bisecting cause commit starting from b0be0eff1a5ab77d588b76bd8b1c92d5d17b3f73
building syzkaller on 56cd6c9b80ee424566e3ceaf8a4b042803a130ad
testing commit b0be0eff1a5ab77d588b76bd8b1c92d5d17b3f73 with gcc (GCC) 8.1.0
kernel signature: 76865f46f8b0ecedd0c282091a6819a145ad735861a8d2ac2274e0238d18820d
all runs: crashed: possible deadlock in sidtab_sid2str_put
testing release v5.5
testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0
kernel signature: ceb0715481eac3e359f59049ce80c5a341ceb40a7800db0ab6ed36c28a1f725c
all runs: OK
# git bisect start b0be0eff1a5ab77d588b76bd8b1c92d5d17b3f73 d5226fa6dbae0569ee43ecfc08bdcd6770fc4755
Bisecting: 398 revisions left to test after this (roughly 9 steps)
[1e1ab4ba4747afad3e44a77dded1bab4cb77049e] Merge tag 'spi-v5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi
testing commit 1e1ab4ba4747afad3e44a77dded1bab4cb77049e with gcc (GCC) 8.1.0
kernel signature: 64b6801f95f14e8237f969f1a424fab896ed78caf5417bc2713cfdab15f6e1c7
all runs: OK
# git bisect good 1e1ab4ba4747afad3e44a77dded1bab4cb77049e
Bisecting: 211 revisions left to test after this (roughly 8 steps)
[48b4b4ff1ee044a977929bcf80e79f8212f756b4] Merge tag 'for-5.6/block-2020-01-27' of git://git.kernel.dk/linux-block
testing commit 48b4b4ff1ee044a977929bcf80e79f8212f756b4 with gcc (GCC) 8.1.0
kernel signature: 1bbb216fdf80f88c8d0e911f403977a473e8c831d44ee1f27a4ebb194fb8af04
all runs: OK
# git bisect good 48b4b4ff1ee044a977929bcf80e79f8212f756b4
Bisecting: 116 revisions left to test after this (roughly 7 steps)
[534b0a8b677443c0aa8c4c71ff7887f08a2b9b41] Merge tag 'core-debugobjects-2020-01-28' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
testing commit 534b0a8b677443c0aa8c4c71ff7887f08a2b9b41 with gcc (GCC) 8.1.0
kernel signature: de355cddb0ab27e6b7512b8ba3893f7c80f7fcbf16f65f873c4596c27b7e8fab
all runs: crashed: possible deadlock in sidtab_sid2str_put
# git bisect bad 534b0a8b677443c0aa8c4c71ff7887f08a2b9b41
Bisecting: 47 revisions left to test after this (roughly 6 steps)
[6a1000bd27035bba17ede9dc915166276a811edb] Merge tag 'ioremap-5.6' of git://git.infradead.org/users/hch/ioremap
testing commit 6a1000bd27035bba17ede9dc915166276a811edb with gcc (GCC) 8.1.0
kernel signature: 572e760afd268843a6b75f52af7193acb4a8aa91ad4167f38af3896457fde0bf
all runs: OK
# git bisect good 6a1000bd27035bba17ede9dc915166276a811edb
Bisecting: 23 revisions left to test after this (roughly 5 steps)
[ae3d8c2e27bf95dbd2977f247123f88955a761db] selinux: fix wrong buffer types in policydb.c
testing commit ae3d8c2e27bf95dbd2977f247123f88955a761db with gcc (GCC) 8.1.0
kernel signature: 79c85f9d0f0de35cbad31c39a7321c7b11138afde0622390a7ff65c41f25897e
all runs: crashed: possible deadlock in sidtab_sid2str_put
# git bisect bad ae3d8c2e27bf95dbd2977f247123f88955a761db
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[030b995ad9ece9fa2d218af4429c1c78c2342096] selinux: ensure we cleanup the internal AVC counters on error in avc_update()
testing commit 030b995ad9ece9fa2d218af4429c1c78c2342096 with gcc (GCC) 8.1.0
kernel signature: 36a87bfadf26201e6c5bfb192b98adc0ed9812c8685819e71ee696b6a2614505
all runs: crashed: possible deadlock in sidtab_sid2str_put
# git bisect bad 030b995ad9ece9fa2d218af4429c1c78c2342096
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[5298d0b9b98089f5af406f7e05a41a53f9a15c11] selinux: clean up selinux_inode_permission MAY_NOT_BLOCK tests
testing commit 5298d0b9b98089f5af406f7e05a41a53f9a15c11 with gcc (GCC) 8.1.0
kernel signature: 48966261ff894e9b6ffd3fc9471ebd362496b29025149de18e835ce57b05b749
all runs: crashed: possible deadlock in sidtab_sid2str_put
# git bisect bad 5298d0b9b98089f5af406f7e05a41a53f9a15c11
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[59438b46471ae6cdfb761afc8c9beaf1e428a331] security,lockdown,selinux: implement SELinux lockdown
testing commit 59438b46471ae6cdfb761afc8c9beaf1e428a331 with gcc (GCC) 8.1.0
kernel signature: 8d5680fdcc6aa7f30b3fb1932788a466b5a95a3f4f18f5b53ceb775a1949c28e
all runs: crashed: possible deadlock in sidtab_sid2str_put
# git bisect bad 59438b46471ae6cdfb761afc8c9beaf1e428a331
Bisecting: 0 revisions left to test after this (roughly 1 step)
[d97bd23c2d7d866e99eb3a927c742715c85a90ef] selinux: cache the SID -> context string translation
testing commit d97bd23c2d7d866e99eb3a927c742715c85a90ef with gcc (GCC) 8.1.0
kernel signature: a81257a4bcfe510196242e8423d493d9836bbda34fe73af04709247f98570605
all runs: crashed: possible deadlock in sidtab_sid2str_put
# git bisect bad d97bd23c2d7d866e99eb3a927c742715c85a90ef
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[66f8e2f03c02e812002f8e9e465681cc62edda5b] selinux: sidtab reverse lookup hash table
testing commit 66f8e2f03c02e812002f8e9e465681cc62edda5b with gcc (GCC) 8.1.0
kernel signature: cb8d119122b50502b69da01eef906137f9f3723dece93edbae10fe55a395baa6
all runs: OK
# git bisect good 66f8e2f03c02e812002f8e9e465681cc62edda5b
d97bd23c2d7d866e99eb3a927c742715c85a90ef is the first bad commit
commit d97bd23c2d7d866e99eb3a927c742715c85a90ef
Author: Ondrej Mosnacek <omosnace@redhat.com>
Date:   Tue Nov 26 14:57:00 2019 +0100

    selinux: cache the SID -> context string translation
    
    Translating a context struct to string can be quite slow, especially if
    the context has a lot of category bits set. This can cause quite
    noticeable performance impact in situations where the translation needs
    to be done repeatedly. A common example is a UNIX datagram socket with
    the SO_PASSSEC option enabled, which is used e.g. by systemd-journald
    when receiving log messages via datagram socket. This scenario can be
    reproduced with:
    
        cat /dev/urandom | base64 | logger &
        timeout 30s perf record -p $(pidof systemd-journald) -a -g
        kill %1
        perf report -g none --pretty raw | grep security_secid_to_secctx
    
    Before the caching introduced by this patch, computing the context
    string (security_secid_to_secctx() function) takes up ~65% of
    systemd-journald's CPU time (assuming a context with 1024 categories
    set and Fedora x86_64 release kernel configs). After this patch
    (assuming near-perfect cache hit ratio) this overhead is reduced to just
    ~2%.
    
    This patch addresses the issue by caching a certain number (compile-time
    configurable) of recently used context strings to speed up repeated
    translations of the same context, while using only a small amount of
    memory.
    
    The cache is integrated into the existing sidtab table by adding a field
    to each entry, which when not NULL contains an RCU-protected pointer to
    a cache entry containing the cached string. The cache entries are kept
    in a linked list sorted according to how recently they were used. On a
    cache miss when the cache is full, the least recently used entry is
    removed to make space for the new entry.
    
    The patch migrates security_sid_to_context_core() to use the cache (also
    a few other functions where it was possible without too much fuss, but
    these mostly use the translation for logging in case of error, which is
    rare).
    
    Link: https://bugzilla.redhat.com/show_bug.cgi?id=1733259
    Cc: Michal Sekletar <msekleta@redhat.com>
    Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
    Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov>
    Tested-by: Stephen Smalley <sds@tycho.nsa.gov>
    Reviewed-by: Paul E. McKenney <paulmck@kernel.org>
    [PM: lots of merge fixups due to collisions with other sidtab patches]
    Signed-off-by: Paul Moore <paul@paul-moore.com>

 security/selinux/Kconfig       |  11 +++
 security/selinux/ss/services.c | 138 +++++++++++++++++++-------------
 security/selinux/ss/sidtab.c   | 175 +++++++++++++++++++++++++++++++++--------
 security/selinux/ss/sidtab.h   |  58 +++++++++++---
 4 files changed, 288 insertions(+), 94 deletions(-)
culprit signature: a81257a4bcfe510196242e8423d493d9836bbda34fe73af04709247f98570605
parent  signature: cb8d119122b50502b69da01eef906137f9f3723dece93edbae10fe55a395baa6
revisions tested: 12, total time: 2h37m39.707392878s (build: 1h18m31.133080298s, test: 1h17m55.64594378s)
first bad commit: d97bd23c2d7d866e99eb3a927c742715c85a90ef selinux: cache the SID -> context string translation
cc: ["omosnace@redhat.com" "paul@paul-moore.com" "paulmck@kernel.org" "sds@tycho.nsa.gov"]
crash: possible deadlock in sidtab_sid2str_put
=====================================================
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
5.5.0-rc1-syzkaller #0 Not tainted
-----------------------------------------------------
syz-executor.1/8737 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire:
ffff888099440098 (&(&s->cache_lock)->rlock){+.+.}, at: spin_lock include/linux/spinlock.h:338 [inline]
ffff888099440098 (&(&s->cache_lock)->rlock){+.+.}, at: sidtab_sid2str_put.part.4+0x31/0x7e0 security/selinux/ss/sidtab.c:533

and this task is already holding:
ffffffff88c63be0 (&(&nf_conntrack_locks[i])->rlock){+.-.}, at: spin_lock include/linux/spinlock.h:338 [inline]
ffffffff88c63be0 (&(&nf_conntrack_locks[i])->rlock){+.-.}, at: nf_conntrack_lock+0xd/0x50 net/netfilter/nf_conntrack_core.c:91
which would create a new lock dependency:
 (&(&nf_conntrack_locks[i])->rlock){+.-.} -> (&(&s->cache_lock)->rlock){+.+.}

but this new dependency connects a SOFTIRQ-irq-safe lock:
 (&(&nf_conntrack_locks[i])->rlock){+.-.}

... which became SOFTIRQ-irq-safe at:
  lock_acquire+0x194/0x410 kernel/locking/lockdep.c:4485
  __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
  _raw_spin_lock+0x2d/0x40 kernel/locking/spinlock.c:151
  spin_lock include/linux/spinlock.h:338 [inline]
  nf_conntrack_lock+0xd/0x50 net/netfilter/nf_conntrack_core.c:91
  nf_conntrack_double_lock.isra.30+0xa1/0xb0 net/netfilter/nf_conntrack_core.c:134
  __nf_conntrack_confirm+0x270/0x26d0 net/netfilter/nf_conntrack_core.c:962
  nf_conntrack_confirm include/net/netfilter/nf_conntrack_core.h:63 [inline]
  nf_confirm+0x2e6/0x3b0 net/netfilter/nf_conntrack_proto.c:154
  ipv4_confirm+0x118/0x230 net/netfilter/nf_conntrack_proto.c:169
  nf_hook_entry_hookfn include/linux/netfilter.h:135 [inline]
  nf_hook_slow+0xa3/0x170 net/netfilter/core.c:512
  nf_hook include/linux/netfilter.h:262 [inline]
  NF_HOOK include/linux/netfilter.h:305 [inline]
  ip_local_deliver+0x2ae/0x430 net/ipv4/ip_input.c:252
  dst_input include/net/dst.h:442 [inline]
  ip_sublist_rcv_finish+0x87/0x260 net/ipv4/ip_input.c:549
  ip_list_rcv_finish net/ipv4/ip_input.c:599 [inline]
  ip_sublist_rcv+0x49a/0x8b0 net/ipv4/ip_input.c:607
  ip_list_rcv+0x2e9/0x4b8 net/ipv4/ip_input.c:642
  __netif_receive_skb_list_ptype net/core/dev.c:5193 [inline]
  __netif_receive_skb_list_core+0x4bd/0x930 net/core/dev.c:5241
  __netif_receive_skb_list net/core/dev.c:5293 [inline]
  netif_receive_skb_list_internal+0x61b/0xd60 net/core/dev.c:5388
  gro_normal_list.part.137+0x19/0xb0 net/core/dev.c:5810
  gro_normal_list net/core/dev.c:6216 [inline]
  napi_complete_done+0x164/0x410 net/core/dev.c:6203
  virtqueue_napi_complete+0x2a/0x70 drivers/net/virtio_net.c:329
  virtnet_poll+0x9a8/0xe50 drivers/net/virtio_net.c:1432
  napi_poll net/core/dev.c:6532 [inline]
  net_rx_action+0x458/0xe40 net/core/dev.c:6600
  __do_softirq+0x262/0x9a8 kernel/softirq.c:292
  invoke_softirq kernel/softirq.c:373 [inline]
  irq_exit+0x19a/0x1d0 kernel/softirq.c:413
  exiting_irq arch/x86/include/asm/apic.h:536 [inline]
  do_IRQ+0xe3/0x280 arch/x86/kernel/irq.c:263
  ret_from_intr+0x0/0x36
  arch_local_irq_restore arch/x86/include/asm/paravirt.h:752 [inline]
  lock_acquire+0x212/0x410 kernel/locking/lockdep.c:4488
  rcu_lock_acquire include/linux/rcupdate.h:208 [inline]
  rcu_read_lock include/linux/rcupdate.h:617 [inline]
  avc_has_perm_noaudit+0xc4/0x460 security/selinux/avc.c:1159
  selinux_inode_permission+0x2b7/0x470 security/selinux/hooks.c:3062
  security_inode_permission+0x73/0xb0 security/security.c:1202
  inode_permission+0xbe/0x3b0 fs/namei.c:457
  may_lookup fs/namei.c:1690 [inline]
  link_path_walk.part.41+0x16d/0x1550 fs/namei.c:2071
  link_path_walk fs/namei.c:2059 [inline]
  path_lookupat.isra.43+0x1aa/0x850 fs/namei.c:2304
  filename_lookup.part.58+0x15e/0x390 fs/namei.c:2335
  filename_lookup fs/namei.c:2328 [inline]
  user_path_at_empty+0x39/0x40 fs/namei.c:2615
  user_path_at include/linux/namei.h:49 [inline]
  do_faccessat+0x22a/0x630 fs/open.c:398
  __do_sys_access fs/open.c:450 [inline]
  __se_sys_access fs/open.c:448 [inline]
  __x64_sys_access+0x54/0x80 fs/open.c:448
  do_syscall_64+0xca/0x5f0 arch/x86/entry/common.c:294
  entry_SYSCALL_64_after_hwframe+0x49/0xbe

to a SOFTIRQ-irq-unsafe lock:
 (&(&s->cache_lock)->rlock){+.+.}

... which became SOFTIRQ-irq-unsafe at:
...
  lock_acquire+0x194/0x410 kernel/locking/lockdep.c:4485
  __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
  _raw_spin_lock+0x2d/0x40 kernel/locking/spinlock.c:151
  spin_lock include/linux/spinlock.h:338 [inline]
  sidtab_sid2str_put.part.4+0x31/0x7e0 security/selinux/ss/sidtab.c:533
  sidtab_sid2str_put+0x5d/0x90 security/selinux/ss/sidtab.c:566
  sidtab_entry_to_string+0xb2/0xf0 security/selinux/ss/services.c:1279
  security_sid_to_context_core.isra.14+0x222/0x350 security/selinux/ss/services.c:1355
  security_sid_to_context+0x20/0x30 security/selinux/ss/services.c:1378
  avc_audit_post_callback+0x103/0x660 security/selinux/avc.c:712
  common_lsm_audit+0x4c2/0x1bf0 security/lsm_audit.c:461
  slow_avc_audit+0x115/0x1e0 security/selinux/avc.c:797
  avc_audit security/selinux/include/avc.h:138 [inline]
  avc_has_perm+0x3c1/0x490 security/selinux/avc.c:1201
  inode_has_perm+0x164/0x200 security/selinux/hooks.c:1684
  selinux_mmap_file+0xf2/0x190 security/selinux/hooks.c:3710
  security_mmap_file+0xcb/0x140 security/security.c:1449
  vm_mmap_pgoff+0xe7/0x210 mm/util.c:502
  vm_mmap+0x30/0x40 mm/util.c:525
  elf_map+0xc7/0x2b0 fs/binfmt_elf.c:377
  load_elf_binary+0xb6b/0x4b70 fs/binfmt_elf.c:982
  search_binary_handler+0x11f/0x620 fs/exec.c:1658
  exec_binprm fs/exec.c:1701 [inline]
  __do_execve_file.isra.34+0x12bc/0x1fd0 fs/exec.c:1821
  do_execveat_common fs/exec.c:1867 [inline]
  do_execve fs/exec.c:1884 [inline]
  __do_sys_execve fs/exec.c:1960 [inline]
  __se_sys_execve fs/exec.c:1955 [inline]
  __x64_sys_execve+0x8a/0xb0 fs/exec.c:1955
  do_syscall_64+0xca/0x5f0 arch/x86/entry/common.c:294
  entry_SYSCALL_64_after_hwframe+0x49/0xbe

other info that might help us debug this:

 Possible interrupt unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&(&s->cache_lock)->rlock);
                               local_irq_disable();
                               lock(&(&nf_conntrack_locks[i])->rlock);
                               lock(&(&s->cache_lock)->rlock);
  <Interrupt>
    lock(&(&nf_conntrack_locks[i])->rlock);

 *** DEADLOCK ***

4 locks held by syz-executor.1/8737:
 #0: ffffffff8b48e268 (&table[i].mutex){+.+.}, at: nfnl_lock net/netfilter/nfnetlink.c:62 [inline]
 #0: ffffffff8b48e268 (&table[i].mutex){+.+.}, at: nfnetlink_rcv_msg+0x6e1/0xbf0 net/netfilter/nfnetlink.c:224
 #1: ffff8880a959f5d8 (nlk_cb_mutex-NETFILTER){+.+.}, at: netlink_dump+0xcc/0x10c0 net/netlink/af_netlink.c:2199
 #2: ffffffff88c63be0 (&(&nf_conntrack_locks[i])->rlock){+.-.}, at: spin_lock include/linux/spinlock.h:338 [inline]
 #2: ffffffff88c63be0 (&(&nf_conntrack_locks[i])->rlock){+.-.}, at: nf_conntrack_lock+0xd/0x50 net/netfilter/nf_conntrack_core.c:91
 #3: ffffffff8aac1e28 (&selinux_ss.policy_rwlock){.+.?}, at: security_sid_to_context_core.isra.14+0x16c/0x350 security/selinux/ss/services.c:1338

the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
-> (&(&nf_conntrack_locks[i])->rlock){+.-.} {
   HARDIRQ-ON-W at:
                    lock_acquire+0x194/0x410 kernel/locking/lockdep.c:4485
                    __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
                    _raw_spin_lock+0x2d/0x40 kernel/locking/spinlock.c:151
                    spin_lock include/linux/spinlock.h:338 [inline]
                    nf_conntrack_lock+0xd/0x50 net/netfilter/nf_conntrack_core.c:91
                    get_next_corpse net/netfilter/nf_conntrack_core.c:2000 [inline]
                    nf_ct_iterate_cleanup+0x166/0x370 net/netfilter/nf_conntrack_core.c:2034
                    nf_ct_iterate_destroy+0x104/0x130 net/netfilter/nf_conntrack_core.c:2161
                    nf_conntrack_helper_unregister+0x100/0x150 net/netfilter/nf_conntrack_helper.c:469
                    nf_conntrack_helpers_unregister net/netfilter/nf_conntrack_helper.c:532 [inline]
                    nf_conntrack_helpers_register+0x5d/0x80 net/netfilter/nf_conntrack_helper.c:523
                    nf_conntrack_sip_init+0x265/0x28c net/netfilter/nf_conntrack_sip.c:1693
                    do_one_initcall+0xd8/0x5b5 init/main.c:938
                    do_initcall_level init/main.c:1006 [inline]
                    do_initcalls init/main.c:1014 [inline]
                    do_basic_setup init/main.c:1031 [inline]
                    kernel_init_freeable+0x457/0x4f6 init/main.c:1191
                    kernel_init+0xc/0x111 init/main.c:1109
                    ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
   IN-SOFTIRQ-W at:
                    lock_acquire+0x194/0x410 kernel/locking/lockdep.c:4485
                    __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
                    _raw_spin_lock+0x2d/0x40 kernel/locking/spinlock.c:151
                    spin_lock include/linux/spinlock.h:338 [inline]
                    nf_conntrack_lock+0xd/0x50 net/netfilter/nf_conntrack_core.c:91
                    nf_conntrack_double_lock.isra.30+0xa1/0xb0 net/netfilter/nf_conntrack_core.c:134
                    __nf_conntrack_confirm+0x270/0x26d0 net/netfilter/nf_conntrack_core.c:962
                    nf_conntrack_confirm include/net/netfilter/nf_conntrack_core.h:63 [inline]
                    nf_confirm+0x2e6/0x3b0 net/netfilter/nf_conntrack_proto.c:154
                    ipv4_confirm+0x118/0x230 net/netfilter/nf_conntrack_proto.c:169
                    nf_hook_entry_hookfn include/linux/netfilter.h:135 [inline]
                    nf_hook_slow+0xa3/0x170 net/netfilter/core.c:512
                    nf_hook include/linux/netfilter.h:262 [inline]
                    NF_HOOK include/linux/netfilter.h:305 [inline]
                    ip_local_deliver+0x2ae/0x430 net/ipv4/ip_input.c:252
                    dst_input include/net/dst.h:442 [inline]
                    ip_sublist_rcv_finish+0x87/0x260 net/ipv4/ip_input.c:549
                    ip_list_rcv_finish net/ipv4/ip_input.c:599 [inline]
                    ip_sublist_rcv+0x49a/0x8b0 net/ipv4/ip_input.c:607
                    ip_list_rcv+0x2e9/0x4b8 net/ipv4/ip_input.c:642
                    __netif_receive_skb_list_ptype net/core/dev.c:5193 [inline]
                    __netif_receive_skb_list_core+0x4bd/0x930 net/core/dev.c:5241
                    __netif_receive_skb_list net/core/dev.c:5293 [inline]
                    netif_receive_skb_list_internal+0x61b/0xd60 net/core/dev.c:5388
                    gro_normal_list.part.137+0x19/0xb0 net/core/dev.c:5810
                    gro_normal_list net/core/dev.c:6216 [inline]
                    napi_complete_done+0x164/0x410 net/core/dev.c:6203
                    virtqueue_napi_complete+0x2a/0x70 drivers/net/virtio_net.c:329
                    virtnet_poll+0x9a8/0xe50 drivers/net/virtio_net.c:1432
                    napi_poll net/core/dev.c:6532 [inline]
                    net_rx_action+0x458/0xe40 net/core/dev.c:6600
                    __do_softirq+0x262/0x9a8 kernel/softirq.c:292
                    invoke_softirq kernel/softirq.c:373 [inline]
                    irq_exit+0x19a/0x1d0 kernel/softirq.c:413
                    exiting_irq arch/x86/include/asm/apic.h:536 [inline]
                    do_IRQ+0xe3/0x280 arch/x86/kernel/irq.c:263
                    ret_from_intr+0x0/0x36
                    arch_local_irq_restore arch/x86/include/asm/paravirt.h:752 [inline]
                    lock_acquire+0x212/0x410 kernel/locking/lockdep.c:4488
                    rcu_lock_acquire include/linux/rcupdate.h:208 [inline]
                    rcu_read_lock include/linux/rcupdate.h:617 [inline]
                    avc_has_perm_noaudit+0xc4/0x460 security/selinux/avc.c:1159
                    selinux_inode_permission+0x2b7/0x470 security/selinux/hooks.c:3062
                    security_inode_permission+0x73/0xb0 security/security.c:1202
                    inode_permission+0xbe/0x3b0 fs/namei.c:457
                    may_lookup fs/namei.c:1690 [inline]
                    link_path_walk.part.41+0x16d/0x1550 fs/namei.c:2071
                    link_path_walk fs/namei.c:2059 [inline]
                    path_lookupat.isra.43+0x1aa/0x850 fs/namei.c:2304
                    filename_lookup.part.58+0x15e/0x390 fs/namei.c:2335
                    filename_lookup fs/namei.c:2328 [inline]
                    user_path_at_empty+0x39/0x40 fs/namei.c:2615
                    user_path_at include/linux/namei.h:49 [inline]
                    do_faccessat+0x22a/0x630 fs/open.c:398
                    __do_sys_access fs/open.c:450 [inline]
                    __se_sys_access fs/open.c:448 [inline]
                    __x64_sys_access+0x54/0x80 fs/open.c:448
                    do_syscall_64+0xca/0x5f0 arch/x86/entry/common.c:294
                    entry_SYSCALL_64_after_hwframe+0x49/0xbe
   INITIAL USE at:
                   lock_acquire+0x194/0x410 kernel/locking/lockdep.c:4485
                   __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
                   _raw_spin_lock+0x2d/0x40 kernel/locking/spinlock.c:151
                   spin_lock include/linux/spinlock.h:338 [inline]
                   nf_conntrack_lock+0xd/0x50 net/netfilter/nf_conntrack_core.c:91
                   get_next_corpse net/netfilter/nf_conntrack_core.c:2000 [inline]
                   nf_ct_iterate_cleanup+0x166/0x370 net/netfilter/nf_conntrack_core.c:2034
                   nf_ct_iterate_destroy+0x104/0x130 net/netfilter/nf_conntrack_core.c:2161
                   nf_conntrack_helper_unregister+0x100/0x150 net/netfilter/nf_conntrack_helper.c:469
                   nf_conntrack_helpers_unregister net/netfilter/nf_conntrack_helper.c:532 [inline]
                   nf_conntrack_helpers_register+0x5d/0x80 net/netfilter/nf_conntrack_helper.c:523
                   nf_conntrack_sip_init+0x265/0x28c net/netfilter/nf_conntrack_sip.c:1693
                   do_one_initcall+0xd8/0x5b5 init/main.c:938
                   do_initcall_level init/main.c:1006 [inline]
                   do_initcalls init/main.c:1014 [inline]
                   do_basic_setup init/main.c:1031 [inline]
                   kernel_init_freeable+0x457/0x4f6 init/main.c:1191
                   kernel_init+0xc/0x111 init/main.c:1109
                   ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
 }
 ... key      at: [<ffffffff8b48ea40>] __key.79443+0x0/0x40
 ... acquired at:
   lock_acquire+0x194/0x410 kernel/locking/lockdep.c:4485
   __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
   _raw_spin_lock+0x2d/0x40 kernel/locking/spinlock.c:151
   spin_lock include/linux/spinlock.h:338 [inline]
   sidtab_sid2str_put.part.4+0x31/0x7e0 security/selinux/ss/sidtab.c:533
   sidtab_sid2str_put security/selinux/ss/sidtab.c:594 [inline]
   sidtab_sid2str_get+0x315/0x3ab security/selinux/ss/sidtab.c:594
   sidtab_entry_to_string+0x31/0xf0 security/selinux/ss/services.c:1271
   security_sid_to_context_core.isra.14+0x222/0x350 security/selinux/ss/services.c:1355
   security_sid_to_context+0x20/0x30 security/selinux/ss/services.c:1378
   selinux_secid_to_secctx+0x18/0x20 security/selinux/hooks.c:6470
   security_secid_to_secctx+0x53/0xa0 security/security.c:1917
   ctnetlink_dump_secctx.isra.33+0x8d/0x2c0 net/netfilter/nf_conntrack_netlink.c:335
   ctnetlink_dump_info net/netfilter/nf_conntrack_netlink.c:531 [inline]
   ctnetlink_fill_info+0x610/0xb00 net/netfilter/nf_conntrack_netlink.c:591
   ctnetlink_dump_table+0x595/0xe60 net/netfilter/nf_conntrack_netlink.c:979
   netlink_dump+0x49e/0x10c0 net/netlink/af_netlink.c:2244
   __netlink_dump_start+0x57d/0x8b0 net/netlink/af_netlink.c:2352
   netlink_dump_start include/linux/netlink.h:233 [inline]
   ctnetlink_get_conntrack+0x4a7/0x610 net/netfilter/nf_conntrack_netlink.c:1355
   nfnetlink_rcv_msg+0x92d/0xbf0 net/netfilter/nfnetlink.c:229
   netlink_rcv_skb+0x13c/0x380 net/netlink/af_netlink.c:2477
   nfnetlink_rcv+0x15d/0x3b0 net/netfilter/nfnetlink.c:563
   netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
   netlink_unicast+0x45e/0x6a0 net/netlink/af_netlink.c:1328
   netlink_sendmsg+0x7b0/0xcb0 net/netlink/af_netlink.c:1917
   sock_sendmsg_nosec net/socket.c:639 [inline]
   sock_sendmsg+0xb5/0xf0 net/socket.c:659
   ____sys_sendmsg+0x603/0x950 net/socket.c:2330
   ___sys_sendmsg+0xe4/0x160 net/socket.c:2384
   __sys_sendmsg+0xd9/0x180 net/socket.c:2417
   __do_sys_sendmsg net/socket.c:2426 [inline]
   __se_sys_sendmsg net/socket.c:2424 [inline]
   __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2424
   do_syscall_64+0xca/0x5f0 arch/x86/entry/common.c:294
   entry_SYSCALL_64_after_hwframe+0x49/0xbe


the dependencies between the lock to be acquired
 and SOFTIRQ-irq-unsafe lock:
-> (&(&s->cache_lock)->rlock){+.+.} {
   HARDIRQ-ON-W at:
                    lock_acquire+0x194/0x410 kernel/locking/lockdep.c:4485
                    __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
                    _raw_spin_lock+0x2d/0x40 kernel/locking/spinlock.c:151
                    spin_lock include/linux/spinlock.h:338 [inline]
                    sidtab_sid2str_put.part.4+0x31/0x7e0 security/selinux/ss/sidtab.c:533
                    sidtab_sid2str_put+0x5d/0x90 security/selinux/ss/sidtab.c:566
                    sidtab_entry_to_string+0xb2/0xf0 security/selinux/ss/services.c:1279
                    security_sid_to_context_core.isra.14+0x222/0x350 security/selinux/ss/services.c:1355
                    security_sid_to_context+0x20/0x30 security/selinux/ss/services.c:1378
                    avc_audit_post_callback+0x103/0x660 security/selinux/avc.c:712
                    common_lsm_audit+0x4c2/0x1bf0 security/lsm_audit.c:461
                    slow_avc_audit+0x115/0x1e0 security/selinux/avc.c:797
                    avc_audit security/selinux/include/avc.h:138 [inline]
                    avc_has_perm+0x3c1/0x490 security/selinux/avc.c:1201
                    inode_has_perm+0x164/0x200 security/selinux/hooks.c:1684
                    selinux_mmap_file+0xf2/0x190 security/selinux/hooks.c:3710
                    security_mmap_file+0xcb/0x140 security/security.c:1449
                    vm_mmap_pgoff+0xe7/0x210 mm/util.c:502
                    vm_mmap+0x30/0x40 mm/util.c:525
                    elf_map+0xc7/0x2b0 fs/binfmt_elf.c:377
                    load_elf_binary+0xb6b/0x4b70 fs/binfmt_elf.c:982
                    search_binary_handler+0x11f/0x620 fs/exec.c:1658
                    exec_binprm fs/exec.c:1701 [inline]
                    __do_execve_file.isra.34+0x12bc/0x1fd0 fs/exec.c:1821
                    do_execveat_common fs/exec.c:1867 [inline]
                    do_execve fs/exec.c:1884 [inline]
                    __do_sys_execve fs/exec.c:1960 [inline]
                    __se_sys_execve fs/exec.c:1955 [inline]
                    __x64_sys_execve+0x8a/0xb0 fs/exec.c:1955
                    do_syscall_64+0xca/0x5f0 arch/x86/entry/common.c:294
                    entry_SYSCALL_64_after_hwframe+0x49/0xbe
   SOFTIRQ-ON-W at:
                    lock_acquire+0x194/0x410 kernel/locking/lockdep.c:4485
                    __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
                    _raw_spin_lock+0x2d/0x40 kernel/locking/spinlock.c:151
                    spin_lock include/linux/spinlock.h:338 [inline]
                    sidtab_sid2str_put.part.4+0x31/0x7e0 security/selinux/ss/sidtab.c:533
                    sidtab_sid2str_put+0x5d/0x90 security/selinux/ss/sidtab.c:566
                    sidtab_entry_to_string+0xb2/0xf0 security/selinux/ss/services.c:1279
                    security_sid_to_context_core.isra.14+0x222/0x350 security/selinux/ss/services.c:1355
                    security_sid_to_context+0x20/0x30 security/selinux/ss/services.c:1378
                    avc_audit_post_callback+0x103/0x660 security/selinux/avc.c:712
                    common_lsm_audit+0x4c2/0x1bf0 security/lsm_audit.c:461
                    slow_avc_audit+0x115/0x1e0 security/selinux/avc.c:797
                    avc_audit security/selinux/include/avc.h:138 [inline]
                    avc_has_perm+0x3c1/0x490 security/selinux/avc.c:1201
                    inode_has_perm+0x164/0x200 security/selinux/hooks.c:1684
                    selinux_mmap_file+0xf2/0x190 security/selinux/hooks.c:3710
                    security_mmap_file+0xcb/0x140 security/security.c:1449
                    vm_mmap_pgoff+0xe7/0x210 mm/util.c:502
                    vm_mmap+0x30/0x40 mm/util.c:525
                    elf_map+0xc7/0x2b0 fs/binfmt_elf.c:377
                    load_elf_binary+0xb6b/0x4b70 fs/binfmt_elf.c:982
                    search_binary_handler+0x11f/0x620 fs/exec.c:1658
                    exec_binprm fs/exec.c:1701 [inline]
                    __do_execve_file.isra.34+0x12bc/0x1fd0 fs/exec.c:1821
                    do_execveat_common fs/exec.c:1867 [inline]
                    do_execve fs/exec.c:1884 [inline]
                    __do_sys_execve fs/exec.c:1960 [inline]
                    __se_sys_execve fs/exec.c:1955 [inline]
                    __x64_sys_execve+0x8a/0xb0 fs/exec.c:1955
                    do_syscall_64+0xca/0x5f0 arch/x86/entry/common.c:294
                    entry_SYSCALL_64_after_hwframe+0x49/0xbe
   INITIAL USE at:
                   lock_acquire+0x194/0x410 kernel/locking/lockdep.c:4485
                   __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
                   _raw_spin_lock+0x2d/0x40 kernel/locking/spinlock.c:151
                   spin_lock include/linux/spinlock.h:338 [inline]
                   sidtab_sid2str_put.part.4+0x31/0x7e0 security/selinux/ss/sidtab.c:533
                   sidtab_sid2str_put+0x5d/0x90 security/selinux/ss/sidtab.c:566
                   sidtab_entry_to_string+0xb2/0xf0 security/selinux/ss/services.c:1279
                   security_sid_to_context_core.isra.14+0x222/0x350 security/selinux/ss/services.c:1355
                   security_sid_to_context+0x20/0x30 security/selinux/ss/services.c:1378
                   avc_audit_post_callback+0x103/0x660 security/selinux/avc.c:712
                   common_lsm_audit+0x4c2/0x1bf0 security/lsm_audit.c:461
                   slow_avc_audit+0x115/0x1e0 security/selinux/avc.c:797
                   avc_audit security/selinux/include/avc.h:138 [inline]
                   avc_has_perm+0x3c1/0x490 security/selinux/avc.c:1201
                   inode_has_perm+0x164/0x200 security/selinux/hooks.c:1684
                   selinux_mmap_file+0xf2/0x190 security/selinux/hooks.c:3710
                   security_mmap_file+0xcb/0x140 security/security.c:1449
                   vm_mmap_pgoff+0xe7/0x210 mm/util.c:502
                   vm_mmap+0x30/0x40 mm/util.c:525
                   elf_map+0xc7/0x2b0 fs/binfmt_elf.c:377
                   load_elf_binary+0xb6b/0x4b70 fs/binfmt_elf.c:982
                   search_binary_handler+0x11f/0x620 fs/exec.c:1658
                   exec_binprm fs/exec.c:1701 [inline]
                   __do_execve_file.isra.34+0x12bc/0x1fd0 fs/exec.c:1821
                   do_execveat_common fs/exec.c:1867 [inline]
                   do_execve fs/exec.c:1884 [inline]
                   __do_sys_execve fs/exec.c:1960 [inline]
                   __se_sys_execve fs/exec.c:1955 [inline]
                   __x64_sys_execve+0x8a/0xb0 fs/exec.c:1955
                   do_syscall_64+0xca/0x5f0 arch/x86/entry/common.c:294
                   entry_SYSCALL_64_after_hwframe+0x49/0xbe
 }
 ... key      at: [<ffffffff8aac1aa0>] __key.69071+0x0/0x40
 ... acquired at:
   lock_acquire+0x194/0x410 kernel/locking/lockdep.c:4485
   __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
   _raw_spin_lock+0x2d/0x40 kernel/locking/spinlock.c:151
   spin_lock include/linux/spinlock.h:338 [inline]
   sidtab_sid2str_put.part.4+0x31/0x7e0 security/selinux/ss/sidtab.c:533
   sidtab_sid2str_put security/selinux/ss/sidtab.c:594 [inline]
   sidtab_sid2str_get+0x315/0x3ab security/selinux/ss/sidtab.c:594
   sidtab_entry_to_string+0x31/0xf0 security/selinux/ss/services.c:1271
   security_sid_to_context_core.isra.14+0x222/0x350 security/selinux/ss/services.c:1355
   security_sid_to_context+0x20/0x30 security/selinux/ss/services.c:1378
   selinux_secid_to_secctx+0x18/0x20 security/selinux/hooks.c:6470
   security_secid_to_secctx+0x53/0xa0 security/security.c:1917
   ctnetlink_dump_secctx.isra.33+0x8d/0x2c0 net/netfilter/nf_conntrack_netlink.c:335
   ctnetlink_dump_info net/netfilter/nf_conntrack_netlink.c:531 [inline]
   ctnetlink_fill_info+0x610/0xb00 net/netfilter/nf_conntrack_netlink.c:591
   ctnetlink_dump_table+0x595/0xe60 net/netfilter/nf_conntrack_netlink.c:979
   netlink_dump+0x49e/0x10c0 net/netlink/af_netlink.c:2244
   __netlink_dump_start+0x57d/0x8b0 net/netlink/af_netlink.c:2352
   netlink_dump_start include/linux/netlink.h:233 [inline]
   ctnetlink_get_conntrack+0x4a7/0x610 net/netfilter/nf_conntrack_netlink.c:1355
   nfnetlink_rcv_msg+0x92d/0xbf0 net/netfilter/nfnetlink.c:229
   netlink_rcv_skb+0x13c/0x380 net/netlink/af_netlink.c:2477
   nfnetlink_rcv+0x15d/0x3b0 net/netfilter/nfnetlink.c:563
   netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
   netlink_unicast+0x45e/0x6a0 net/netlink/af_netlink.c:1328
   netlink_sendmsg+0x7b0/0xcb0 net/netlink/af_netlink.c:1917
   sock_sendmsg_nosec net/socket.c:639 [inline]
   sock_sendmsg+0xb5/0xf0 net/socket.c:659
   ____sys_sendmsg+0x603/0x950 net/socket.c:2330
   ___sys_sendmsg+0xe4/0x160 net/socket.c:2384
   __sys_sendmsg+0xd9/0x180 net/socket.c:2417
   __do_sys_sendmsg net/socket.c:2426 [inline]
   __se_sys_sendmsg net/socket.c:2424 [inline]
   __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2424
   do_syscall_64+0xca/0x5f0 arch/x86/entry/common.c:294
   entry_SYSCALL_64_after_hwframe+0x49/0xbe


stack backtrace:
CPU: 1 PID: 8737 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x12d/0x187 lib/dump_stack.c:118
 print_bad_irq_dependency kernel/locking/lockdep.c:2095 [inline]
 check_irq_usage.cold.62+0x57e/0x6d8 kernel/locking/lockdep.c:2293
 check_prev_add kernel/locking/lockdep.c:2480 [inline]
 check_prevs_add kernel/locking/lockdep.c:2581 [inline]
 validate_chain kernel/locking/lockdep.c:2971 [inline]
 __lock_acquire+0x28b7/0x4ef0 kernel/locking/lockdep.c:3955
 lock_acquire+0x194/0x410 kernel/locking/lockdep.c:4485
 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
 _raw_spin_lock+0x2d/0x40 kernel/locking/spinlock.c:151
 spin_lock include/linux/spinlock.h:338 [inline]
 sidtab_sid2str_put.part.4+0x31/0x7e0 security/selinux/ss/sidtab.c:533
 sidtab_sid2str_put security/selinux/ss/sidtab.c:594 [inline]
 sidtab_sid2str_get+0x315/0x3ab security/selinux/ss/sidtab.c:594
 sidtab_entry_to_string+0x31/0xf0 security/selinux/ss/services.c:1271
 security_sid_to_context_core.isra.14+0x222/0x350 security/selinux/ss/services.c:1355
 security_sid_to_context+0x20/0x30 security/selinux/ss/services.c:1378
 selinux_secid_to_secctx+0x18/0x20 security/selinux/hooks.c:6470
 security_secid_to_secctx+0x53/0xa0 security/security.c:1917
 ctnetlink_dump_secctx.isra.33+0x8d/0x2c0 net/netfilter/nf_conntrack_netlink.c:335
 ctnetlink_dump_info net/netfilter/nf_conntrack_netlink.c:531 [inline]
 ctnetlink_fill_info+0x610/0xb00 net/netfilter/nf_conntrack_netlink.c:591
 ctnetlink_dump_table+0x595/0xe60 net/netfilter/nf_conntrack_netlink.c:979
 netlink_dump+0x49e/0x10c0 net/netlink/af_netlink.c:2244
 __netlink_dump_start+0x57d/0x8b0 net/netlink/af_netlink.c:2352
 netlink_dump_start include/linux/netlink.h:233 [inline]
 ctnetlink_get_conntrack+0x4a7/0x610 net/netfilter/nf_conntrack_netlink.c:1355
 nfnetlink_rcv_msg+0x92d/0xbf0 net/netfilter/nfnetlink.c:229
 netlink_rcv_skb+0x13c/0x380 net/netlink/af_netlink.c:2477
 nfnetlink_rcv+0x15d/0x3b0 net/netfilter/nfnetlink.c:563
 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
 netlink_unicast+0x45e/0x6a0 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x7b0/0xcb0 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:639 [inline]
 sock_sendmsg+0xb5/0xf0 net/socket.c:659
 ____sys_sendmsg+0x603/0x950 net/socket.c:2330
 ___sys_sendmsg+0xe4/0x160 net/socket.c:2384
 __sys_sendmsg+0xd9/0x180 net/socket.c:2417
 __do_sys_sendmsg net/socket.c:2426 [inline]
 __se_sys_sendmsg net/socket.c:2424 [inline]
 __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2424
 do_syscall_64+0xca/0x5f0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45b349
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fdf65e57c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fdf65e586d4 RCX: 000000000045b349
RDX: 0000000000000000 RSI: 0000000020d65000 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000009c0 R14: 00000000004cb312 R15: 000000000075bf2c