=============================================
[ INFO: possible recursive locking detected ]
4.4.174+ #4 Not tainted
---------------------------------------------
syz-executor.0/24599 is trying to acquire lock:
(_xmit_TUNNEL6#2){+.-...}, at: [<ffffffff822471b9>] spin_lock include/linux/spinlock.h:302 [inline]
(_xmit_TUNNEL6#2){+.-...}, at: [<ffffffff822471b9>] __netif_tx_lock include/linux/netdevice.h:3306 [inline]
(_xmit_TUNNEL6#2){+.-...}, at: [<ffffffff822471b9>] __dev_queue_xmit+0x1439/0x1bb0 net/core/dev.c:3225
but task is already holding lock:
(_xmit_TUNNEL6#2){+.-...}, at: [<ffffffff822471b9>] spin_lock include/linux/spinlock.h:302 [inline]
(_xmit_TUNNEL6#2){+.-...}, at: [<ffffffff822471b9>] __netif_tx_lock include/linux/netdevice.h:3306 [inline]
(_xmit_TUNNEL6#2){+.-...}, at: [<ffffffff822471b9>] __dev_queue_xmit+0x1439/0x1bb0 net/core/dev.c:3225
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(_xmit_TUNNEL6#2);
lock(_xmit_TUNNEL6#2);
*** DEADLOCK ***
May be due to missing lock nesting notation
10 locks held by syz-executor.0/24599:
#0: (sk_lock-AF_INET6){+.+.+.}, at: [<ffffffff824a8414>] lock_sock include/net/sock.h:1497 [inline]
#0: (sk_lock-AF_INET6){+.+.+.}, at: [<ffffffff824a8414>] inet_stream_connect+0x44/0xa0 net/ipv4/af_inet.c:675
#1: (rcu_read_lock){......}, at: [<ffffffff826660e8>] inet6_csk_xmit+0x108/0x4b0 net/ipv6/inet6_connection_sock.c:163
#2: (rcu_read_lock_bh){......}, at: [<ffffffff8259f091>] ip6_finish_output2+0x1e1/0x1dc0 net/ipv6/ip6_output.c:71
#3: (rcu_read_lock_bh){......}, at: [<ffffffff82245f57>] __dev_queue_xmit+0x1d7/0x1bb0 net/core/dev.c:3161
#4: (_xmit_TUNNEL6#2){+.-...}, at: [<ffffffff822471b9>] spin_lock include/linux/spinlock.h:302 [inline]
#4: (_xmit_TUNNEL6#2){+.-...}, at: [<ffffffff822471b9>] __netif_tx_lock include/linux/netdevice.h:3306 [inline]
#4: (_xmit_TUNNEL6#2){+.-...}, at: [<ffffffff822471b9>] __dev_queue_xmit+0x1439/0x1bb0 net/core/dev.c:3225
#5: (rcu_read_lock){......}, at: [<ffffffff826be400>] icmpv6_send+0x0/0x1b0 net/ipv6/ip6_icmp.c:30
#6: (slock-AF_INET6){+.-...}, at: [<ffffffff8262191d>] spin_trylock include/linux/spinlock.h:312 [inline]
#6: (slock-AF_INET6){+.-...}, at: [<ffffffff8262191d>] icmpv6_xmit_lock net/ipv6/icmp.c:120 [inline]
#6: (slock-AF_INET6){+.-...}, at: [<ffffffff8262191d>] icmp6_send+0x7bd/0x1b40 net/ipv6/icmp.c:485
#7: (rcu_read_lock){......}, at: [<ffffffff826220a4>] icmp6_send+0xf44/0x1b40 net/ipv6/icmp.c:517
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
#8: (rcu_read_lock_bh){......}, at: [<ffffffff8259f091>] ip6_finish_output2+0x1e1/0x1dc0 net/ipv6/ip6_output.c:71
#9: (rcu_read_lock_bh){......}, at: [<ffffffff82245f57>] __dev_queue_xmit+0x1d7/0x1bb0 net/core/dev.c:3161
stack backtrace:
CPU: 1 PID: 24599 Comm: syz-executor.0 Not tainted 4.4.174+ #4
0000000000000000 8ad85cf559446a3c ffff8800b654e3d0 ffffffff81aad1a1
ffffffff84057a80 ffff88018e28af80 ffffffff83ad5be0 ffff88018e28b8e8
ffff88018e28b908 ffff8800b654e558 ffffffff813ad6ff 0000000000000000
Call Trace:
[<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
[<ffffffff813ad6ff>] print_deadlock_bug kernel/locking/lockdep.c:1752 [inline]
[<ffffffff813ad6ff>] check_deadlock kernel/locking/lockdep.c:1796 [inline]
[<ffffffff813ad6ff>] validate_chain kernel/locking/lockdep.c:2128 [inline]
[<ffffffff813ad6ff>] __lock_acquire.cold+0x118/0x592 kernel/locking/lockdep.c:3213
[<ffffffff81205f6e>] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592
[<ffffffff82717c98>] __raw_spin_lock include/linux/spinlock_api_smp.h:144 [inline]
[<ffffffff82717c98>] _raw_spin_lock+0x38/0x50 kernel/locking/spinlock.c:151
[<ffffffff822471b9>] spin_lock include/linux/spinlock.h:302 [inline]
[<ffffffff822471b9>] __netif_tx_lock include/linux/netdevice.h:3306 [inline]
[<ffffffff822471b9>] __dev_queue_xmit+0x1439/0x1bb0 net/core/dev.c:3225
[<ffffffff82247948>] dev_queue_xmit+0x18/0x20 net/core/dev.c:3263
[<ffffffff8225c136>] neigh_direct_output+0x16/0x20 net/core/neighbour.c:1369
[<ffffffff8259f877>] dst_neigh_output include/net/dst.h:461 [inline]
[<ffffffff8259f877>] ip6_finish_output2+0x9c7/0x1dc0 net/ipv6/ip6_output.c:113
[<ffffffff825b0203>] ip6_finish_output+0x2f3/0x750 net/ipv6/ip6_output.c:131
[<ffffffff825b0814>] NF_HOOK_COND include/linux/netfilter.h:240 [inline]
[<ffffffff825b0814>] ip6_output+0x1b4/0x520 net/ipv6/ip6_output.c:145
[<ffffffff826bf66c>] dst_output include/net/dst.h:498 [inline]
[<ffffffff826bf66c>] ip6_local_out+0x9c/0x180 net/ipv6/output_core.c:169
[<ffffffff825b28c2>] ip6_send_skb+0xa2/0x340 net/ipv6/ip6_output.c:1725
[<ffffffff825b2c1b>] ip6_push_pending_frames+0xbb/0xe0 net/ipv6/ip6_output.c:1745
[<ffffffff82620f66>] icmpv6_push_pending_frames+0x336/0x530 net/ipv6/icmp.c:276
[<ffffffff82622666>] icmp6_send+0x1506/0x1b40 net/ipv6/icmp.c:537
[<ffffffff826be4b1>] icmpv6_send+0xb1/0x1b0 net/ipv6/ip6_icmp.c:42
[<ffffffff825ec65d>] ip6_link_failure+0x2d/0x3e0 net/ipv6/route.c:1313
[<ffffffff826b164a>] dst_link_failure include/net/dst.h:481 [inline]
[<ffffffff826b164a>] ip6_tnl_xmit2+0x4da/0x2320 net/ipv6/ip6_tunnel.c:1089
[<ffffffff826b4a25>] ip6ip6_tnl_xmit net/ipv6/ip6_tunnel.c:1193 [inline]
[<ffffffff826b4a25>] ip6_tnl_xmit+0x5d5/0xe00 net/ipv6/ip6_tunnel.c:1215
[<ffffffff82245071>] __netdev_start_xmit include/linux/netdevice.h:3750 [inline]
[<ffffffff82245071>] netdev_start_xmit include/linux/netdevice.h:3759 [inline]
[<ffffffff82245071>] xmit_one net/core/dev.c:2781 [inline]
[<ffffffff82245071>] dev_hard_start_xmit+0x7c1/0x11e0 net/core/dev.c:2797
[<ffffffff822473cb>] __dev_queue_xmit+0x164b/0x1bb0 net/core/dev.c:3229
[<ffffffff82247948>] dev_queue_xmit+0x18/0x20 net/core/dev.c:3263
[<ffffffff8225c136>] neigh_direct_output+0x16/0x20 net/core/neighbour.c:1369
[<ffffffff8259f877>] dst_neigh_output include/net/dst.h:461 [inline]
[<ffffffff8259f877>] ip6_finish_output2+0x9c7/0x1dc0 net/ipv6/ip6_output.c:113
[<ffffffff825b0203>] ip6_finish_output+0x2f3/0x750 net/ipv6/ip6_output.c:131
[<ffffffff825b0814>] NF_HOOK_COND include/linux/netfilter.h:240 [inline]
[<ffffffff825b0814>] ip6_output+0x1b4/0x520 net/ipv6/ip6_output.c:145
[<ffffffff825a8df6>] dst_output include/net/dst.h:498 [inline]
[<ffffffff825a8df6>] NF_HOOK_THRESH include/linux/netfilter.h:226 [inline]
[<ffffffff825a8df6>] NF_HOOK include/linux/netfilter.h:249 [inline]
[<ffffffff825a8df6>] ip6_xmit+0xc76/0x1a60 net/ipv6/ip6_output.c:240
audit: type=1400 audit(1575443586.719:1264): avc: denied { create } for pid=24640 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0
audit: type=1400 audit(1575443586.719:1265): avc: denied { create } for pid=24640 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0
[<ffffffff8266622c>] inet6_csk_xmit+0x24c/0x4b0 net/ipv6/inet6_connection_sock.c:176
[<ffffffff82431dd4>] __tcp_transmit_skb+0x1904/0x2cf0 net/ipv4/tcp_output.c:1034
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[<ffffffff8243a4ed>] tcp_transmit_skb net/ipv4/tcp_output.c:1047 [inline]
[<ffffffff8243a4ed>] tcp_connect+0x223d/0x31b0 net/ipv4/tcp_output.c:3295
[<ffffffff82646631>] tcp_v6_connect+0x1391/0x1b30 net/ipv6/tcp_ipv6.c:294
[<ffffffff824a7a2f>] __inet_stream_connect+0x2cf/0xc70 net/ipv4/af_inet.c:615
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[<ffffffff824a8425>] inet_stream_connect+0x55/0xa0 net/ipv4/af_inet.c:676
[<ffffffff821dbd05>] SYSC_connect net/socket.c:1570 [inline]
[<ffffffff821dbd05>] SyS_connect+0x1a5/0x2e0 net/socket.c:1551
[<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
audit_printk_skb: 3 callbacks suppressed
audit: type=1400 audit(1575443589.079:1267): avc: denied { create } for pid=24695 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
nla_parse: 13 callbacks suppressed
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.