================================ WARNING: inconsistent lock state 4.19.106-syzkaller #0 Not tainted -------------------------------- inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. udevd/20228 [HC0[0]:SC1[1]:HE1:SE0] takes: 0000000079e3ad54 (rxrpc_conn_id_lock){+.?.}, at: spin_lock include/linux/spinlock.h:329 [inline] 0000000079e3ad54 (rxrpc_conn_id_lock){+.?.}, at: rxrpc_put_client_connection_id.part.0+0x15/0x70 net/rxrpc/conn_client.c:143 {SOFTIRQ-ON-W} state was registered at: __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329 [inline] rxrpc_get_client_connection_id net/rxrpc/conn_client.c:114 [inline] rxrpc_alloc_client_connection net/rxrpc/conn_client.c:198 [inline] rxrpc_get_client_conn net/rxrpc/conn_client.c:345 [inline] rxrpc_connect_call+0x8a4/0x4630 net/rxrpc/conn_client.c:702 rxrpc_new_client_call+0x8c6/0x1850 net/rxrpc/call_object.c:291 rxrpc_new_client_call_for_sendmsg net/rxrpc/sendmsg.c:596 [inline] rxrpc_do_sendmsg+0xf2e/0x1bc1 net/rxrpc/sendmsg.c:652 rxrpc_sendmsg+0x4a8/0x5b0 net/rxrpc/af_rxrpc.c:593 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:632 ___sys_sendmsg+0x3e2/0x920 net/socket.c:2115 __sys_sendmmsg+0x195/0x470 net/socket.c:2210 __do_sys_sendmmsg net/socket.c:2239 [inline] __se_sys_sendmmsg net/socket.c:2236 [inline] __x64_sys_sendmmsg+0x99/0x100 net/socket.c:2236 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready irq event stamp: 278 hardirqs last enabled at (278): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (278): [] _raw_spin_unlock_irqrestore+0x67/0xe0 kernel/locking/spinlock.c:184 hardirqs last disabled at (277): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (277): [] _raw_spin_lock_irqsave+0x66/0xbf kernel/locking/spinlock.c:152 softirqs last enabled at (0): [] copy_process.part.0+0x15b2/0x7a60 kernel/fork.c:1840 softirqs last disabled at (159): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (159): [] irq_exit+0x17b/0x1c0 kernel/softirq.c:412 IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(rxrpc_conn_id_lock); lock(rxrpc_conn_id_lock); *** DEADLOCK *** 2 locks held by udevd/20228: #0: 00000000ba7b5630 (&selinux_ss.policy_rwlock){.+.?}, at: security_compute_av+0x68/0xba0 security/selinux/ss/services.c:1119 IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready #1: 000000007d660abb (rcu_callback){....}, at: __rcu_reclaim kernel/rcu/rcu.h:226 [inline] #1: 000000007d660abb (rcu_callback){....}, at: rcu_do_batch kernel/rcu/tree.c:2584 [inline] #1: 000000007d660abb (rcu_callback){....}, at: invoke_rcu_callbacks kernel/rcu/tree.c:2897 [inline] #1: 000000007d660abb (rcu_callback){....}, at: __rcu_process_callbacks kernel/rcu/tree.c:2864 [inline] #1: 000000007d660abb (rcu_callback){....}, at: rcu_process_callbacks+0xbff/0x17f0 kernel/rcu/tree.c:2881 stack backtrace: CPU: 1 PID: 20228 Comm: udevd Not tainted 4.19.106-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x188/0x20d lib/dump_stack.c:118 print_usage_bug.cold+0x327/0x425 kernel/locking/lockdep.c:2540 valid_state kernel/locking/lockdep.c:2553 [inline] mark_lock_irq kernel/locking/lockdep.c:2747 [inline] mark_lock+0xc71/0x11b0 kernel/locking/lockdep.c:3127 mark_irqflags kernel/locking/lockdep.c:3005 [inline] __lock_acquire+0xc62/0x49c0 kernel/locking/lockdep.c:3368 lock_acquire+0x170/0x400 kernel/locking/lockdep.c:3903 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329 [inline] rxrpc_put_client_connection_id.part.0+0x15/0x70 net/rxrpc/conn_client.c:143 rxrpc_put_client_connection_id include/linux/spinlock.h:370 [inline] rxrpc_put_one_client_conn net/rxrpc/conn_client.c:956 [inline] rxrpc_put_client_conn+0x6aa/0xc00 net/rxrpc/conn_client.c:1002 rxrpc_put_connection net/rxrpc/ar-internal.h:951 [inline] rxrpc_rcu_destroy_call+0xb6/0x1e0 net/rxrpc/call_object.c:657 __rcu_reclaim kernel/rcu/rcu.h:236 [inline] rcu_do_batch kernel/rcu/tree.c:2584 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2897 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2864 [inline] rcu_process_callbacks+0xb2d/0x17f0 kernel/rcu/tree.c:2881 __do_softirq+0x26c/0x93c kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x17b/0x1c0 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:544 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1094 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:893 RIP: 0010:flex_array_get_ptr+0x3c/0x60 lib/flex_array.c:353 Code: 48 89 ef e8 86 fd ff ff 48 85 c0 74 2f 48 89 c3 e8 a9 6e 15 fe 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 <75> 15 4c 8b 23 e8 8a 6e 15 fe 4c 89 e0 5b 5d 41 5c c3 45 31 e4 eb RSP: 0018:ffff888049d4f590 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: dffffc0000000000 RBX: ffff888099582ee8 RCX: 0000000000000008 RDX: 1ffff110132b05dd RSI: ffffffff83521a97 RDI: ffff88809957c488 RBP: ffff88809957c480 R08: ffff88804c8fa5c0 R09: ffff888049d4f90c R10: ffffed10093a9f25 R11: ffff888049d4f92b R12: 0000000000000935 R13: dffffc0000000000 R14: ffff888049d4f760 R15: ffff888049d4f760 avtab_search_node+0x1d1/0x520 security/selinux/ss/avtab.c:229 cond_compute_av+0x55/0x337 security/selinux/ss/conditional.c:646 context_struct_compute_av+0x876/0x1470 security/selinux/ss/services.c:682 security_compute_av+0x425/0xba0 security/selinux/ss/services.c:1152 avc_compute_av+0xf3/0x6a0 security/selinux/avc.c:1007 avc_has_perm_noaudit+0x3ac/0x520 security/selinux/avc.c:1150 selinux_inode_permission+0x3bc/0x640 security/selinux/hooks.c:3222 security_inode_permission+0xae/0xf0 security/security.c:704 inode_permission+0x11b/0x550 fs/namei.c:459 may_open.isra.0+0x1a5/0x310 fs/namei.c:2974 do_last fs/namei.c:3417 [inline] path_openat+0xfb0/0x4200 fs/namei.c:3537 do_filp_open+0x1a1/0x280 fs/namei.c:3567 do_sys_open+0x3c0/0x500 fs/open.c:1088 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7febb32e1120 Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 RSP: 002b:00007fff8980b378 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007febb32e1120 RDX: 0000000000a2b510 RSI: 0000000000000002 RDI: 000000000041c571 RBP: 0000000000625500 R08: 0000000000001fa7 R09: 0000000000001fa7 R10: 00007febb3006240 R11: 0000000000000246 R12: 0000000000b88830 R13: 0000000000000007 R14: 00000000009f8030 R15: 0000000000000005 IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready kauditd_printk_skb: 42 callbacks suppressed audit: type=1400 audit(1582831249.326:153): avc: denied { write } for pid=20214 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1582831249.386:154): avc: denied { map } for pid=20253 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1582831249.456:155): avc: denied { create } for pid=20214 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1582831249.456:156): avc: denied { write } for pid=20214 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1582831249.456:157): avc: denied { read } for pid=20214 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1582831249.576:158): avc: denied { map } for pid=20254 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1582831249.676:159): avc: denied { create } for pid=20257 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1582831249.746:160): avc: denied { map } for pid=20274 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1582831249.856:161): avc: denied { write } for pid=20257 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1582831249.896:162): avc: denied { map } for pid=20288 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready autofs4:pid:20512:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(536870976.0), cmd(0x00009374) autofs4:pid:20512:validate_dev_ioctl: invalid device control module version supplied for cmd(0x00009374) SELinux: avc: seqno 36 < latest_notif 37 IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready kauditd_printk_skb: 51 callbacks suppressed audit: type=1400 audit(1582831254.766:214): avc: denied { create } for pid=20562 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1582831254.826:215): avc: denied { map } for pid=20580 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1582831254.856:216): avc: denied { write } for pid=20562 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1582831254.906:217): avc: denied { map } for pid=20586 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1582831254.966:218): avc: denied { create } for pid=20562 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1582831254.966:219): avc: denied { write } for pid=20562 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1582831254.966:220): avc: denied { read } for pid=20562 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1582831255.656:221): avc: denied { create } for pid=20620 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1582831255.726:222): avc: denied { map } for pid=20623 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1582831255.756:223): avc: denied { write } for pid=20620 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1