bisecting cause commit starting from 5fa35f247b563a7893f3f68f19d00ace2ccf3dff
building syzkaller on 18d7d030e5660609a142ba7a2ea55d5e72fd23a2
testing commit 5fa35f247b563a7893f3f68f19d00ace2ccf3dff with gcc (GCC) 8.1.0
kernel signature: 78c20109939cf3cb16b719a7cafa2694c60fbf8fa92bc57219c8bb3059728d35
run #0: crashed: possible deadlock in xfrm_policy_lookup
run #1: crashed: possible deadlock in xfrm_policy_lookup
run #2: crashed: possible deadlock in xfrm_policy_lookup
run #3: crashed: inconsistent lock state in xfrm_user_rcv_msg
run #4: crashed: possible deadlock in xfrm_policy_lookup
run #5: crashed: possible deadlock in xfrm_policy_lookup
run #6: crashed: possible deadlock in xfrm_policy_lookup
run #7: crashed: possible deadlock in xfrm_policy_lookup
run #8: crashed: possible deadlock in xfrm_policy_lookup
run #9: crashed: possible deadlock in xfrm_policy_lookup
testing release v5.8
testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0
kernel signature: 012cf81f698d53ec87f34ea55a6c8b9d4dc96556715174752c563ed849839d7a
all runs: OK
# git bisect start 5fa35f247b563a7893f3f68f19d00ace2ccf3dff bcf876870b95592b52519ed4aafcf9d95999bc9c
Bisecting: 11697 revisions left to test after this (roughly 14 steps)
[449dc8c97089a6e09fb2dac4d92b1b7ac0eb7c1e] Merge tag 'for-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply
testing commit 449dc8c97089a6e09fb2dac4d92b1b7ac0eb7c1e with gcc (GCC) 8.1.0
kernel signature: 68f02d5c282c438a1382aae931e3a9e80f7f48aeeffa352f4b4d9bc8870ae1d5
all runs: OK
# git bisect good 449dc8c97089a6e09fb2dac4d92b1b7ac0eb7c1e
Bisecting: 5953 revisions left to test after this (roughly 13 steps)
[83571b11d1e0874b763ec066d8edb193b382b2e8] Merge remote-tracking branch 'jc_docs/docs-next' into master
testing commit 83571b11d1e0874b763ec066d8edb193b382b2e8 with gcc (GCC) 8.1.0
kernel signature: 344b2576a92f178d7cc1aa173275457e9dea6e036dd2ebba9d4dd03774d2e3ea
all runs: OK
# git bisect good 83571b11d1e0874b763ec066d8edb193b382b2e8
Bisecting: 2956 revisions left to test after this (roughly 12 steps)
[b97e93a9dd79007d5ff17c814af748f6c8621a74] Merge remote-tracking branch 'drm-misc/for-linux-next' into master
testing commit b97e93a9dd79007d5ff17c814af748f6c8621a74 with gcc (GCC) 8.1.0
kernel signature: ba402761ddfbcc7bdbc0f6ff1d118b5c9d5ccc70459baa0a1fe1eb5013c1feb4
all runs: OK
# git bisect good b97e93a9dd79007d5ff17c814af748f6c8621a74
Bisecting: 1479 revisions left to test after this (roughly 11 steps)
[cf5ec9efaf35f651f77440b08ccca7b7631bc1de] Merge remote-tracking branch 'rcu/rcu/next' into master
testing commit cf5ec9efaf35f651f77440b08ccca7b7631bc1de with gcc (GCC) 8.1.0
kernel signature: 60ab49e3de196f5d8355b95be7bf1d23c436f9aad4dfcc125afcf8ef6431e2aa
all runs: crashed: possible deadlock in xfrm_policy_lookup
# git bisect bad cf5ec9efaf35f651f77440b08ccca7b7631bc1de
Bisecting: 731 revisions left to test after this (roughly 10 steps)
[6008725613cd096b6664fe0d43a7b33136a956bc] Merge remote-tracking branch 'selinux/next' into master
testing commit 6008725613cd096b6664fe0d43a7b33136a956bc with gcc (GCC) 8.1.0
kernel signature: 095acbbbed1c2efdb67bb6a3f14a279d542b667949776178845a4e3e6804dab8
all runs: OK
# git bisect good 6008725613cd096b6664fe0d43a7b33136a956bc
Bisecting: 381 revisions left to test after this (roughly 9 steps)
[e524f5c7cbd0a3a68269a50262c31c8f368e2f1b] Merge branch 'core/build'
testing commit e524f5c7cbd0a3a68269a50262c31c8f368e2f1b with gcc (GCC) 8.1.0
kernel signature: 4db3da4bcf76168a7f933205a1660f348b9616fe1ef9028204e8017863b1b4ea
all runs: crashed: possible deadlock in xfrm_policy_lookup
# git bisect bad e524f5c7cbd0a3a68269a50262c31c8f368e2f1b
Bisecting: 182 revisions left to test after this (roughly 8 steps)
[ac3a5e30263f99ed60464188bb883b42c60c9d6e] Merge branch 'timers/core'
testing commit ac3a5e30263f99ed60464188bb883b42c60c9d6e with gcc (GCC) 8.1.0
kernel signature: 1d8e8f87012960e004e4539e6ce18261b9467f281acaf19f812417bcc675d210
all runs: OK
# git bisect good ac3a5e30263f99ed60464188bb883b42c60c9d6e
Bisecting: 77 revisions left to test after this (roughly 7 steps)
[c3803e61269bbea8c8eb2a812f6e574520ce6b0a] Merge branch 'objtool/core'
testing commit c3803e61269bbea8c8eb2a812f6e574520ce6b0a with gcc (GCC) 8.1.0
kernel signature: 2713f41b82f07db6bd0a3cc82d61923772a2a19368d0dd1f4b94b75f320cf524
all runs: OK
# git bisect good c3803e61269bbea8c8eb2a812f6e574520ce6b0a
Bisecting: 38 revisions left to test after this (roughly 5 steps)
[92464020f115e3155fb4c7ce3412744f20c062cc] Merge branch 'locking/core'
testing commit 92464020f115e3155fb4c7ce3412744f20c062cc with gcc (GCC) 8.1.0
kernel signature: 156592d7e59bfaf65f7663fdf682c190bef509bb07e944bbf3f0d141c0ae5219
run #0: crashed: possible deadlock in xfrm_policy_lookup
run #1: crashed: inconsistent lock state in xfrm_user_rcv_msg
run #2: crashed: possible deadlock in xfrm_policy_lookup
run #3: crashed: possible deadlock in xfrm_policy_lookup
run #4: crashed: possible deadlock in xfrm_policy_lookup
run #5: crashed: possible deadlock in xfrm_policy_lookup
run #6: crashed: possible deadlock in xfrm_policy_lookup
run #7: crashed: possible deadlock in xfrm_policy_lookup
run #8: crashed: possible deadlock in xfrm_policy_lookup
run #9: crashed: possible deadlock in xfrm_policy_lookup
# git bisect bad 92464020f115e3155fb4c7ce3412744f20c062cc
Bisecting: 19 revisions left to test after this (roughly 4 steps)
[31e0d747708272356bee9b6a1b90c1e6525b0f6d] lockdep/selftest: Unleash irq_read_recursion2 and add more
testing commit 31e0d747708272356bee9b6a1b90c1e6525b0f6d with gcc (GCC) 8.1.0
kernel signature: 24d96ec316e90ad0aef588a7ba228b165d633851e6f5b03775f020a12612cbca
all runs: OK
# git bisect good 31e0d747708272356bee9b6a1b90c1e6525b0f6d
Bisecting: 9 revisions left to test after this (roughly 3 steps)
[a1f1066133d85d5f42217cc72a2490bb7aa889c5] x86/tsc: Use seqcount_latch_t
testing commit a1f1066133d85d5f42217cc72a2490bb7aa889c5 with gcc (GCC) 8.1.0
kernel signature: 32689072bc6cce8ea4581116bf372872391ff999037a686bb1f2cee1a1ddcaff
all runs: OK
# git bisect good a1f1066133d85d5f42217cc72a2490bb7aa889c5
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[52ac39e5db5148f70392edb654ad882ac8da88a8] seqlock: seqcount_t: Implement all read APIs as statement expressions
testing commit 52ac39e5db5148f70392edb654ad882ac8da88a8 with gcc (GCC) 8.1.0
kernel signature: 4e955d33592e3949af8f0036b45239193212b29270f6d97e41060c68c54595f9
all runs: OK
# git bisect good 52ac39e5db5148f70392edb654ad882ac8da88a8
Bisecting: 2 revisions left to test after this (roughly 1 step)
[1909760f5fc3f123e47b4e24e0ccdc0fc8f3f106] seqlock: PREEMPT_RT: Do not starve seqlock_t writers
testing commit 1909760f5fc3f123e47b4e24e0ccdc0fc8f3f106 with gcc (GCC) 8.1.0
kernel signature: 5c610e45bbe1dacb3c69fc132a5b7579b0db45223b5f6ecb6a97d6b424a99173
run #0: crashed: inconsistent lock state in xfrm_user_rcv_msg
run #1: crashed: possible deadlock in xfrm_policy_lookup
run #2: crashed: possible deadlock in xfrm_policy_lookup
run #3: crashed: possible deadlock in xfrm_policy_lookup
run #4: crashed: inconsistent lock state in xfrm_policy_find_inexact_candidates
run #5: crashed: inconsistent lock state in xfrm_user_rcv_msg
run #6: crashed: possible deadlock in xfrm_policy_lookup
run #7: crashed: possible deadlock in xfrm_policy_lookup
run #8: crashed: possible deadlock in xfrm_policy_lookup
run #9: crashed: possible deadlock in xfrm_policy_lookup
# git bisect bad 1909760f5fc3f123e47b4e24e0ccdc0fc8f3f106
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[8117ab508f9c476e0a10b9db7f4818f784cf3176] seqlock: seqcount_LOCKNAME_t: Introduce PREEMPT_RT support
testing commit 8117ab508f9c476e0a10b9db7f4818f784cf3176 with gcc (GCC) 8.1.0
kernel signature: 09fbd5f73300aef9459af9608abea3eadf447f09db47d4958f755ec79fddc05c
all runs: OK
# git bisect good 8117ab508f9c476e0a10b9db7f4818f784cf3176
1909760f5fc3f123e47b4e24e0ccdc0fc8f3f106 is the first bad commit
commit 1909760f5fc3f123e47b4e24e0ccdc0fc8f3f106
Author: Ahmed S. Darwish <a.darwish@linutronix.de>
Date:   Fri Sep 4 17:32:31 2020 +0200

    seqlock: PREEMPT_RT: Do not starve seqlock_t writers
    
    On PREEMPT_RT, seqlock_t is transformed to a sleeping lock that do not
    disable preemption. A seqlock_t reader can thus preempt its write side
    section and spin for the enter scheduler tick. If that reader belongs to
    a real-time scheduling class, it can spin forever and the kernel will
    livelock.
    
    To break this livelock possibility on PREEMPT_RT, implement seqlock_t in
    terms of "seqcount_spinlock_t" instead of plain "seqcount_t".
    
    Beside its pure annotational value, this will leverage the existing
    seqcount_LOCKNAME_T PREEMPT_RT anti-livelock mechanisms, without adding
    any extra code.
    
    Signed-off-by: Ahmed S. Darwish <a.darwish@linutronix.de>
    Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
    Link: https://lkml.kernel.org/r/20200904153231.11994-6-a.darwish@linutronix.de

 include/linux/seqlock.h | 32 +++++++++++++++++++++-----------
 1 file changed, 21 insertions(+), 11 deletions(-)
culprit signature: 5c610e45bbe1dacb3c69fc132a5b7579b0db45223b5f6ecb6a97d6b424a99173
parent  signature: 09fbd5f73300aef9459af9608abea3eadf447f09db47d4958f755ec79fddc05c
revisions tested: 16, total time: 3h21m40.251729263s (build: 1h17m18.948659794s, test: 2h2m19.029791331s)
first bad commit: 1909760f5fc3f123e47b4e24e0ccdc0fc8f3f106 seqlock: PREEMPT_RT: Do not starve seqlock_t writers
recipients (to): ["a.darwish@linutronix.de" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "peterz@infradead.org" "peterz@infradead.org" "will@kernel.org"]
recipients (cc): []
crash: possible deadlock in xfrm_policy_lookup
========================================================
WARNING: possible irq lock inversion dependency detected
5.9.0-rc2-syzkaller #0 Not tainted
--------------------------------------------------------
syz-executor.4/6958 just changed the state of lock:
ffffffff8464c688 (&s->seqcount#10){+..-}-{0:0}, at: xfrm_policy_lookup+0x2c/0x60 net/xfrm/xfrm_policy.c:2139
but this lock took another, SOFTIRQ-unsafe lock in the past:
 (&s->seqcount#9){+.+.}-{0:0}


and interrupts could create inverse lock ordering between them.


other info that might help us debug this:
 Possible interrupt unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&s->seqcount#9);
                               local_irq_disable();
                               lock(&s->seqcount#10);
                               lock(&s->seqcount#9);
  <Interrupt>
    lock(&s->seqcount#10);

 *** DEADLOCK ***

4 locks held by syz-executor.4/6958:
 #0: ffffffff84532968 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff84532968 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x14a/0x480 net/core/rtnetlink.c:5560
 #1: ffffc90000003ea8 ((&idev->mc_ifc_timer)){+.-.}-{0:0}, at: call_timer_fn+0x0/0x330 kernel/time/timer.c:1110
 #2: ffffffff842f5dc0 (rcu_read_lock){....}-{1:2}, at: mld_sendpack+0x0/0x390 include/linux/netfilter.h:261
 #3: ffffffff842f5dc0 (rcu_read_lock){....}-{1:2}, at: xfrm_policy_lookup_bytype+0xa5/0x750 net/xfrm/xfrm_policy.c:2082

the shortest dependencies between 2nd lock and 1st lock:
 -> (&s->seqcount#9){+.+.}-{0:0} {
    HARDIRQ-ON-W at:
                      lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5375
                      write_seqcount_t_begin_nested include/linux/seqlock.h:509 [inline]
                      write_seqcount_t_begin include/linux/seqlock.h:535 [inline]
                      write_seqlock include/linux/seqlock.h:883 [inline]
                      xfrm_set_spdinfo+0xcf/0x160 net/xfrm/xfrm_user.c:1185
                      xfrm_user_rcv_msg+0x115/0x1e0 net/xfrm/xfrm_user.c:2684
                      netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470
                      xfrm_netlink_rcv+0x2d/0x40 net/xfrm/xfrm_user.c:2692
                      netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
                      netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330
                      netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919
                      sock_sendmsg_nosec net/socket.c:651 [inline]
                      sock_sendmsg+0x2b/0x40 net/socket.c:671
                      ____sys_sendmsg+0x1ed/0x230 net/socket.c:2353
                      ___sys_sendmsg+0x77/0xb0 net/socket.c:2407
                      __sys_sendmsg+0x52/0xa0 net/socket.c:2440
                      do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
                      entry_SYSCALL_64_after_hwframe+0x44/0xa9
    SOFTIRQ-ON-W at:
                      lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5375
                      write_seqcount_t_begin_nested include/linux/seqlock.h:509 [inline]
                      write_seqcount_t_begin include/linux/seqlock.h:535 [inline]
                      write_seqlock include/linux/seqlock.h:883 [inline]
                      xfrm_set_spdinfo+0xcf/0x160 net/xfrm/xfrm_user.c:1185
                      xfrm_user_rcv_msg+0x115/0x1e0 net/xfrm/xfrm_user.c:2684
                      netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470
                      xfrm_netlink_rcv+0x2d/0x40 net/xfrm/xfrm_user.c:2692
                      netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
                      netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330
                      netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919
                      sock_sendmsg_nosec net/socket.c:651 [inline]
                      sock_sendmsg+0x2b/0x40 net/socket.c:671
                      ____sys_sendmsg+0x1ed/0x230 net/socket.c:2353
                      ___sys_sendmsg+0x77/0xb0 net/socket.c:2407
                      __sys_sendmsg+0x52/0xa0 net/socket.c:2440
                      do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
                      entry_SYSCALL_64_after_hwframe+0x44/0xa9
    INITIAL USE at:
                     lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5375
                     write_seqcount_t_begin_nested include/linux/seqlock.h:509 [inline]
                     write_seqcount_t_begin include/linux/seqlock.h:535 [inline]
                     write_seqlock include/linux/seqlock.h:883 [inline]
                     xfrm_set_spdinfo+0xcf/0x160 net/xfrm/xfrm_user.c:1185
                     xfrm_user_rcv_msg+0x115/0x1e0 net/xfrm/xfrm_user.c:2684
                     netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470
                     xfrm_netlink_rcv+0x2d/0x40 net/xfrm/xfrm_user.c:2692
                     netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
                     netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330
                     netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919
                     sock_sendmsg_nosec net/socket.c:651 [inline]
                     sock_sendmsg+0x2b/0x40 net/socket.c:671
                     ____sys_sendmsg+0x1ed/0x230 net/socket.c:2353
                     ___sys_sendmsg+0x77/0xb0 net/socket.c:2407
                     __sys_sendmsg+0x52/0xa0 net/socket.c:2440
                     do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
                     entry_SYSCALL_64_after_hwframe+0x44/0xa9
  }
  ... key      at: [<ffffffff868c6e80>] __key.11207+0x0/0x10
  ... acquired at:
   write_seqcount_t_begin_nested include/linux/seqlock.h:509 [inline]
   write_seqcount_t_begin include/linux/seqlock.h:535 [inline]
   __xfrm_policy_inexact_prune_bin+0x4d/0x600 net/xfrm/xfrm_policy.c:1077
   __xfrm_policy_inexact_flush+0x34/0x70 net/xfrm/xfrm_policy.c:1111
   xfrm_hash_rebuild+0x360/0x5a0 net/xfrm/xfrm_policy.c:1346
   process_one_work+0x26a/0x5f0 kernel/workqueue.c:2269
   worker_thread+0x38/0x380 kernel/workqueue.c:2415
   kthread+0x148/0x170 kernel/kthread.c:292
   ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

-> (&s->seqcount#10){+..-}-{0:0} {
   HARDIRQ-ON-W at:
                    lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5375
                    write_seqcount_t_begin_nested include/linux/seqlock.h:509 [inline]
                    write_seqcount_t_begin include/linux/seqlock.h:535 [inline]
                    xfrm_hash_rebuild+0x13b/0x5a0 net/xfrm/xfrm_policy.c:1238
                    process_one_work+0x26a/0x5f0 kernel/workqueue.c:2269
                    worker_thread+0x38/0x380 kernel/workqueue.c:2415
                    kthread+0x148/0x170 kernel/kthread.c:292
                    ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
   IN-SOFTIRQ-R at:
                    lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5375
                    seqcount_lockdep_reader_access include/linux/seqlock.h:103 [inline]
                    xfrm_policy_lookup_bytype+0x246/0x750 net/xfrm/xfrm_policy.c:2088
                    xfrm_policy_lookup+0x2c/0x60 net/xfrm/xfrm_policy.c:2139
                    xfrm_bundle_lookup net/xfrm/xfrm_policy.c:2944 [inline]
                    xfrm_lookup_with_ifid+0x249/0x960 net/xfrm/xfrm_policy.c:3085
                    mld_sendpack+0x190/0x390 net/ipv6/mcast.c:1668
                    mld_send_cr net/ipv6/mcast.c:1975 [inline]
                    mld_ifc_timer_expire+0x1b0/0x340 net/ipv6/mcast.c:2474
                    call_timer_fn+0xa7/0x330 kernel/time/timer.c:1413
                    expire_timers kernel/time/timer.c:1458 [inline]
                    __run_timers kernel/time/timer.c:1755 [inline]
                    run_timer_softirq+0x20d/0x580 kernel/time/timer.c:1768
                    __do_softirq+0xee/0x55a kernel/softirq.c:298
                    asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706
                    __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline]
                    run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline]
                    do_softirq_own_stack+0x73/0x90 arch/x86/kernel/irq_64.c:77
                    do_softirq.part.16+0x98/0xc0 kernel/softirq.c:343
                    do_softirq kernel/softirq.c:335 [inline]
                    __local_bh_enable_ip+0x121/0x130 kernel/softirq.c:195
                    spin_unlock_bh include/linux/spinlock.h:399 [inline]
                    netif_addr_unlock_bh include/linux/netdevice.h:4281 [inline]
                    dev_uc_add+0x62/0x70 net/core/dev_addr_lists.c:593
                    macvlan_open+0x180/0x1f0 drivers/net/macvlan.c:631
                    __dev_open+0xdd/0x170 net/core/dev.c:1521
                    __dev_change_flags+0x19f/0x210 net/core/dev.c:8284
                    dev_change_flags+0x1e/0x60 net/core/dev.c:8355
                    do_setlink+0x2ff/0x10b0 net/core/rtnetlink.c:2706
                    __rtnl_newlink+0x538/0x8a0 net/core/rtnetlink.c:3374
                    rtnl_newlink+0x3e/0x60 net/core/rtnetlink.c:3500
                    rtnetlink_rcv_msg+0x173/0x480 net/core/rtnetlink.c:5563
                    netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470
                    netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
                    netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330
                    netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919
                    sock_sendmsg_nosec net/socket.c:651 [inline]
                    sock_sendmsg+0x2b/0x40 net/socket.c:671
                    __sys_sendto+0xec/0x160 net/socket.c:1992
                    __do_sys_sendto net/socket.c:2004 [inline]
                    __se_sys_sendto net/socket.c:2000 [inline]
                    __x64_sys_sendto+0x1f/0x30 net/socket.c:2000
                    do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
                    entry_SYSCALL_64_after_hwframe+0x44/0xa9
   INITIAL USE at:
                   lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5375
                   write_seqcount_t_begin_nested include/linux/seqlock.h:509 [inline]
                   write_seqcount_t_begin include/linux/seqlock.h:535 [inline]
                   xfrm_hash_rebuild+0x13b/0x5a0 net/xfrm/xfrm_policy.c:1238
                   process_one_work+0x26a/0x5f0 kernel/workqueue.c:2269
                   worker_thread+0x38/0x380 kernel/workqueue.c:2415
                   kthread+0x148/0x170 kernel/kthread.c:292
                   ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
 }
 ... key      at: [<ffffffff868c6da0>] __key.11271+0x0/0x10
 ... acquired at:
   mark_usage kernel/locking/lockdep.c:4260 [inline]
   __lock_acquire+0x847/0x17f0 kernel/locking/lockdep.c:4735
   lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5375
   seqcount_lockdep_reader_access include/linux/seqlock.h:103 [inline]
   xfrm_policy_lookup_bytype+0x246/0x750 net/xfrm/xfrm_policy.c:2088
   xfrm_policy_lookup+0x2c/0x60 net/xfrm/xfrm_policy.c:2139
   xfrm_bundle_lookup net/xfrm/xfrm_policy.c:2944 [inline]
   xfrm_lookup_with_ifid+0x249/0x960 net/xfrm/xfrm_policy.c:3085
   mld_sendpack+0x190/0x390 net/ipv6/mcast.c:1668
   mld_send_cr net/ipv6/mcast.c:1975 [inline]
   mld_ifc_timer_expire+0x1b0/0x340 net/ipv6/mcast.c:2474
   call_timer_fn+0xa7/0x330 kernel/time/timer.c:1413
   expire_timers kernel/time/timer.c:1458 [inline]
   __run_timers kernel/time/timer.c:1755 [inline]
   run_timer_softirq+0x20d/0x580 kernel/time/timer.c:1768
   __do_softirq+0xee/0x55a kernel/softirq.c:298
   asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706
   __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline]
   run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline]
   do_softirq_own_stack+0x73/0x90 arch/x86/kernel/irq_64.c:77
   do_softirq.part.16+0x98/0xc0 kernel/softirq.c:343
   do_softirq kernel/softirq.c:335 [inline]
   __local_bh_enable_ip+0x121/0x130 kernel/softirq.c:195
   spin_unlock_bh include/linux/spinlock.h:399 [inline]
   netif_addr_unlock_bh include/linux/netdevice.h:4281 [inline]
   dev_uc_add+0x62/0x70 net/core/dev_addr_lists.c:593
   macvlan_open+0x180/0x1f0 drivers/net/macvlan.c:631
   __dev_open+0xdd/0x170 net/core/dev.c:1521
   __dev_change_flags+0x19f/0x210 net/core/dev.c:8284
   dev_change_flags+0x1e/0x60 net/core/dev.c:8355
   do_setlink+0x2ff/0x10b0 net/core/rtnetlink.c:2706
   __rtnl_newlink+0x538/0x8a0 net/core/rtnetlink.c:3374
   rtnl_newlink+0x3e/0x60 net/core/rtnetlink.c:3500
   rtnetlink_rcv_msg+0x173/0x480 net/core/rtnetlink.c:5563
   netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470
   netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
   netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330
   netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919
   sock_sendmsg_nosec net/socket.c:651 [inline]
   sock_sendmsg+0x2b/0x40 net/socket.c:671
   __sys_sendto+0xec/0x160 net/socket.c:1992
   __do_sys_sendto net/socket.c:2004 [inline]
   __se_sys_sendto net/socket.c:2000 [inline]
   __x64_sys_sendto+0x1f/0x30 net/socket.c:2000
   do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
   entry_SYSCALL_64_after_hwframe+0x44/0xa9


stack backtrace:
CPU: 0 PID: 6958 Comm: syz-executor.4 Not tainted 5.9.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xa3/0xcc lib/dump_stack.c:118
 check_usage_forwards kernel/locking/lockdep.c:3803 [inline]
 mark_lock_irq kernel/locking/lockdep.c:3935 [inline]
 mark_lock+0x3b9/0x460 kernel/locking/lockdep.c:4361
 mark_usage kernel/locking/lockdep.c:4260 [inline]
 __lock_acquire+0x847/0x17f0 kernel/locking/lockdep.c:4735
 lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5375
 seqcount_lockdep_reader_access include/linux/seqlock.h:103 [inline]
 xfrm_policy_lookup_bytype+0x246/0x750 net/xfrm/xfrm_policy.c:2088
 xfrm_policy_lookup+0x2c/0x60 net/xfrm/xfrm_policy.c:2139
 xfrm_bundle_lookup net/xfrm/xfrm_policy.c:2944 [inline]
 xfrm_lookup_with_ifid+0x249/0x960 net/xfrm/xfrm_policy.c:3085
 mld_sendpack+0x190/0x390 net/ipv6/mcast.c:1668
 mld_send_cr net/ipv6/mcast.c:1975 [inline]
 mld_ifc_timer_expire+0x1b0/0x340 net/ipv6/mcast.c:2474
 call_timer_fn+0xa7/0x330 kernel/time/timer.c:1413
 expire_timers kernel/time/timer.c:1458 [inline]
 __run_timers kernel/time/timer.c:1755 [inline]
 run_timer_softirq+0x20d/0x580 kernel/time/timer.c:1768
 __do_softirq+0xee/0x55a kernel/softirq.c:298
 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline]
 do_softirq_own_stack+0x73/0x90 arch/x86/kernel/irq_64.c:77
 do_softirq.part.16+0x98/0xc0 kernel/softirq.c:343
 do_softirq kernel/softirq.c:335 [inline]
 __local_bh_enable_ip+0x121/0x130 kernel/softirq.c:195
 spin_unlock_bh include/linux/spinlock.h:399 [inline]
 netif_addr_unlock_bh include/linux/netdevice.h:4281 [inline]
 dev_uc_add+0x62/0x70 net/core/dev_addr_lists.c:593
 macvlan_open+0x180/0x1f0 drivers/net/macvlan.c:631
 __dev_open+0xdd/0x170 net/core/dev.c:1521
 __dev_change_flags+0x19f/0x210 net/core/dev.c:8284
 dev_change_flags+0x1e/0x60 net/core/dev.c:8355
 do_setlink+0x2ff/0x10b0 net/core/rtnetlink.c:2706
 __rtnl_newlink+0x538/0x8a0 net/core/rtnetlink.c:3374
 rtnl_newlink+0x3e/0x60 net/core/rtnetlink.c:3500
 rtnetlink_rcv_msg+0x173/0x480 net/core/rtnetlink.c:5563
 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470
 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
 netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330
 netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0x2b/0x40 net/socket.c:671
 __sys_sendto+0xec/0x160 net/socket.c:1992
 __do_sys_sendto net/socket.c:2004 [inline]
 __se_sys_sendto net/socket.c:2000 [inline]
 __x64_sys_sendto+0x1f/0x30 net/socket.c:2000
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x4170c7
Code: 2c 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 81 19 00 00 c3 48 83 ec 08 e8 87 fa ff ff 48 89 04 24 49 89 ca b8 2c 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 cd fa ff ff 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:00007ffe49befc40 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00000000016a3700 RCX: 00000000004170c7
RDX: 000000000000002c RSI: 00000000016a3750 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffe49befc50 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00000000016a3750 R15: 0000000000000003