======================================================== WARNING: possible irq lock inversion dependency detected 5.9.0-rc2-syzkaller #0 Not tainted -------------------------------------------------------- syz-executor.4/6958 just changed the state of lock: ffffffff8464c688 (&s->seqcount#10){+..-}-{0:0}, at: xfrm_policy_lookup+0x2c/0x60 net/xfrm/xfrm_policy.c:2139 but this lock took another, SOFTIRQ-unsafe lock in the past: (&s->seqcount#9){+.+.}-{0:0} and interrupts could create inverse lock ordering between them. other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&s->seqcount#9); local_irq_disable(); lock(&s->seqcount#10); lock(&s->seqcount#9); lock(&s->seqcount#10); *** DEADLOCK *** 4 locks held by syz-executor.4/6958: #0: ffffffff84532968 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff84532968 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x14a/0x480 net/core/rtnetlink.c:5560 #1: ffffc90000003ea8 ((&idev->mc_ifc_timer)){+.-.}-{0:0}, at: call_timer_fn+0x0/0x330 kernel/time/timer.c:1110 #2: ffffffff842f5dc0 (rcu_read_lock){....}-{1:2}, at: mld_sendpack+0x0/0x390 include/linux/netfilter.h:261 #3: ffffffff842f5dc0 (rcu_read_lock){....}-{1:2}, at: xfrm_policy_lookup_bytype+0xa5/0x750 net/xfrm/xfrm_policy.c:2082 the shortest dependencies between 2nd lock and 1st lock: -> (&s->seqcount#9){+.+.}-{0:0} { HARDIRQ-ON-W at: lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5375 write_seqcount_t_begin_nested include/linux/seqlock.h:509 [inline] write_seqcount_t_begin include/linux/seqlock.h:535 [inline] write_seqlock include/linux/seqlock.h:883 [inline] xfrm_set_spdinfo+0xcf/0x160 net/xfrm/xfrm_user.c:1185 xfrm_user_rcv_msg+0x115/0x1e0 net/xfrm/xfrm_user.c:2684 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470 xfrm_netlink_rcv+0x2d/0x40 net/xfrm/xfrm_user.c:2692 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0x2b/0x40 net/socket.c:671 ____sys_sendmsg+0x1ed/0x230 net/socket.c:2353 ___sys_sendmsg+0x77/0xb0 net/socket.c:2407 __sys_sendmsg+0x52/0xa0 net/socket.c:2440 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 SOFTIRQ-ON-W at: lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5375 write_seqcount_t_begin_nested include/linux/seqlock.h:509 [inline] write_seqcount_t_begin include/linux/seqlock.h:535 [inline] write_seqlock include/linux/seqlock.h:883 [inline] xfrm_set_spdinfo+0xcf/0x160 net/xfrm/xfrm_user.c:1185 xfrm_user_rcv_msg+0x115/0x1e0 net/xfrm/xfrm_user.c:2684 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470 xfrm_netlink_rcv+0x2d/0x40 net/xfrm/xfrm_user.c:2692 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0x2b/0x40 net/socket.c:671 ____sys_sendmsg+0x1ed/0x230 net/socket.c:2353 ___sys_sendmsg+0x77/0xb0 net/socket.c:2407 __sys_sendmsg+0x52/0xa0 net/socket.c:2440 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 INITIAL USE at: lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5375 write_seqcount_t_begin_nested include/linux/seqlock.h:509 [inline] write_seqcount_t_begin include/linux/seqlock.h:535 [inline] write_seqlock include/linux/seqlock.h:883 [inline] xfrm_set_spdinfo+0xcf/0x160 net/xfrm/xfrm_user.c:1185 xfrm_user_rcv_msg+0x115/0x1e0 net/xfrm/xfrm_user.c:2684 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470 xfrm_netlink_rcv+0x2d/0x40 net/xfrm/xfrm_user.c:2692 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0x2b/0x40 net/socket.c:671 ____sys_sendmsg+0x1ed/0x230 net/socket.c:2353 ___sys_sendmsg+0x77/0xb0 net/socket.c:2407 __sys_sendmsg+0x52/0xa0 net/socket.c:2440 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 } ... key at: [] __key.11207+0x0/0x10 ... acquired at: write_seqcount_t_begin_nested include/linux/seqlock.h:509 [inline] write_seqcount_t_begin include/linux/seqlock.h:535 [inline] __xfrm_policy_inexact_prune_bin+0x4d/0x600 net/xfrm/xfrm_policy.c:1077 __xfrm_policy_inexact_flush+0x34/0x70 net/xfrm/xfrm_policy.c:1111 xfrm_hash_rebuild+0x360/0x5a0 net/xfrm/xfrm_policy.c:1346 process_one_work+0x26a/0x5f0 kernel/workqueue.c:2269 worker_thread+0x38/0x380 kernel/workqueue.c:2415 kthread+0x148/0x170 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 -> (&s->seqcount#10){+..-}-{0:0} { HARDIRQ-ON-W at: lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5375 write_seqcount_t_begin_nested include/linux/seqlock.h:509 [inline] write_seqcount_t_begin include/linux/seqlock.h:535 [inline] xfrm_hash_rebuild+0x13b/0x5a0 net/xfrm/xfrm_policy.c:1238 process_one_work+0x26a/0x5f0 kernel/workqueue.c:2269 worker_thread+0x38/0x380 kernel/workqueue.c:2415 kthread+0x148/0x170 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 IN-SOFTIRQ-R at: lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5375 seqcount_lockdep_reader_access include/linux/seqlock.h:103 [inline] xfrm_policy_lookup_bytype+0x246/0x750 net/xfrm/xfrm_policy.c:2088 xfrm_policy_lookup+0x2c/0x60 net/xfrm/xfrm_policy.c:2139 xfrm_bundle_lookup net/xfrm/xfrm_policy.c:2944 [inline] xfrm_lookup_with_ifid+0x249/0x960 net/xfrm/xfrm_policy.c:3085 mld_sendpack+0x190/0x390 net/ipv6/mcast.c:1668 mld_send_cr net/ipv6/mcast.c:1975 [inline] mld_ifc_timer_expire+0x1b0/0x340 net/ipv6/mcast.c:2474 call_timer_fn+0xa7/0x330 kernel/time/timer.c:1413 expire_timers kernel/time/timer.c:1458 [inline] __run_timers kernel/time/timer.c:1755 [inline] run_timer_softirq+0x20d/0x580 kernel/time/timer.c:1768 __do_softirq+0xee/0x55a kernel/softirq.c:298 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline] do_softirq_own_stack+0x73/0x90 arch/x86/kernel/irq_64.c:77 do_softirq.part.16+0x98/0xc0 kernel/softirq.c:343 do_softirq kernel/softirq.c:335 [inline] __local_bh_enable_ip+0x121/0x130 kernel/softirq.c:195 spin_unlock_bh include/linux/spinlock.h:399 [inline] netif_addr_unlock_bh include/linux/netdevice.h:4281 [inline] dev_uc_add+0x62/0x70 net/core/dev_addr_lists.c:593 macvlan_open+0x180/0x1f0 drivers/net/macvlan.c:631 __dev_open+0xdd/0x170 net/core/dev.c:1521 __dev_change_flags+0x19f/0x210 net/core/dev.c:8284 dev_change_flags+0x1e/0x60 net/core/dev.c:8355 do_setlink+0x2ff/0x10b0 net/core/rtnetlink.c:2706 __rtnl_newlink+0x538/0x8a0 net/core/rtnetlink.c:3374 rtnl_newlink+0x3e/0x60 net/core/rtnetlink.c:3500 rtnetlink_rcv_msg+0x173/0x480 net/core/rtnetlink.c:5563 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0x2b/0x40 net/socket.c:671 __sys_sendto+0xec/0x160 net/socket.c:1992 __do_sys_sendto net/socket.c:2004 [inline] __se_sys_sendto net/socket.c:2000 [inline] __x64_sys_sendto+0x1f/0x30 net/socket.c:2000 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 INITIAL USE at: lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5375 write_seqcount_t_begin_nested include/linux/seqlock.h:509 [inline] write_seqcount_t_begin include/linux/seqlock.h:535 [inline] xfrm_hash_rebuild+0x13b/0x5a0 net/xfrm/xfrm_policy.c:1238 process_one_work+0x26a/0x5f0 kernel/workqueue.c:2269 worker_thread+0x38/0x380 kernel/workqueue.c:2415 kthread+0x148/0x170 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 } ... key at: [] __key.11271+0x0/0x10 ... acquired at: mark_usage kernel/locking/lockdep.c:4260 [inline] __lock_acquire+0x847/0x17f0 kernel/locking/lockdep.c:4735 lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5375 seqcount_lockdep_reader_access include/linux/seqlock.h:103 [inline] xfrm_policy_lookup_bytype+0x246/0x750 net/xfrm/xfrm_policy.c:2088 xfrm_policy_lookup+0x2c/0x60 net/xfrm/xfrm_policy.c:2139 xfrm_bundle_lookup net/xfrm/xfrm_policy.c:2944 [inline] xfrm_lookup_with_ifid+0x249/0x960 net/xfrm/xfrm_policy.c:3085 mld_sendpack+0x190/0x390 net/ipv6/mcast.c:1668 mld_send_cr net/ipv6/mcast.c:1975 [inline] mld_ifc_timer_expire+0x1b0/0x340 net/ipv6/mcast.c:2474 call_timer_fn+0xa7/0x330 kernel/time/timer.c:1413 expire_timers kernel/time/timer.c:1458 [inline] __run_timers kernel/time/timer.c:1755 [inline] run_timer_softirq+0x20d/0x580 kernel/time/timer.c:1768 __do_softirq+0xee/0x55a kernel/softirq.c:298 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline] do_softirq_own_stack+0x73/0x90 arch/x86/kernel/irq_64.c:77 do_softirq.part.16+0x98/0xc0 kernel/softirq.c:343 do_softirq kernel/softirq.c:335 [inline] __local_bh_enable_ip+0x121/0x130 kernel/softirq.c:195 spin_unlock_bh include/linux/spinlock.h:399 [inline] netif_addr_unlock_bh include/linux/netdevice.h:4281 [inline] dev_uc_add+0x62/0x70 net/core/dev_addr_lists.c:593 macvlan_open+0x180/0x1f0 drivers/net/macvlan.c:631 __dev_open+0xdd/0x170 net/core/dev.c:1521 __dev_change_flags+0x19f/0x210 net/core/dev.c:8284 dev_change_flags+0x1e/0x60 net/core/dev.c:8355 do_setlink+0x2ff/0x10b0 net/core/rtnetlink.c:2706 __rtnl_newlink+0x538/0x8a0 net/core/rtnetlink.c:3374 rtnl_newlink+0x3e/0x60 net/core/rtnetlink.c:3500 rtnetlink_rcv_msg+0x173/0x480 net/core/rtnetlink.c:5563 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0x2b/0x40 net/socket.c:671 __sys_sendto+0xec/0x160 net/socket.c:1992 __do_sys_sendto net/socket.c:2004 [inline] __se_sys_sendto net/socket.c:2000 [inline] __x64_sys_sendto+0x1f/0x30 net/socket.c:2000 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 stack backtrace: CPU: 0 PID: 6958 Comm: syz-executor.4 Not tainted 5.9.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xa3/0xcc lib/dump_stack.c:118 check_usage_forwards kernel/locking/lockdep.c:3803 [inline] mark_lock_irq kernel/locking/lockdep.c:3935 [inline] mark_lock+0x3b9/0x460 kernel/locking/lockdep.c:4361 mark_usage kernel/locking/lockdep.c:4260 [inline] __lock_acquire+0x847/0x17f0 kernel/locking/lockdep.c:4735 lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5375 seqcount_lockdep_reader_access include/linux/seqlock.h:103 [inline] xfrm_policy_lookup_bytype+0x246/0x750 net/xfrm/xfrm_policy.c:2088 xfrm_policy_lookup+0x2c/0x60 net/xfrm/xfrm_policy.c:2139 xfrm_bundle_lookup net/xfrm/xfrm_policy.c:2944 [inline] xfrm_lookup_with_ifid+0x249/0x960 net/xfrm/xfrm_policy.c:3085 mld_sendpack+0x190/0x390 net/ipv6/mcast.c:1668 mld_send_cr net/ipv6/mcast.c:1975 [inline] mld_ifc_timer_expire+0x1b0/0x340 net/ipv6/mcast.c:2474 call_timer_fn+0xa7/0x330 kernel/time/timer.c:1413 expire_timers kernel/time/timer.c:1458 [inline] __run_timers kernel/time/timer.c:1755 [inline] run_timer_softirq+0x20d/0x580 kernel/time/timer.c:1768 __do_softirq+0xee/0x55a kernel/softirq.c:298 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline] do_softirq_own_stack+0x73/0x90 arch/x86/kernel/irq_64.c:77 do_softirq.part.16+0x98/0xc0 kernel/softirq.c:343 do_softirq kernel/softirq.c:335 [inline] __local_bh_enable_ip+0x121/0x130 kernel/softirq.c:195 spin_unlock_bh include/linux/spinlock.h:399 [inline] netif_addr_unlock_bh include/linux/netdevice.h:4281 [inline] dev_uc_add+0x62/0x70 net/core/dev_addr_lists.c:593 macvlan_open+0x180/0x1f0 drivers/net/macvlan.c:631 __dev_open+0xdd/0x170 net/core/dev.c:1521 __dev_change_flags+0x19f/0x210 net/core/dev.c:8284 dev_change_flags+0x1e/0x60 net/core/dev.c:8355 do_setlink+0x2ff/0x10b0 net/core/rtnetlink.c:2706 __rtnl_newlink+0x538/0x8a0 net/core/rtnetlink.c:3374 rtnl_newlink+0x3e/0x60 net/core/rtnetlink.c:3500 rtnetlink_rcv_msg+0x173/0x480 net/core/rtnetlink.c:5563 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0x2b/0x40 net/socket.c:671 __sys_sendto+0xec/0x160 net/socket.c:1992 __do_sys_sendto net/socket.c:2004 [inline] __se_sys_sendto net/socket.c:2000 [inline] __x64_sys_sendto+0x1f/0x30 net/socket.c:2000 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x4170c7 Code: 2c 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 81 19 00 00 c3 48 83 ec 08 e8 87 fa ff ff 48 89 04 24 49 89 ca b8 2c 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 cd fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 RSP: 002b:00007ffe49befc40 EFLAGS: 00000293 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00000000016a3700 RCX: 00000000004170c7 RDX: 000000000000002c RSI: 00000000016a3750 RDI: 0000000000000003 RBP: 0000000000000000 R08: 00007ffe49befc50 R09: 000000000000000c R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 0000000000000000 R14: 00000000016a3750 R15: 0000000000000003