/core/dev.c:4072 #2: ffff8880a62081a0 (k-slock-AF_INET6){+.-.}-{2:2}, at: spin_trylock include/linux/spinlock.h:364 [inline] #2: ffff8880a62081a0 (k-slock-AF_INET6){+.-.}-{2:2}, at: icmpv6_xmit_lock net/ipv6/icmp.c:117 [inline] #2: ffff8880a62081a0 (k-slock-AF_INET6){+.-.}-{2:2}, at: icmp6_send+0xe82/0x2670 net/ipv6/icmp.c:538 #3: ffffffff8a103500 (rcu_read_lock){....}-{1:2}, at: xfrm_policy_lookup_bytype+0x104/0xa40 net/xfrm/xfrm_policy.c:2082 the dependencies between SOFTIRQ-irq-safe lock and the holding lock: -> (k-slock-AF_INET6){+.-.}-{2:2} { HARDIRQ-ON-W at: lock_acquire+0x1f2/0xaa0 kernel/locking/lockdep.c:5398 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:175 spin_lock_bh include/linux/spinlock.h:359 [inline] lock_sock_nested+0x3b/0x110 net/core/sock.c:3034 lock_sock include/net/sock.h:1581 [inline] tcp_sock_set_nodelay+0x18/0xe0 net/ipv4/tcp.c:2916 rds_tcp_listen_init+0x132/0x4d0 net/rds/tcp_listen.c:275 rds_tcp_init_net+0x265/0x4e0 net/rds/tcp.c:559 ops_init+0xaf/0x470 net/core/net_namespace.c:151 __register_pernet_operations net/core/net_namespace.c:1140 [inline] register_pernet_operations+0x35a/0x850 net/core/net_namespace.c:1217 register_pernet_device+0x26/0x70 net/core/net_namespace.c:1304 rds_tcp_init+0x77/0xe0 net/rds/tcp.c:717 do_one_initcall+0x103/0x6f0 init/main.c:1204 do_initcall_level init/main.c:1277 [inline] do_initcalls init/main.c:1293 [inline] do_basic_setup init/main.c:1313 [inline] kernel_init_freeable+0x652/0x6d6 init/main.c:1512 kernel_init+0xd/0x1b8 init/main.c:1402 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296 IN-SOFTIRQ-W at: lock_acquire+0x1f2/0xaa0 kernel/locking/lockdep.c:5398 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:354 [inline] sk_clone_lock+0x2a1/0x10b0 net/core/sock.c:1881 inet_csk_clone_lock+0x21/0x480 net/ipv4/inet_connection_sock.c:830 tcp_create_openreq_child+0x2d/0x1700 net/ipv4/tcp_minisocks.c:460 tcp_v6_syn_recv_sock+0x192/0x2240 net/ipv6/tcp_ipv6.c:1270 tcp_check_req+0x607/0x17b0 net/ipv4/tcp_minisocks.c:773 tcp_v6_rcv+0x1f15/0x3480 net/ipv6/tcp_ipv6.c:1632 ip6_protocol_deliver_rcu+0x2e8/0x1680 net/ipv6/ip6_input.c:433 ip6_input_finish+0x7f/0x160 net/ipv6/ip6_input.c:474 NF_HOOK include/linux/netfilter.h:301 [inline] NF_HOOK include/linux/netfilter.h:295 [inline] ip6_input+0x9c/0xd0 net/ipv6/ip6_input.c:483 dst_input include/net/dst.h:449 [inline] ip6_rcv_finish net/ipv6/ip6_input.c:76 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] NF_HOOK include/linux/netfilter.h:295 [inline] ipv6_rcv+0x28e/0x3c0 net/ipv6/ip6_input.c:307 __netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:5287 __netif_receive_skb+0x27/0x1c0 net/core/dev.c:5401 process_backlog+0x2e1/0x8e0 net/core/dev.c:6286 napi_poll net/core/dev.c:6730 [inline] net_rx_action+0x587/0x1320 net/core/dev.c:6800 __do_softirq+0x203/0xab6 kernel/softirq.c:298 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:786 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline] do_softirq_own_stack+0x9d/0xd0 arch/x86/kernel/irq_64.c:77 do_softirq kernel/softirq.c:343 [inline] do_softirq+0x154/0x1b0 kernel/softirq.c:330 __local_bh_enable_ip+0x196/0x1f0 kernel/softirq.c:195 local_bh_enable include/linux/bottom_half.h:32 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:730 [inline] ip6_finish_output2+0x953/0x1770 net/ipv6/ip6_output.c:118 __ip6_finish_output net/ipv6/ip6_output.c:143 [inline] __ip6_finish_output+0x447/0xab0 net/ipv6/ip6_output.c:128 ip6_finish_output+0x34/0x1f0 net/ipv6/ip6_output.c:153 NF_HOOK_COND include/linux/netfilter.h:290 [inline] ip6_output+0x1db/0x520 net/ipv6/ip6_output.c:176 dst_output include/net/dst.h:443 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] NF_HOOK include/linux/netfilter.h:295 [inline] ip6_xmit+0x1258/0x1e80 net/ipv6/ip6_output.c:280 inet6_csk_xmit+0x339/0x610 net/ipv6/inet6_connection_sock.c:135 __tcp_transmit_skb+0x18cc/0x3760 net/ipv4/tcp_output.c:1404 __tcp_send_ack.part.0+0x3e0/0x5d0 net/ipv4/tcp_output.c:3965 __tcp_send_ack net/ipv4/tcp_output.c:3971 [inline] tcp_send_ack+0x7d/0xa0 net/ipv4/tcp_output.c:3971 tcp_rcv_synsent_state_process net/ipv4/tcp_input.c:6159 [inline] tcp_rcv_state_process+0x389b/0x4ca0 net/ipv4/tcp_input.c:6328 tcp_v6_do_rcv+0x7ad/0x1290 net/ipv6/tcp_ipv6.c:1483 sk_backlog_rcv include/net/sock.h:1010 [inline] __release_sock+0x134/0x3a0 net/core/sock.c:2528 release_sock+0x54/0x1b0 net/core/sock.c:3051 inet_wait_for_connect net/ipv4/af_inet.c:594 [inline] __inet_stream_connect+0x579/0xe30 net/ipv4/af_inet.c:686 inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:725 mptcp_stream_connect+0x156/0x7a0 net/mptcp/protocol.c:2495 __sys_connect_file+0x155/0x1a0 net/socket.c:1852 __sys_connect+0x161/0x190 net/socket.c:1869 __do_sys_connect net/socket.c:1879 [inline] __se_sys_connect net/socket.c:1876 [inline] __x64_sys_connect+0x6f/0xb0 net/socket.c:1876 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 INITIAL USE at: lock_acquire+0x1f2/0xaa0 kernel/locking/lockdep.c:5398 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:175 spin_lock_bh include/linux/spinlock.h:359 [inline] lock_sock_nested+0x3b/0x110 net/core/sock.c:3034 lock_sock include/net/sock.h:1581 [inline] tcp_sock_set_nodelay+0x18/0xe0 net/ipv4/tcp.c:2916 rds_tcp_listen_init+0x132/0x4d0 net/rds/tcp_listen.c:275 rds_tcp_init_net+0x265/0x4e0 net/rds/tcp.c:559 ops_init+0xaf/0x470 net/core/net_namespace.c:151 __register_pernet_operations net/core/net_namespace.c:1140 [inline] register_pernet_operations+0x35a/0x850 net/core/net_namespace.c:1217 register_pernet_device+0x26/0x70 net/core/net_namespace.c:1304 rds_tcp_init+0x77/0xe0 net/rds/tcp.c:717 do_one_initcall+0x103/0x6f0 init/main.c:1204 do_initcall_level init/main.c:1277 [inline] do_initcalls init/main.c:1293 [inline] do_basic_setup init/main.c:1313 [inline] kernel_init_freeable+0x652/0x6d6 init/main.c:1512 kernel_init+0xd/0x1b8 init/main.c:1402 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296 } ... key at: [] af_family_kern_slock_keys+0xa0/0x300 ... acquired at: lock_acquire+0x1f2/0xaa0 kernel/locking/lockdep.c:5398 seqcount_lockdep_reader_access+0x139/0x1a0 include/linux/seqlock.h:103 xfrm_policy_lookup_inexact_addr+0x57/0x200 net/xfrm/xfrm_policy.c:1909 xfrm_policy_find_inexact_candidates+0xac/0x1d0 net/xfrm/xfrm_policy.c:1953 xfrm_policy_lookup_bytype+0x4b8/0xa40 net/xfrm/xfrm_policy.c:2108 xfrm_policy_lookup net/xfrm/xfrm_policy.c:2144 [inline] xfrm_bundle_lookup net/xfrm/xfrm_policy.c:2944 [inline] xfrm_lookup_with_ifid+0xab3/0x2130 net/xfrm/xfrm_policy.c:3085 icmpv6_route_lookup+0x2af/0x470 net/ipv6/icmp.c:377 icmp6_send+0x12f2/0x2670 net/ipv6/icmp.c:588 icmpv6_send include/linux/icmpv6.h:24 [inline] ip6_link_failure+0x29/0x510 net/ipv6/route.c:2669 dst_link_failure include/net/dst.h:426 [inline] vti_xmit net/ipv4/ip_vti.c:273 [inline] vti_tunnel_xmit+0xa53/0x1980 net/ipv4/ip_vti.c:309 __netdev_start_xmit include/linux/netdevice.h:4656 [inline] netdev_start_xmit include/linux/netdevice.h:4670 [inline] xmit_one net/core/dev.c:3562 [inline] dev_hard_start_xmit+0x188/0x880 net/core/dev.c:3578 __dev_queue_xmit+0x2062/0x2d30 net/core/dev.c:4137 neigh_connected_output+0x299/0x370 net/core/neighbour.c:1518 neigh_output include/net/neighbour.h:509 [inline] ip6_finish_output2+0x8ec/0x1770 net/ipv6/ip6_output.c:117 __ip6_finish_output net/ipv6/ip6_output.c:143 [inline] __ip6_finish_output+0x447/0xab0 net/ipv6/ip6_output.c:128 ip6_finish_output+0x34/0x1f0 net/ipv6/ip6_output.c:153 NF_HOOK_COND include/linux/netfilter.h:290 [inline] ip6_output+0x1db/0x520 net/ipv6/ip6_output.c:176 dst_output include/net/dst.h:443 [inline] ip6_local_out+0xaf/0x1a0 net/ipv6/output_core.c:179 ip6_send_skb+0xb7/0x340 net/ipv6/ip6_output.c:1867 udp_v6_send_skb+0x7c2/0x15d0 net/ipv6/udp.c:1233 udpv6_sendmsg+0x2300/0x2b90 net/ipv6/udp.c:1531 inet6_sendmsg+0x99/0xe0 net/ipv6/af_inet6.c:638 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:671 ____sys_sendmsg+0x331/0x810 net/socket.c:2362 ___sys_sendmsg+0xf3/0x170 net/socket.c:2416 __sys_sendmmsg+0x196/0x4b0 net/socket.c:2506 __do_sys_sendmmsg net/socket.c:2535 [inline] __se_sys_sendmmsg net/socket.c:2532 [inline] __x64_sys_sendmmsg+0x99/0x100 net/socket.c:2532 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 the dependencies between the lock to be acquired and SOFTIRQ-irq-unsafe lock: -> (&s->seqcount#10){+.+.}-{0:0} { HARDIRQ-ON-W at: lock_acquire+0x1f2/0xaa0 kernel/locking/lockdep.c:5398 write_seqcount_t_begin_nested include/linux/seqlock.h:509 [inline] write_seqcount_t_begin include/linux/seqlock.h:535 [inline] write_seqlock include/linux/seqlock.h:883 [inline] xfrm_set_spdinfo+0x302/0x660 net/xfrm/xfrm_user.c:1185 xfrm_user_rcv_msg+0x41e/0x720 net/xfrm/xfrm_user.c:2684 netlink_rcv_skb+0x15a/0x430 net/netlink/af_netlink.c:2470 xfrm_netlink_rcv+0x6b/0x90 net/xfrm/xfrm_user.c:2692 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:671 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2362 ___sys_sendmsg+0xf3/0x170 net/socket.c:2416 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2449 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 SOFTIRQ-ON-W at: lock_acquire+0x1f2/0xaa0 kernel/locking/lockdep.c:5398 write_seqcount_t_begin_nested include/linux/seqlock.h:509 [inline] write_seqcount_t_begin include/linux/seqlock.h:535 [inline] write_seqlock include/linux/seqlock.h:883 [inline] xfrm_set_spdinfo+0x302/0x660 net/xfrm/xfrm_user.c:1185 xfrm_user_rcv_msg+0x41e/0x720 net/xfrm/xfrm_user.c:2684 netlink_rcv_skb+0x15a/0x430 net/netlink/af_netlink.c:2470 xfrm_netlink_rcv+0x6b/0x90 net/xfrm/xfrm_user.c:2692 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:671 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2362 ___sys_sendmsg+0xf3/0x170 net/socket.c:2416 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2449 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 INITIAL USE at: lock_acquire+0x1f2/0xaa0 kernel/locking/lockdep.c:5398 write_seqcount_t_begin_nested include/linux/seqlock.h:509 [inline] write_seqcount_t_begin include/linux/seqlock.h:535 [inline] write_seqlock include/linux/seqlock.h:883 [inline] xfrm_set_spdinfo+0x302/0x660 net/xfrm/xfrm_user.c:1185 xfrm_user_rcv_msg+0x41e/0x720 net/xfrm/xfrm_user.c:2684 netlink_rcv_skb+0x15a/0x430 net/netlink/af_netlink.c:2470 xfrm_netlink_rcv+0x6b/0x90 net/xfrm/xfrm_user.c:2692 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:671 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2362 ___sys_sendmsg+0xf3/0x170 net/socket.c:2416 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2449 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 (null) at: ================================================================================ UBSAN: array-index-out-of-bounds in kernel/locking/lockdep.c:2240:40 index 9 is out of range for type 'lock_trace *[9]' CPU: 0 PID: 14205 Comm: syz-executor.1 Not tainted 5.9.0-rc5-next-20200916-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x198/0x1fb lib/dump_stack.c:118 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148 __ubsan_handle_out_of_bounds.cold+0x62/0x6c lib/ubsan.c:356 print_lock_class_header kernel/locking/lockdep.c:2240 [inline] print_shortest_lock_dependencies.cold+0x11c/0x2e2 kernel/locking/lockdep.c:2263 print_bad_irq_dependency kernel/locking/lockdep.c:2402 [inline] check_irq_usage.cold+0x49c/0x613 kernel/locking/lockdep.c:2634 check_prev_add kernel/locking/lockdep.c:2823 [inline] check_prevs_add kernel/locking/lockdep.c:2944 [inline] validate_chain kernel/locking/lockdep.c:3562 [inline] __lock_acquire+0x2873/0x56d0 kernel/locking/lockdep.c:4796 lock_acquire+0x1f2/0xaa0 kernel/locking/lockdep.c:5398 seqcount_lockdep_reader_access+0x139/0x1a0 include/linux/seqlock.h:103 xfrm_policy_lookup_inexact_addr+0x57/0x200 net/xfrm/xfrm_policy.c:1909 xfrm_policy_find_inexact_candidates+0xac/0x1d0 net/xfrm/xfrm_policy.c:1953 xfrm_policy_lookup_bytype+0x4b8/0xa40 net/xfrm/xfrm_policy.c:2108 xfrm_policy_lookup net/xfrm/xfrm_policy.c:2144 [inline] xfrm_bundle_lookup net/xfrm/xfrm_policy.c:2944 [inline] xfrm_lookup_with_ifid+0xab3/0x2130 net/xfrm/xfrm_policy.c:3085 icmpv6_route_lookup+0x2af/0x470 net/ipv6/icmp.c:377 icmp6_send+0x12f2/0x2670 net/ipv6/icmp.c:588 icmpv6_send include/linux/icmpv6.h:24 [inline] ip6_link_failure+0x29/0x510 net/ipv6/route.c:2669 dst_link_failure include/net/dst.h:426 [inline] vti_xmit net/ipv4/ip_vti.c:273 [inline] vti_tunnel_xmit+0xa53/0x1980 net/ipv4/ip_vti.c:309 __netdev_start_xmit include/linux/netdevice.h:4656 [inline] netdev_start_xmit include/linux/netdevice.h:4670 [inline] xmit_one net/core/dev.c:3562 [inline] dev_hard_start_xmit+0x188/0x880 net/core/dev.c:3578 __dev_queue_xmit+0x2062/0x2d30 net/core/dev.c:4137 neigh_connected_output+0x299/0x370 net/core/neighbour.c:1518 neigh_output include/net/neighbour.h:509 [inline] ip6_finish_output2+0x8ec/0x1770 net/ipv6/ip6_output.c:117 __ip6_finish_output net/ipv6/ip6_output.c:143 [inline] __ip6_finish_output+0x447/0xab0 net/ipv6/ip6_output.c:128 ip6_finish_output+0x34/0x1f0 net/ipv6/ip6_output.c:153 NF_HOOK_COND include/linux/netfilter.h:290 [inline] ip6_output+0x1db/0x520 net/ipv6/ip6_output.c:176 dst_output include/net/dst.h:443 [inline] ip6_local_out+0xaf/0x1a0 net/ipv6/output_core.c:179 ip6_send_skb+0xb7/0x340 net/ipv6/ip6_output.c:1867 udp_v6_send_skb+0x7c2/0x15d0 net/ipv6/udp.c:1233 udpv6_sendmsg+0x2300/0x2b90 net/ipv6/udp.c:1531 inet6_sendmsg+0x99/0xe0 net/ipv6/af_inet6.c:638 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:671 ____sys_sendmsg+0x331/0x810 net/socket.c:2362 ___sys_sendmsg+0xf3/0x170 net/socket.c:2416 __sys_sendmmsg+0x196/0x4b0 net/socket.c:2506 __do_sys_sendmmsg net/socket.c:2535 [inline] __se_sys_sendmmsg net/socket.c:2532 [inline] __x64_sys_sendmmsg+0x99/0x100 net/socket.c:2532 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45d5f9 Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f5d88496c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 0000000000027a40 RCX: 000000000045d5f9 RDX: 0000000000000066 RSI: 000000002000ac80 RDI: 0000000000000005 RBP: 000000000118cf88 R08: 0000000000000000 R09: 0000000000000000 R10: 2000000000000000 R11: 0000000000000246 R12: 000000000118cf4c R13: 00007fff6a887eaf R14: 00007f5d884979c0 R15: 000000000118cf4c ================================================================================