audit: type=1400 audit(1582549123.096:36): avc: denied { map } for pid=7374 comm="syz-executor434" path="/root/syz-executor434763899" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
IPVS: ftp: loaded support on port[0] = 21
================================
WARNING: inconsistent lock state
4.14.171-syzkaller #0 Not tainted
--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
swapper/0/0 [HC0[0]:SC1[1]:HE1:SE0] takes:
(&(&local->client_conns_lock)->rlock){+.?.}, at: [<ffffffff85de07d8>] spin_lock include/linux/spinlock.h:317 [inline]
(&(&local->client_conns_lock)->rlock){+.?.}, at: [<ffffffff85de07d8>] rxrpc_put_one_client_conn net/rxrpc/conn_client.c:905 [inline]
(&(&local->client_conns_lock)->rlock){+.?.}, at: [<ffffffff85de07d8>] rxrpc_put_client_conn+0x538/0xaa0 net/rxrpc/conn_client.c:957
{SOFTIRQ-ON-W} state was registered at:
mark_irqflags kernel/locking/lockdep.c:3086 [inline]
__lock_acquire+0xc33/0x4620 kernel/locking/lockdep.c:3444
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0x2f/0x40 kernel/locking/spinlock.c:152
spin_lock include/linux/spinlock.h:317 [inline]
rxrpc_get_client_conn net/rxrpc/conn_client.c:306 [inline]
rxrpc_connect_call+0x2f5/0x41a0 net/rxrpc/conn_client.c:692
rxrpc_new_client_call+0x8f7/0x1420 net/rxrpc/call_object.c:276
rxrpc_new_client_call_for_sendmsg net/rxrpc/sendmsg.c:525 [inline]
rxrpc_do_sendmsg+0x92a/0x1109 net/rxrpc/sendmsg.c:577
rxrpc_sendmsg+0x4d1/0x610 net/rxrpc/af_rxrpc.c:543
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xce/0x110 net/socket.c:656
___sys_sendmsg+0x349/0x840 net/socket.c:2062
__sys_sendmmsg+0x152/0x3a0 net/socket.c:2152
SYSC_sendmmsg net/socket.c:2183 [inline]
SyS_sendmmsg+0x35/0x60 net/socket.c:2178
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
irq event stamp: 267878
hardirqs last enabled at (267878): [<ffffffff8668e5cb>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last enabled at (267878): [<ffffffff8668e5cb>] _raw_spin_unlock_irqrestore+0x6b/0xe0 kernel/locking/spinlock.c:192
hardirqs last disabled at (267877): [<ffffffff8668e85f>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (267877): [<ffffffff8668e85f>] _raw_spin_lock_irqsave+0x6f/0xcd kernel/locking/spinlock.c:160
softirqs last enabled at (267850): [<ffffffff8138875c>] _local_bh_enable+0x1c/0x30 kernel/softirq.c:159
softirqs last disabled at (267851): [<ffffffff8138aa10>] invoke_softirq kernel/softirq.c:368 [inline]
softirqs last disabled at (267851): [<ffffffff8138aa10>] irq_exit+0x160/0x1b0 kernel/softirq.c:409
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&(&local->client_conns_lock)->rlock);
<Interrupt>
lock(&(&local->client_conns_lock)->rlock);
*** DEADLOCK ***
1 lock held by swapper/0/0:
#0: (rcu_callback){....}, at: [<ffffffff814dfa53>] __rcu_reclaim kernel/rcu/rcu.h:185 [inline]
#0: (rcu_callback){....}, at: [<ffffffff814dfa53>] rcu_do_batch kernel/rcu/tree.c:2699 [inline]
#0: (rcu_callback){....}, at: [<ffffffff814dfa53>] invoke_rcu_callbacks kernel/rcu/tree.c:2962 [inline]
#0: (rcu_callback){....}, at: [<ffffffff814dfa53>] __rcu_process_callbacks kernel/rcu/tree.c:2929 [inline]
#0: (rcu_callback){....}, at: [<ffffffff814dfa53>] rcu_process_callbacks+0x893/0x12b0 kernel/rcu/tree.c:2946
stack backtrace:
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.14.171-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x142/0x197 lib/dump_stack.c:58
print_usage_bug.cold+0x330/0x42a kernel/locking/lockdep.c:2585
valid_state kernel/locking/lockdep.c:2598 [inline]
mark_lock_irq kernel/locking/lockdep.c:2792 [inline]
mark_lock+0xdbd/0x1240 kernel/locking/lockdep.c:3190
mark_irqflags kernel/locking/lockdep.c:3068 [inline]
__lock_acquire+0xb57/0x4620 kernel/locking/lockdep.c:3444
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0x2f/0x40 kernel/locking/spinlock.c:152
spin_lock include/linux/spinlock.h:317 [inline]
rxrpc_put_one_client_conn net/rxrpc/conn_client.c:905 [inline]
rxrpc_put_client_conn+0x538/0xaa0 net/rxrpc/conn_client.c:957
rxrpc_put_connection net/rxrpc/ar-internal.h:862 [inline]
rxrpc_rcu_destroy_call+0x88/0x190 net/rxrpc/call_object.c:642
__rcu_reclaim kernel/rcu/rcu.h:195 [inline]
rcu_do_batch kernel/rcu/tree.c:2699 [inline]
invoke_rcu_callbacks kernel/rcu/tree.c:2962 [inline]
__rcu_process_callbacks kernel/rcu/tree.c:2929 [inline]
rcu_process_callbacks+0x7b8/0x12b0 kernel/rcu/tree.c:2946
__do_softirq+0x244/0x9a0 kernel/softirq.c:288
invoke_softirq kernel/softirq.c:368 [inline]
irq_exit+0x160/0x1b0 kernel/softirq.c:409
exiting_irq arch/x86/include/asm/apic.h:648 [inline]
smp_apic_timer_interrupt+0x146/0x5e0 arch/x86/kernel/apic/apic.c:1102
apic_timer_interrupt+0x96/0xa0 arch/x86/entry/entry_64.S:792
</IRQ>
RIP: 0010:native_safe_halt+0xe/0x10 arch/x86/include/asm/irqflags.h:61
RSP: 0018:ffffffff87e07de8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff10
RAX: 1ffffffff0fe2ccc RBX: ffffffff87e76240 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff87e76abc
RBP: ffffffff87e07e10 R08: 1ffffffff1163f01 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff87f16650
R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff87e76240
arch_cpu_idle+0xa/0x10 arch/x86/kernel/process.c:557
default_idle_call+0x36/0x90 kernel/sched/idle.c:98
cpuidle_idle_call kernel/sched/idle.c:156 [inline]
do_idle+0x262/0x3d0 kernel/sched/idle.c:246
cpu_startup_entry+0x1b/0x20 kernel/sched/idle.c:351
rest_init+0x1d9/0x1e2 init/main.c:434
start_kernel+0x65f/0x67d init/main.c:708