netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
========================================================
WARNING: possible irq lock inversion dependency detected
6.13.0-rc2-next-20241213 #1 Not tainted
--------------------------------------------------------
syz-executor.3/17708 just changed the state of lock:
ffff88800a3ccb88 (&new_timer->it_lock){-...}-{3:3}, at: posix_timer_fn+0x27/0x60
but this lock took another, HARDIRQ-unsafe lock in the past:
 (&sighand->siglock){+.+.}-{3:3}


and interrupts could create inverse lock ordering between them.


other info that might help us debug this:
 Possible interrupt unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&sighand->siglock);
                               local_irq_disable();
                               lock(&new_timer->it_lock);
                               lock(&sighand->siglock);
  <Interrupt>
    lock(&new_timer->it_lock);

 *** DEADLOCK ***

2 locks held by syz-executor.3/17708:
 #0: ffffffff8620d6d0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x2c3/0x700
 #1: ffffffff85c16400 (rcu_read_lock){....}-{1:3}, at: security_netlbl_sid_to_secattr+0x92/0x4c0

the shortest dependencies between 2nd lock and 1st lock:
 -> (&sighand->siglock){+.+.}-{3:3} {
    HARDIRQ-ON-W at:
                      lockdep_hardirqs_on_prepare+0x12b/0x3f0
                      trace_hardirqs_on+0x36/0x40
                      _raw_spin_unlock_irq+0x23/0x40
                      mtree_erase+0x15c/0x1f0
                      free_pid+0x32/0x270
                      __change_pid+0x38e/0x580
                      release_task+0xf72/0x1600
                      wait_consider_task+0x2ef0/0x3c50
                      __do_wait+0x7af/0x8f0
                      do_wait+0x19a/0x530
                      kernel_wait+0xa0/0x160
                      call_usermodehelper_exec_work+0xf9/0x180
                      process_one_work+0x8ee/0x1a10
                      worker_thread+0x674/0xe70
                      kthread+0x3ab/0x720
                      ret_from_fork+0x48/0x80
                      ret_from_fork_asm+0x1a/0x30
    SOFTIRQ-ON-W at:
                      lockdep_hardirqs_on_prepare+0x262/0x3f0
                      trace_hardirqs_on+0x36/0x40
                      _raw_spin_unlock_irq+0x23/0x40
                      mtree_erase+0x15c/0x1f0
                      free_pid+0x32/0x270
                      __change_pid+0x38e/0x580
                      release_task+0xf72/0x1600
                      wait_consider_task+0x2ef0/0x3c50
                      __do_wait+0x7af/0x8f0
                      do_wait+0x19a/0x530
                      kernel_wait+0xa0/0x160
                      call_usermodehelper_exec_work+0xf9/0x180
                      process_one_work+0x8ee/0x1a10
                      worker_thread+0x674/0xe70
                      kthread+0x3ab/0x720
                      ret_from_fork+0x48/0x80
                      ret_from_fork_asm+0x1a/0x30
    INITIAL USE at:
                     lock_acquire.part.0+0xeb/0x320
                     _raw_spin_lock_irq+0x33/0x50
                     calculate_sigpending+0x44/0xa0
                     ret_from_fork+0x23/0x80
                     ret_from_fork_asm+0x1a/0x30
  }
  ... key      at: [<ffffffff877d2180>] __key.300+0x0/0x40
  ... acquired at:
   _raw_spin_lock+0x2b/0x40
   __do_sys_timer_delete+0x14e/0x670
   do_syscall_64+0xbf/0x1d0
   entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> (&new_timer->it_lock){-...}-{3:3} {
   IN-HARDIRQ-W at:
                    lock_acquire.part.0+0xeb/0x320
                    _raw_spin_lock_irqsave+0x3a/0x60
                    posix_timer_fn+0x27/0x60
                    __hrtimer_run_queues+0x1ab/0xa80
                    hrtimer_interrupt+0x369/0x830
                    __sysvec_apic_timer_interrupt+0xc2/0x330
                    sysvec_apic_timer_interrupt+0x6b/0x80
                    asm_sysvec_apic_timer_interrupt+0x1a/0x20
                    kasan_save_alloc_info+0xe/0x40
                    __kasan_kmalloc+0x7f/0x90
                    __kmalloc_node_track_caller_noprof+0x1ef/0x490
                    kstrdup+0x3e/0xc0
                    security_netlbl_sid_to_secattr+0x1ce/0x4c0
                    selinux_netlbl_sock_genattr+0x129/0x4e0
                    selinux_netlbl_socket_post_create+0xb4/0x1b0
                    selinux_socket_post_create+0x2f5/0x800
                    security_socket_post_create+0x5e/0x90
                    __sock_create+0x6dd/0x810
                    inet_ctl_sock_create+0x8c/0x230
                    igmp_net_init+0xd4/0x1b0
                    ops_init+0x1e1/0x650
                    setup_net+0x1d7/0x7a0
                    copy_net_ns+0x2e3/0x700
                    create_new_namespaces+0x3f6/0xaf0
                    copy_namespaces+0x45c/0x580
                    copy_process+0x26c0/0x70e0
                    kernel_clone+0xeb/0x850
                    __do_sys_clone3+0x1d9/0x260
                    do_syscall_64+0xbf/0x1d0
                    entry_SYSCALL_64_after_hwframe+0x77/0x7f
   INITIAL USE at:
                   lock_acquire.part.0+0xeb/0x320
                   _raw_spin_lock_irqsave+0x3a/0x60
                   __lock_timer+0x1c9/0x4d0
                   do_timer_gettime+0x71/0x180
                   __x64_sys_timer_gettime+0xad/0x150
                   do_syscall_64+0xbf/0x1d0
                   entry_SYSCALL_64_after_hwframe+0x77/0x7f
 }
 ... key      at: [<ffffffff8828ede0>] __key.0+0x0/0x40
 ... acquired at:
   __lock_acquire+0x1595/0x4360
   lock_acquire.part.0+0xeb/0x320
   _raw_spin_lock_irqsave+0x3a/0x60
   posix_timer_fn+0x27/0x60
   __hrtimer_run_queues+0x1ab/0xa80
   hrtimer_interrupt+0x369/0x830
   __sysvec_apic_timer_interrupt+0xc2/0x330
   sysvec_apic_timer_interrupt+0x6b/0x80
   asm_sysvec_apic_timer_interrupt+0x1a/0x20
   kasan_save_alloc_info+0xe/0x40
   __kasan_kmalloc+0x7f/0x90
   __kmalloc_node_track_caller_noprof+0x1ef/0x490
   kstrdup+0x3e/0xc0
   security_netlbl_sid_to_secattr+0x1ce/0x4c0
   selinux_netlbl_sock_genattr+0x129/0x4e0
   selinux_netlbl_socket_post_create+0xb4/0x1b0
   selinux_socket_post_create+0x2f5/0x800
   security_socket_post_create+0x5e/0x90
   __sock_create+0x6dd/0x810
   inet_ctl_sock_create+0x8c/0x230
   igmp_net_init+0xd4/0x1b0
   ops_init+0x1e1/0x650
   setup_net+0x1d7/0x7a0
   copy_net_ns+0x2e3/0x700
   create_new_namespaces+0x3f6/0xaf0
   copy_namespaces+0x45c/0x580
   copy_process+0x26c0/0x70e0
   kernel_clone+0xeb/0x850
   __do_sys_clone3+0x1d9/0x260
   do_syscall_64+0xbf/0x1d0
   entry_SYSCALL_64_after_hwframe+0x77/0x7f


stack backtrace:
CPU: 0 UID: 0 PID: 17708 Comm: syz-executor.3 Not tainted 6.13.0-rc2-next-20241213 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Call Trace:
 <IRQ>
 dump_stack_lvl+0xca/0x120
 print_irq_inversion_bug.part.0+0x3e2/0x580
 mark_lock+0x8e1/0xed0
 __lock_acquire+0x1595/0x4360
 lock_acquire.part.0+0xeb/0x320
 _raw_spin_lock_irqsave+0x3a/0x60
 posix_timer_fn+0x27/0x60
 __hrtimer_run_queues+0x1ab/0xa80
 hrtimer_interrupt+0x369/0x830
 __sysvec_apic_timer_interrupt+0xc2/0x330
 sysvec_apic_timer_interrupt+0x6b/0x80
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:kasan_save_alloc_info+0xe/0x40
Code: 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 41 54 55 48 63 af bc 00 00 00 <85> ed 74 25 48 01 f5 74 20 41 89 d4 48 89 ef 31 f6 ba 10 00 00 00
RSP: 0018:ffff888041e3f570 EFLAGS: 00000202
RAX: ffffed10024f12b6 RBX: 0000000000000009 RCX: 00000000000000fc
RDX: 0000000000000820 RSI: ffff8880127895a0 RDI: ffff888008c41640
RBP: 0000000000000010 R08: 0000000000000001 R09: 0000000000000006
R10: ffffed10024f12b6 R11: 0000000000000000 R12: ffff8880127895a0
R13: 0000000000000820 R14: 00000000ffffffff R15: ffff888008c41640
 __kasan_kmalloc+0x7f/0x90
 __kmalloc_node_track_caller_noprof+0x1ef/0x490
 kstrdup+0x3e/0xc0
 security_netlbl_sid_to_secattr+0x1ce/0x4c0
 selinux_netlbl_sock_genattr+0x129/0x4e0
 selinux_netlbl_socket_post_create+0xb4/0x1b0
 selinux_socket_post_create+0x2f5/0x800
 security_socket_post_create+0x5e/0x90
 __sock_create+0x6dd/0x810
 inet_ctl_sock_create+0x8c/0x230
 igmp_net_init+0xd4/0x1b0
 ops_init+0x1e1/0x650
 setup_net+0x1d7/0x7a0
 copy_net_ns+0x2e3/0x700
 create_new_namespaces+0x3f6/0xaf0
 copy_namespaces+0x45c/0x580
 copy_process+0x26c0/0x70e0
 kernel_clone+0xeb/0x850
 __do_sys_clone3+0x1d9/0x260
 do_syscall_64+0xbf/0x1d0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fce61107b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fce5e65c188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
RAX: ffffffffffffffda RBX: 00007fce6121b020 RCX: 00007fce61107b19
RDX: 0000000000000000 RSI: 0000000000000058 RDI: 0000000020000600
RBP: 00007fce61161f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdcb6a69ef R14: 00007fce5e65c300 R15: 0000000000022000
 </TASK>
hpet: Lost 9 RTC interrupts
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
----------------
Code disassembly (best guess):
   0:	66 2e 0f 1f 84 00 00 	nopw   %cs:0x0(%rax,%rax,1)
   7:	00 00 00
   a:	66 90                	xchg   %ax,%ax
   c:	90                   	nop
   d:	90                   	nop
   e:	90                   	nop
   f:	90                   	nop
  10:	90                   	nop
  11:	90                   	nop
  12:	90                   	nop
  13:	90                   	nop
  14:	90                   	nop
  15:	90                   	nop
  16:	90                   	nop
  17:	90                   	nop
  18:	90                   	nop
  19:	90                   	nop
  1a:	90                   	nop
  1b:	90                   	nop
  1c:	66 0f 1f 00          	nopw   (%rax)
  20:	41 54                	push   %r12
  22:	55                   	push   %rbp
  23:	48 63 af bc 00 00 00 	movslq 0xbc(%rdi),%rbp
* 2a:	85 ed                	test   %ebp,%ebp <-- trapping instruction
  2c:	74 25                	je     0x53
  2e:	48 01 f5             	add    %rsi,%rbp
  31:	74 20                	je     0x53
  33:	41 89 d4             	mov    %edx,%r12d
  36:	48 89 ef             	mov    %rbp,%rdi
  39:	31 f6                	xor    %esi,%esi
  3b:	ba 10 00 00 00       	mov    $0x10,%edx