audit: type=1400 audit(1540609746.234:518): avc: denied { create } for pid=21523 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0
======================================================
[ INFO: possible circular locking dependency detected ]
input: syz1 as /devices/virtual/input/input83
4.4.162+ #7 Not tainted
-------------------------------------------------------
syz-executor2/21528 is trying to acquire lock:
input: syz1 as /devices/virtual/input/input84
(_xmit_NETROM){+.-...}, at: [ 512.056907] audit: type=1400 audit(1540609746.274:519): avc: denied { create } for pid=21523 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0
[<ffffffff8229e5a3>] spin_lock include/linux/spinlock.h:302 [inline]
[<ffffffff8229e5a3>] __netif_tx_lock include/linux/netdevice.h:3306 [inline]
[<ffffffff8229e5a3>] sch_direct_xmit+0x233/0x6c0 net/sched/sch_generic.c:163
but task is already holding lock:
(&(&q->lock)->rlock){+.-...}, at: [<ffffffff826298fb>] spin_lock include/linux/spinlock.h:302 [inline]
(&(&q->lock)->rlock){+.-...}, at: [<ffffffff826298fb>] ipv6_frag_rcv+0x5eb/0x4f80 net/ipv6/reassembly.c:560
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
[<ffffffff81202cde>] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592
[<ffffffff8270551a>] __raw_spin_lock_bh include/linux/spinlock_api_smp.h:137 [inline]
[<ffffffff8270551a>] _raw_spin_lock_bh+0x3a/0x50 kernel/locking/spinlock.c:175
[<ffffffff825d7fcd>] spin_lock_bh include/linux/spinlock.h:307 [inline]
[<ffffffff825d7fcd>] icmp6_dst_alloc+0x39d/0x620 net/ipv6/route.c:1630
[<ffffffff825f0382>] ndisc_send_skb+0x2b2/0x10e0 net/ipv6/ndisc.c:451
[<ffffffff825f412b>] ndisc_send_ns+0x4fb/0x6f0 net/ipv6/ndisc.c:595
audit: type=1400 audit(1540609746.274:520): avc: denied { set_context_mgr } for pid=21537 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=0
binder: 21537:21538 ioctl 40046207 0 returned -13
binder: 21537:21538 transaction failed 29189/-22, size 24-8 line 3014
binder: 21537:21538 unknown command 0
binder: 21537:21538 ioctl c0306201 200003c0 returned -22
binder_alloc: binder_alloc_mmap_handler: 21537 20001000-20004000 already mapped failed -16
audit: type=1400 audit(1540609746.274:521): avc: denied { set_context_mgr } for pid=21537 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=0
binder: 21537:21538 ioctl 40046207 0 returned -13
binder: 21537:21539 transaction failed 29189/-22, size 24-8 line 3014
[<ffffffff825f45c0>] ndisc_solicit+0x2a0/0x420 net/ipv6/ndisc.c:686
[<ffffffff8224778a>] neigh_probe+0xca/0x100 net/core/neighbour.c:871
[<ffffffff822592eb>] neigh_timer_handler+0x26b/0xa50 net/core/neighbour.c:952
[<ffffffff812553bc>] call_timer_fn+0x18c/0x870 kernel/time/timer.c:1185
[<ffffffff812560a5>] __run_timers kernel/time/timer.c:1261 [inline]
[<ffffffff812560a5>] run_timer_softirq+0x605/0xbb0 kernel/time/timer.c:1444
[<ffffffff827091dc>] __do_softirq+0x22c/0xa1a kernel/softirq.c:273
[<ffffffff810e1dbd>] invoke_softirq kernel/softirq.c:350 [inline]
[<ffffffff810e1dbd>] irq_exit+0x10d/0x140 kernel/softirq.c:391
[<ffffffff82708941>] exiting_irq arch/x86/include/asm/apic.h:652 [inline]
[<ffffffff82708941>] smp_apic_timer_interrupt+0x81/0xa0 arch/x86/kernel/apic/apic.c:926
[<ffffffff82707c9d>] apic_timer_interrupt+0x9d/0xb0 arch/x86/entry/entry_64.S:741
[<ffffffff811597cf>] ___might_sleep+0x1ff/0x260 kernel/sched/core.c:7956
[<ffffffff811598c0>] __might_sleep+0x90/0x1a0 kernel/sched/core.c:7948
[<ffffffff8142b99f>] __might_fault+0xaf/0x1d0 mm/memory.c:3858
[<ffffffff81f73fb5>] copy_from_user arch/x86/include/asm/uaccess.h:729 [inline]
[<ffffffff81f73fb5>] input_event_from_user+0x135/0x290 drivers/input/input-compat.c:23
[<ffffffff81f818cf>] evdev_write+0x20f/0x3b0 drivers/input/evdev.c:553
[<ffffffff81490c1c>] __vfs_write+0x11c/0x3e0 fs/read_write.c:489
[<ffffffff814928ce>] vfs_write+0x17e/0x4e0 fs/read_write.c:538
[<ffffffff81494f09>] SYSC_write fs/read_write.c:585 [inline]
[<ffffffff81494f09>] SyS_write+0xd9/0x1c0 fs/read_write.c:577
[<ffffffff8100629e>] do_syscall_32_irqs_on arch/x86/entry/common.c:396 [inline]
[<ffffffff8100629e>] do_fast_syscall_32+0x31e/0xa80 arch/x86/entry/common.c:463
[<ffffffff82707a50>] sysenter_flags_fixed+0xd/0x1a
[<ffffffff811ff0fc>] check_prev_add kernel/locking/lockdep.c:1853 [inline]
[<ffffffff811ff0fc>] check_prevs_add kernel/locking/lockdep.c:1958 [inline]
[<ffffffff811ff0fc>] validate_chain kernel/locking/lockdep.c:2144 [inline]
[<ffffffff811ff0fc>] __lock_acquire+0x3e6c/0x5f10 kernel/locking/lockdep.c:3213
[<ffffffff81202cde>] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592
[<ffffffff82705426>] __raw_spin_lock include/linux/spinlock_api_smp.h:144 [inline]
[<ffffffff82705426>] _raw_spin_lock+0x36/0x50 kernel/locking/spinlock.c:151
[<ffffffff8229e5a3>] spin_lock include/linux/spinlock.h:302 [inline]
[<ffffffff8229e5a3>] __netif_tx_lock include/linux/netdevice.h:3306 [inline]
[<ffffffff8229e5a3>] sch_direct_xmit+0x233/0x6c0 net/sched/sch_generic.c:163
[<ffffffff82232995>] __dev_xmit_skb net/core/dev.c:2979 [inline]
[<ffffffff82232995>] __dev_queue_xmit+0xf95/0x1c30 net/core/dev.c:3197
[<ffffffff82233647>] dev_queue_xmit+0x17/0x20 net/core/dev.c:3263
[<ffffffff82253b10>] neigh_resolve_output+0x600/0x780 net/core/neighbour.c:1329
[<ffffffff8258cdb4>] dst_neigh_output include/net/dst.h:461 [inline]
[<ffffffff8258cdb4>] ip6_finish_output2+0xb94/0x1ca0 net/ipv6/ip6_output.c:113
[<ffffffff8259d53e>] ip6_finish_output+0x2ee/0x750 net/ipv6/ip6_output.c:131
[<ffffffff8259db4f>] NF_HOOK_COND include/linux/netfilter.h:240 [inline]
[<ffffffff8259db4f>] ip6_output+0x1af/0x520 net/ipv6/ip6_output.c:145
[<ffffffff825f0a42>] dst_output include/net/dst.h:498 [inline]
[<ffffffff825f0a42>] NF_HOOK_THRESH include/linux/netfilter.h:226 [inline]
[<ffffffff825f0a42>] NF_HOOK include/linux/netfilter.h:249 [inline]
[<ffffffff825f0a42>] ndisc_send_skb+0x972/0x10e0 net/ipv6/ndisc.c:471
[<ffffffff825f412b>] ndisc_send_ns+0x4fb/0x6f0 net/ipv6/ndisc.c:595
[<ffffffff825f45c0>] ndisc_solicit+0x2a0/0x420 net/ipv6/ndisc.c:686
[<ffffffff8224778a>] neigh_probe+0xca/0x100 net/core/neighbour.c:871
[<ffffffff82252b80>] __neigh_event_send+0x2a0/0xc30 net/core/neighbour.c:1027
[<ffffffff82253b39>] neigh_event_send include/net/neighbour.h:431 [inline]
[<ffffffff82253b39>] neigh_resolve_output+0x629/0x780 net/core/neighbour.c:1313
[<ffffffff8258cdb4>] dst_neigh_output include/net/dst.h:461 [inline]
[<ffffffff8258cdb4>] ip6_finish_output2+0xb94/0x1ca0 net/ipv6/ip6_output.c:113
[<ffffffff8259d53e>] ip6_finish_output+0x2ee/0x750 net/ipv6/ip6_output.c:131
[<ffffffff8259db4f>] NF_HOOK_COND include/linux/netfilter.h:240 [inline]
[<ffffffff8259db4f>] ip6_output+0x1af/0x520 net/ipv6/ip6_output.c:145
[<ffffffff826ae55b>] dst_output include/net/dst.h:498 [inline]
[<ffffffff826ae55b>] ip6_local_out+0x9b/0x180 net/ipv6/output_core.c:169
[<ffffffff8259fbb1>] ip6_send_skb+0xa1/0x340 net/ipv6/ip6_output.c:1725
[<ffffffff8259ff03>] ip6_push_pending_frames+0xb3/0xe0 net/ipv6/ip6_output.c:1745
[<ffffffff8260eaa5>] icmpv6_push_pending_frames+0x335/0x530 net/ipv6/icmp.c:276
[<ffffffff82610293>] icmp6_send+0x15f3/0x1b70 net/ipv6/icmp.c:537
[<ffffffff82611c19>] icmpv6_param_prob+0x29/0x40 net/ipv6/icmp.c:551
[<ffffffff8262ceb5>] ip6_frag_queue net/ipv6/reassembly.c:228 [inline]
[<ffffffff8262ceb5>] ipv6_frag_rcv+0x3ba5/0x4f80 net/ipv6/reassembly.c:562
[<ffffffff825a0f1d>] ip6_input_finish+0x57d/0x1510 net/ipv6/ip6_input.c:248
[<ffffffff825a3cb6>] NF_HOOK_THRESH include/linux/netfilter.h:226 [inline]
[<ffffffff825a3cb6>] NF_HOOK include/linux/netfilter.h:249 [inline]
[<ffffffff825a3cb6>] ip6_input+0xf6/0x200 net/ipv6/ip6_input.c:280
[<ffffffff825a047e>] dst_input include/net/dst.h:504 [inline]
[<ffffffff825a047e>] ip6_rcv_finish+0x14e/0x670 net/ipv6/ip6_input.c:62
[<ffffffff82680a7b>] NF_HOOK_THRESH include/linux/netfilter.h:226 [inline]
[<ffffffff82680a7b>] ipv6_defrag+0x33b/0x5c0 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:78
[<ffffffff822e52f2>] nf_iterate+0x182/0x210 net/netfilter/core.c:274
[<ffffffff822e5536>] nf_hook_slow+0x1b6/0x340 net/netfilter/core.c:306
[<ffffffff825a3305>] nf_hook_thresh include/linux/netfilter.h:187 [inline]
[<ffffffff825a3305>] NF_HOOK_THRESH include/linux/netfilter.h:224 [inline]
[<ffffffff825a3305>] NF_HOOK include/linux/netfilter.h:249 [inline]
[<ffffffff825a3305>] ipv6_rcv+0x1455/0x1d10 net/ipv6/ip6_input.c:186
[<ffffffff8221c078>] __netif_receive_skb_core+0x12c8/0x2820 net/core/dev.c:4041
[<ffffffff8222472b>] __netif_receive_skb+0x5b/0x1c0 net/core/dev.c:4076
[<ffffffff8222baca>] process_backlog+0x20a/0x670 net/core/dev.c:4669
[<ffffffff8222aed7>] napi_poll net/core/dev.c:4907 [inline]
[<ffffffff8222aed7>] net_rx_action+0x367/0xd50 net/core/dev.c:4972
[<ffffffff827091dc>] __do_softirq+0x22c/0xa1a kernel/softirq.c:273
[<ffffffff827073dc>] do_softirq_own_stack+0x1c/0x30 arch/x86/entry/entry_64.S:929
[<ffffffff810e1a84>] do_softirq.part.2+0x54/0x60 kernel/softirq.c:317
[<ffffffff810e1bd9>] do_softirq+0x19/0x20 kernel/softirq.c:320
[<ffffffff8221a6dc>] netif_rx_ni+0xec/0x3a0 net/core/dev.c:3675
[<ffffffff81e0f53a>] tun_get_user+0xf3a/0x2690 drivers/net/tun.c:1264
[<ffffffff81e10ea5>] tun_chr_write_iter+0xd5/0x190 drivers/net/tun.c:1283
[<ffffffff81491c33>] do_iter_readv_writev+0x133/0x1d0 fs/read_write.c:664
[<ffffffff814937b7>] compat_do_readv_writev+0x337/0x6f0 fs/read_write.c:982
[<ffffffff81493f11>] compat_writev+0xe1/0x150 fs/read_write.c:1090
[<ffffffff81496228>] C_SYSC_writev fs/read_write.c:1110 [inline]
[<ffffffff81496228>] compat_SyS_writev+0xd8/0x1c0 fs/read_write.c:1099
[<ffffffff8100629e>] do_syscall_32_irqs_on arch/x86/entry/common.c:396 [inline]
[<ffffffff8100629e>] do_fast_syscall_32+0x31e/0xa80 arch/x86/entry/common.c:463
[<ffffffff82707a50>] sysenter_flags_fixed+0xd/0x1a
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&(&q->lock)->rlock);
lock(_xmit_NETROM);
lock(&(&q->lock)->rlock);
lock(_xmit_NETROM);
*** DEADLOCK ***
10 locks held by syz-executor2/21528:
#0: (rcu_read_lock){......}, at: [<ffffffff8222ba66>] __skb_unlink include/linux/skbuff.h:1643 [inline]
#0: (rcu_read_lock){......}, at: [<ffffffff8222ba66>] __skb_dequeue include/linux/skbuff.h:1659 [inline]
#0: (rcu_read_lock){......}, at: [<ffffffff8222ba66>] process_backlog+0x1a6/0x670 net/core/dev.c:4666
#1: (rcu_read_lock){......}, at: [<ffffffff822e5380>] nf_hook_slow+0x0/0x340 net/netfilter/core.c:267
#2: (rcu_read_lock){......}, at: [<ffffffff825a09a0>] ip6_input_finish+0x0/0x1510 include/linux/skbuff.h:2037
#3: (&(&q->lock)->rlock){+.-...}, at: [<ffffffff826298fb>] spin_lock include/linux/spinlock.h:302 [inline]
#3: (&(&q->lock)->rlock){+.-...}, at: [<ffffffff826298fb>] ipv6_frag_rcv+0x5eb/0x4f80 net/ipv6/reassembly.c:560
#4: (slock-AF_INET6){+.-...}, at: [<ffffffff8260f47b>] spin_trylock include/linux/spinlock.h:312 [inline]
#4: (slock-AF_INET6){+.-...}, at: [<ffffffff8260f47b>] icmpv6_xmit_lock net/ipv6/icmp.c:120 [inline]
#4: (slock-AF_INET6){+.-...}, at: [<ffffffff8260f47b>] icmp6_send+0x7db/0x1b70 net/ipv6/icmp.c:485
#5: (rcu_read_lock){......}, at: [<ffffffff8260fc02>] icmp6_send+0xf62/0x1b70 net/ipv6/icmp.c:517
#6: (rcu_read_lock_bh){......}, at: [<ffffffff8258c419>] ip6_finish_output2+0x1f9/0x1ca0 net/ipv6/ip6_output.c:71
#7: (rcu_read_lock){......}, at: [<ffffffff825f081d>] ip6_nd_hdr net/ipv6/ndisc.c:427 [inline]
#7: (rcu_read_lock){......}, at: [<ffffffff825f081d>] ndisc_send_skb+0x74d/0x10e0 net/ipv6/ndisc.c:465
#8: (rcu_read_lock_bh){......}, at: [<ffffffff8258c419>] ip6_finish_output2+0x1f9/0x1ca0 net/ipv6/ip6_output.c:71
#9: (rcu_read_lock_bh){......}, at: [<ffffffff82231bd7>] __dev_queue_xmit+0x1d7/0x1c30 net/core/dev.c:3161
stack backtrace:
CPU: 0 PID: 21528 Comm: syz-executor2 Not tainted 4.4.162+ #7
0000000000000000 40b5003a3b1deb90 ffff8801db606138 ffffffff81a994bd
ffffffff83acd330 ffffffff83adb8b0 ffffffff83acd330 ffff8801c20c2120
ffff8801c20c17c0 ffff8801db606180 ffffffff813a834a 0000000000000004
Call Trace:
<IRQ> [<ffffffff81a994bd>] __dump_stack lib/dump_stack.c:15 [inline]
<IRQ> [<ffffffff81a994bd>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
[<ffffffff813a834a>] print_circular_bug.cold.34+0x2f7/0x432 kernel/locking/lockdep.c:1226
[<ffffffff811ff0fc>] check_prev_add kernel/locking/lockdep.c:1853 [inline]
[<ffffffff811ff0fc>] check_prevs_add kernel/locking/lockdep.c:1958 [inline]
[<ffffffff811ff0fc>] validate_chain kernel/locking/lockdep.c:2144 [inline]
[<ffffffff811ff0fc>] __lock_acquire+0x3e6c/0x5f10 kernel/locking/lockdep.c:3213
[<ffffffff81202cde>] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592
[<ffffffff82705426>] __raw_spin_lock include/linux/spinlock_api_smp.h:144 [inline]
[<ffffffff82705426>] _raw_spin_lock+0x36/0x50 kernel/locking/spinlock.c:151
[<ffffffff8229e5a3>] spin_lock include/linux/spinlock.h:302 [inline]
[<ffffffff8229e5a3>] __netif_tx_lock include/linux/netdevice.h:3306 [inline]
[<ffffffff8229e5a3>] sch_direct_xmit+0x233/0x6c0 net/sched/sch_generic.c:163
[<ffffffff82232995>] __dev_xmit_skb net/core/dev.c:2979 [inline]
[<ffffffff82232995>] __dev_queue_xmit+0xf95/0x1c30 net/core/dev.c:3197
[<ffffffff82233647>] dev_queue_xmit+0x17/0x20 net/core/dev.c:3263
[<ffffffff82253b10>] neigh_resolve_output+0x600/0x780 net/core/neighbour.c:1329
[<ffffffff8258cdb4>] dst_neigh_output include/net/dst.h:461 [inline]
[<ffffffff8258cdb4>] ip6_finish_output2+0xb94/0x1ca0 net/ipv6/ip6_output.c:113
[<ffffffff8259d53e>] ip6_finish_output+0x2ee/0x750 net/ipv6/ip6_output.c:131
[<ffffffff8259db4f>] NF_HOOK_COND include/linux/netfilter.h:240 [inline]
[<ffffffff8259db4f>] ip6_output+0x1af/0x520 net/ipv6/ip6_output.c:145
[<ffffffff825f0a42>] dst_output include/net/dst.h:498 [inline]
[<ffffffff825f0a42>] NF_HOOK_THRESH include/linux/netfilter.h:226 [inline]
[<ffffffff825f0a42>] NF_HOOK include/linux/netfilter.h:249 [inline]
[<ffffffff825f0a42>] ndisc_send_skb+0x972/0x10e0 net/ipv6/ndisc.c:471
[<ffffffff825f412b>] ndisc_send_ns+0x4fb/0x6f0 net/ipv6/ndisc.c:595
[<ffffffff825f45c0>] ndisc_solicit+0x2a0/0x420 net/ipv6/ndisc.c:686
[<ffffffff8224778a>] neigh_probe+0xca/0x100 net/core/neighbour.c:871
[<ffffffff82252b80>] __neigh_event_send+0x2a0/0xc30 net/core/neighbour.c:1027
[<ffffffff82253b39>] neigh_event_send include/net/neighbour.h:431 [inline]
[<ffffffff82253b39>] neigh_resolve_output+0x629/0x780 net/core/neighbour.c:1313
[<ffffffff8258cdb4>] dst_neigh_output include/net/dst.h:461 [inline]
[<ffffffff8258cdb4>] ip6_finish_output2+0xb94/0x1ca0 net/ipv6/ip6_output.c:113
[<ffffffff8259d53e>] ip6_finish_output+0x2ee/0x750 net/ipv6/ip6_output.c:131
[<ffffffff8259db4f>] NF_HOOK_COND include/linux/netfilter.h:240 [inline]
[<ffffffff8259db4f>] ip6_output+0x1af/0x520 net/ipv6/ip6_output.c:145
[<ffffffff826ae55b>] dst_output include/net/dst.h:498 [inline]
[<ffffffff826ae55b>] ip6_local_out+0x9b/0x180 net/ipv6/output_core.c:169
[<ffffffff8259fbb1>] ip6_send_skb+0xa1/0x340 net/ipv6/ip6_output.c:1725
[<ffffffff8259ff03>] ip6_push_pending_frames+0xb3/0xe0 net/ipv6/ip6_output.c:1745
[<ffffffff8260eaa5>] icmpv6_push_pending_frames+0x335/0x530 net/ipv6/icmp.c:276
[<ffffffff82610293>] icmp6_send+0x15f3/0x1b70 net/ipv6/icmp.c:537
binder: 21564:21565 transaction failed 29189/-22, size 24-8 line 3014
binder: 21564:21566 transaction failed 29189/-22, size 24-8 line 3014
[<ffffffff82611c19>] icmpv6_param_prob+0x29/0x40 net/ipv6/icmp.c:551
[<ffffffff8262ceb5>] ip6_frag_queue net/ipv6/reassembly.c:228 [inline]
[<ffffffff8262ceb5>] ipv6_frag_rcv+0x3ba5/0x4f80 net/ipv6/reassembly.c:562
[<ffffffff825a0f1d>] ip6_input_finish+0x57d/0x1510 net/ipv6/ip6_input.c:248
[<ffffffff825a3cb6>] NF_HOOK_THRESH include/linux/netfilter.h:226 [inline]
[<ffffffff825a3cb6>] NF_HOOK include/linux/netfilter.h:249 [inline]
[<ffffffff825a3cb6>] ip6_input+0xf6/0x200 net/ipv6/ip6_input.c:280
[<ffffffff825a047e>] dst_input include/net/dst.h:504 [inline]
[<ffffffff825a047e>] ip6_rcv_finish+0x14e/0x670 net/ipv6/ip6_input.c:62
[<ffffffff82680a7b>] NF_HOOK_THRESH include/linux/netfilter.h:226 [inline]
[<ffffffff82680a7b>] ipv6_defrag+0x33b/0x5c0 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:78
[<ffffffff822e52f2>] nf_iterate+0x182/0x210 net/netfilter/core.c:274
[<ffffffff822e5536>] nf_hook_slow+0x1b6/0x340 net/netfilter/core.c:306
[<ffffffff825a3305>] nf_hook_thresh include/linux/netfilter.h:187 [inline]
[<ffffffff825a3305>] NF_HOOK_THRESH include/linux/netfilter.h:224 [inline]
[<ffffffff825a3305>] NF_HOOK include/linux/netfilter.h:249 [inline]
[<ffffffff825a3305>] ipv6_rcv+0x1455/0x1d10 net/ipv6/ip6_input.c:186
[<ffffffff8221c078>] __netif_receive_skb_core+0x12c8/0x2820 net/core/dev.c:4041
[<ffffffff8222472b>] __netif_receive_skb+0x5b/0x1c0 net/core/dev.c:4076
[<ffffffff8222baca>] process_backlog+0x20a/0x670 net/core/dev.c:4669
[<ffffffff8222aed7>] napi_poll net/core/dev.c:4907 [inline]
[<ffffffff8222aed7>] net_rx_action+0x367/0xd50 net/core/dev.c:4972
[<ffffffff827091dc>] __do_softirq+0x22c/0xa1a kernel/softirq.c:273
[<ffffffff827073dc>] do_softirq_own_stack+0x1c/0x30 arch/x86/entry/entry_64.S:929
<EOI> [<ffffffff810e1a84>] do_softirq.part.2+0x54/0x60 kernel/softirq.c:317
[<ffffffff810e1bd9>] do_softirq+0x19/0x20 kernel/softirq.c:320
[<ffffffff8221a6dc>] netif_rx_ni+0xec/0x3a0 net/core/dev.c:3675
[<ffffffff81e0f53a>] tun_get_user+0xf3a/0x2690 drivers/net/tun.c:1264
[<ffffffff81e10ea5>] tun_chr_write_iter+0xd5/0x190 drivers/net/tun.c:1283
[<ffffffff81491c33>] do_iter_readv_writev+0x133/0x1d0 fs/read_write.c:664
[<ffffffff814937b7>] compat_do_readv_writev+0x337/0x6f0 fs/read_write.c:982
[<ffffffff81493f11>] compat_writev+0xe1/0x150 fs/read_write.c:1090
[<ffffffff81496228>] C_SYSC_writev fs/read_write.c:1110 [inline]
[<ffffffff81496228>] compat_SyS_writev+0xd8/0x1c0 fs/read_write.c:1099
[<ffffffff8100629e>] do_syscall_32_irqs_on arch/x86/entry/common.c:396 [inline]
[<ffffffff8100629e>] do_fast_syscall_32+0x31e/0xa80 arch/x86/entry/common.c:463
[<ffffffff82707a50>] sysenter_flags_fixed+0xd/0x1a
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
input: syz1 as /devices/virtual/input/input85
audit: type=1400 audit(1540609750.074:522): avc: denied { create } for pid=21640 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0
input: syz1 as /devices/virtual/input/input86
audit: type=1400 audit(1540609750.264:523): avc: denied { create } for pid=21640 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0
audit: type=1400 audit(1540609750.764:524): avc: denied { create } for pid=21664 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0
audit: type=1400 audit(1540609750.824:525): avc: denied { create } for pid=21664 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0
netlink: 188 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 188 bytes leftover after parsing attributes in process `syz-executor4'.
audit: type=1400 audit(1540609752.894:526): avc: denied { create } for pid=21762 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=0
audit: type=1400 audit(1540609753.064:527): avc: denied { create } for pid=21762 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=0
audit: type=1400 audit(1540609753.454:528): avc: denied { create } for pid=21790 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0
audit: type=1400 audit(1540609753.514:529): avc: denied { create } for pid=21790 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0
audit: type=1400 audit(1540609753.594:530): avc: denied { create } for pid=21790 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0
audit: type=1400 audit(1540609753.624:531): avc: denied { create } for pid=21790 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0
audit: type=1400 audit(1540609754.284:532): avc: denied { create } for pid=21832 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket
audit: type=1400 audit(1540609754.414:533): avc: denied { create } for pid=21832 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket
audit: type=1400 audit(1540609755.004:534): avc: denied { set_context_mgr } for pid=21872 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=0
binder: 21872:21874 ioctl 40046207 0 returned -13
binder: 21872:21877 transaction failed 29189/-22, size 4608-8 line 3014
binder_alloc: binder_alloc_mmap_handler: 21872 20000000-20002000 already mapped failed -16
binder: 21872:21877 transaction failed 29189/-22, size 4608-8 line 3014
audit: type=1400 audit(1540609755.104:535): avc: denied { set_context_mgr } for pid=21872 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=0
binder: 21872:21874 ioctl 40046207 0 returned -13
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!