audit: type=1400 audit(1554981473.565:5): avc: denied { associate } for pid=2174 comm="syz-executor.5" name="syz5" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
INFO: task syz-executor.3:2166 blocked for more than 140 seconds.
Not tainted 4.9.168+ #39
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3 D25016 2166 1 0x00000004
ffff8801cc538000 ffff8801d425dd80 ffff8801db721000 ffff8801d40c8000
ffff8801db721018 ffff8801d4a0f9b8 ffffffff8280028e ffff8801cc5388c8
ffff8801cc5388a0 00ff8801cc5388d0 ffff8801db7218f0 1ffff1003a941f26
Call Trace:
[<00000000ac3078e1>] schedule+0x92/0x1c0 kernel/sched/core.c:3546
[<000000004b3f9b38>] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3579
[<0000000021dd537a>] __mutex_lock_common kernel/locking/mutex.c:582 [inline]
[<0000000021dd537a>] mutex_lock_nested+0x38d/0x920 kernel/locking/mutex.c:621
[<00000000e039a886>] rtnl_lock net/core/rtnetlink.c:70 [inline]
[<00000000e039a886>] rtnetlink_rcv+0x1c/0x40 net/core/rtnetlink.c:4086
[<00000000313b5024>] netlink_unicast_kernel net/netlink/af_netlink.c:1285 [inline]
[<00000000313b5024>] netlink_unicast+0x4c6/0x6d0 net/netlink/af_netlink.c:1311
[<000000001984b03c>] netlink_sendmsg+0x6b6/0xc80 net/netlink/af_netlink.c:1859
[<000000008e890726>] sock_sendmsg_nosec net/socket.c:649 [inline]
[<000000008e890726>] sock_sendmsg+0xbe/0x110 net/socket.c:659
[<0000000069d44983>] SYSC_sendto net/socket.c:1684 [inline]
[<0000000069d44983>] SyS_sendto+0x201/0x340 net/socket.c:1652
[<000000000e4bfb70>] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285
[<000000001dd370a3>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Showing all locks held in the system:
2 locks held by khungtaskd/24:
#0: (rcu_read_lock){......}, at: [<000000006b1552fa>] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
#0: (rcu_read_lock){......}, at: [<000000006b1552fa>] watchdog+0x13c/0xae0 kernel/hung_task.c:239
#1: (tasklist_lock){.+.+..}, at: [<000000006fc3c96a>] debug_show_all_locks+0x7f/0x21f kernel/locking/lockdep.c:4339
2 locks held by getty/2016:
#0: (&tty->ldisc_sem){++++++}, at: [<000000005423bdb8>] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
#1: (&ldata->atomic_read_lock){+.+...}, at: [<0000000012ec4b74>] n_tty_read+0x1fe/0x1820 drivers/tty/n_tty.c:2156
1 lock held by syz-executor.3/2166:
#0: (rtnl_mutex){+.+.+.}, at: [<00000000e039a886>] rtnl_lock net/core/rtnetlink.c:70 [inline]
#0: (rtnl_mutex){+.+.+.}, at: [<00000000e039a886>] rtnetlink_rcv+0x1c/0x40 net/core/rtnetlink.c:4086
1 lock held by syz-executor.0/2169:
#0: (rtnl_mutex){+.+.+.}, at: [<00000000e039a886>] rtnl_lock net/core/rtnetlink.c:70 [inline]
#0: (rtnl_mutex){+.+.+.}, at: [<00000000e039a886>] rtnetlink_rcv+0x1c/0x40 net/core/rtnetlink.c:4086
1 lock held by syz-executor.4/2175:
#0: (rtnl_mutex){+.+.+.}, at: [<00000000e039a886>] rtnl_lock net/core/rtnetlink.c:70 [inline]
#0: (rtnl_mutex){+.+.+.}, at: [<00000000e039a886>] rtnetlink_rcv+0x1c/0x40 net/core/rtnetlink.c:4086
3 locks held by kworker/1:2/2505:
#0: ("%s"("ipv6_addrconf")){.+.+..}, at: [<00000000025a9415>] process_one_work+0x790/0x1600 kernel/workqueue.c:2107
#1: ((addr_chk_work).work){+.+...}, at: [<00000000873bbd45>] process_one_work+0x7ce/0x1600 kernel/workqueue.c:2111
#2: (rtnl_mutex){+.+.+.}, at: [<00000000d38904f1>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
1 lock held by syz-executor.1/3063:
#0: (rtnl_mutex){+.+.+.}, at: [<00000000e039a886>] rtnl_lock net/core/rtnetlink.c:70 [inline]
#0: (rtnl_mutex){+.+.+.}, at: [<00000000e039a886>] rtnetlink_rcv+0x1c/0x40 net/core/rtnetlink.c:4086
1 lock held by syz-executor.5/3052:
#0: (rtnl_mutex){+.+.+.}, at: [<00000000e039a886>] rtnl_lock net/core/rtnetlink.c:70 [inline]
#0: (rtnl_mutex){+.+.+.}, at: [<00000000e039a886>] rtnetlink_rcv+0x1c/0x40 net/core/rtnetlink.c:4086
1 lock held by syz-executor.5/3060:
#0: (rtnl_mutex){+.+.+.}, at: [<00000000e039a886>] rtnl_lock net/core/rtnetlink.c:70 [inline]
#0: (rtnl_mutex){+.+.+.}, at: [<00000000e039a886>] rtnetlink_rcv+0x1c/0x40 net/core/rtnetlink.c:4086
1 lock held by syz-executor.5/3065:
#0: (rtnl_mutex){+.+.+.}, at: [<00000000e039a886>] rtnl_lock net/core/rtnetlink.c:70 [inline]
#0: (rtnl_mutex){+.+.+.}, at: [<00000000e039a886>] rtnetlink_rcv+0x1c/0x40 net/core/rtnetlink.c:4086
1 lock held by syz-executor.2/3059:
#0: (rtnl_mutex){+.+.+.}, at: [<00000000e039a886>] rtnl_lock net/core/rtnetlink.c:70 [inline]
#0: (rtnl_mutex){+.+.+.}, at: [<00000000e039a886>] rtnetlink_rcv+0x1c/0x40 net/core/rtnetlink.c:4086
1 lock held by syz-executor.2/3061:
#0: (rtnl_mutex){+.+.+.}, at: [<00000000e039a886>] rtnl_lock net/core/rtnetlink.c:70 [inline]
#0: (rtnl_mutex){+.+.+.}, at: [<00000000e039a886>] rtnetlink_rcv+0x1c/0x40 net/core/rtnetlink.c:4086
1 lock held by syz-executor.2/3067:
#0: (rtnl_mutex){+.+.+.}, at: [<00000000e039a886>] rtnl_lock net/core/rtnetlink.c:70 [inline]
#0: (rtnl_mutex){+.+.+.}, at: [<00000000e039a886>] rtnetlink_rcv+0x1c/0x40 net/core/rtnetlink.c:4086
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 24 Comm: khungtaskd Not tainted 4.9.168+ #39
ffff8801d98d7cc8 ffffffff81b4f5d1 0000000000000000 0000000000000000
0000000000000000 ffffffff81097401 dffffc0000000000 ffff8801d98d7d00
ffffffff81b5a86c 0000000000000000 0000000000000000 0000000000000000
Call Trace:
[<0000000014e53332>] __dump_stack lib/dump_stack.c:15 [inline]
[<0000000014e53332>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
[<00000000d65eb0a7>] nmi_cpu_backtrace.cold+0x47/0x87 lib/nmi_backtrace.c:99
[<00000000eb216681>] nmi_trigger_cpumask_backtrace+0x124/0x155 lib/nmi_backtrace.c:60
[<00000000776cb4f5>] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37
[<0000000038b640ca>] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline]
[<0000000038b640ca>] check_hung_task kernel/hung_task.c:125 [inline]
[<0000000038b640ca>] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline]
[<0000000038b640ca>] watchdog+0x661/0xae0 kernel/hung_task.c:239
[<00000000e4c5a241>] kthread+0x278/0x310 kernel/kthread.c:211
[<00000000a3490d9c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 3047 Comm: syz-executor.1 Not tainted 4.9.168+ #39
task: 00000000e652a0d7 task.stack: 00000000526ba1fc
RIP: 0010:[<ffffffff814f8553>] �c [<000000001cea5778>] filter_irq_stacks mm/kasan/kasan.c:488 [inline]
RIP: 0010:[<ffffffff814f8553>] �c [<000000001cea5778>] save_stack mm/kasan/kasan.c:506 [inline]
RIP: 0010:[<ffffffff814f8553>] �c [<000000001cea5778>] set_track mm/kasan/kasan.c:517 [inline]
RIP: 0010:[<ffffffff814f8553>] �c [<000000001cea5778>] kasan_slab_free+0xc3/0x190 mm/kasan/kasan.c:582
RSP: 0018:ffff8801d5f572e8 EFLAGS: 00000297
RAX: 0000000000000015 RBX: ffff8801d0c0f360 RCX: 0000000000000011
RDX: ffffffff822b21d8 RSI: ffff8801d5f57300 RDI: 0000000000000000
RBP: ffff8801d5f57518 R08: 1ffff1003abeae4c R09: ffff8801d5f57260
R10: ffffed003abeae53 R11: ffff8801d5f5729f R12: ffff8801da577500
R13: ffff8801d0c0f280 R14: ffff8801da577500 R15: 0000000000000246
FS: 00007f8dadc15700(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000001962308 CR3: 00000001d4292000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
0000004000000015�c ffff8801d5f57300�c ffffffff00000000�c ffffffff810774d6�c
ffffffff814f8540�c ffffffff814f4e3e�c ffffffff822c537f�c ffffffff822c7f4e�c
ffffffff823d6cbe�c ffffffff823d7424�c ffffffff823613ab�c ffffffff823bac3b�c
Call Trace:
[<000000006d5d9121>] slab_free_hook mm/slub.c:1355 [inline]
[<000000006d5d9121>] slab_free_freelist_hook mm/slub.c:1377 [inline]
[<000000006d5d9121>] slab_free mm/slub.c:2958 [inline]
[<000000006d5d9121>] kmem_cache_free+0xbe/0x310 mm/slub.c:2980
[<000000009c08eb20>] kfree_skbmem+0x9f/0x100 net/core/skbuff.c:627
[<00000000b97e210d>] __kfree_skb net/core/skbuff.c:689 [inline]
[<00000000b97e210d>] consume_skb+0xce/0x340 net/core/skbuff.c:761
[<00000000bde9c0d7>] netlink_broadcast_filtered+0x2ae/0x9d0 net/netlink/af_netlink.c:1486
[<0000000063e06a0e>] netlink_broadcast+0x44/0x60 net/netlink/af_netlink.c:1508
[<00000000c0ec7743>] rtnetlink_send+0x9b/0x100 net/core/rtnetlink.c:651
[<0000000007b53fb0>] tcf_add_notify net/sched/act_api.c:941 [inline]
[<0000000007b53fb0>] tcf_action_add net/sched/act_api.c:958 [inline]
[<0000000007b53fb0>] tc_ctl_action+0x46b/0x580 net/sched/act_api.c:993
[<0000000008722ed7>] rtnetlink_rcv_msg+0x506/0x6e0 net/core/rtnetlink.c:4081
[<0000000023a42247>] netlink_rcv_skb+0xd4/0x2e0 net/netlink/af_netlink.c:2365
[<00000000a525f8e1>] rtnetlink_rcv+0x2b/0x40 net/core/rtnetlink.c:4087
[<00000000313b5024>] netlink_unicast_kernel net/netlink/af_netlink.c:1285 [inline]
[<00000000313b5024>] netlink_unicast+0x4c6/0x6d0 net/netlink/af_netlink.c:1311
[<000000001984b03c>] netlink_sendmsg+0x6b6/0xc80 net/netlink/af_netlink.c:1859
[<000000008e890726>] sock_sendmsg_nosec net/socket.c:649 [inline]
[<000000008e890726>] sock_sendmsg+0xbe/0x110 net/socket.c:659
[<00000000b4df4c4a>] ___sys_sendmsg+0x78b/0x8b0 net/socket.c:1983
[<000000001866c8cf>] __sys_sendmsg+0xc8/0x170 net/socket.c:2017
[<00000000fb6824bd>] SYSC_sendmsg net/socket.c:2028 [inline]
[<00000000fb6824bd>] SyS_sendmsg+0x2d/0x50 net/socket.c:2024
[<000000000e4bfb70>] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285
[<000000001dd370a3>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: �c85 �cd0 �cfd �cff �cff �c48 �c8d �c85 �ce8 �cfd �cff �cff �c48 �c89 �c85 �cd8 �cfd �cff �cff �ce8 �c80 �cef �cb7 �cff �c8b �c85 �cd0 �cfd �cff �cff �c85 �cc0 �c74 �c39 �c48 �c8b �cb5 �cd8 �cfd �cff �cff �c31 �cc9 �c<48> �c63 �cd1 �c48 �c8b �c14 �cd6 �c48 �c81 �cfa �c10 �c1e �c81 �c82 �c72 �c5a �c48 �c81 �cfa �cce �c58 �c