Warning: Permanently added '10.128.15.197' (ECDSA) to the list of known hosts. syzkaller login: [ 26.931386] audit: type=1400 audit(1574924253.572:5): avc: denied { create } for pid=2075 comm="syz-executor653" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 26.956499] audit: type=1400 audit(1574924253.602:6): avc: denied { write } for pid=2075 comm="syz-executor653" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 26.987255] audit: type=1400 audit(1574924253.632:7): avc: denied { read } for pid=2075 comm="syz-executor653" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 27.102028] [ 27.103886] ====================================================== [ 27.110223] [ INFO: possible circular locking dependency detected ] [ 27.116615] 4.4.174+ #17 Not tainted [ 27.120327] ------------------------------------------------------- [ 27.126713] syz-executor653/2079 is trying to acquire lock: [ 27.132421] (_xmit_NETROM){+.-...}, at: [] sch_direct_xmit+0x238/0x700 [ 27.141284] [ 27.141284] but task is already holding lock: [ 27.149086] (&(&q->lock)->rlock){+.-...}, at: [] ipv6_frag_rcv+0x6cc/0x51e0 [ 27.158383] [ 27.158383] which lock already depends on the new lock. [ 27.158383] [ 27.166937] [ 27.166937] the existing dependency chain (in reverse order) is: [ 27.174784] -> #1 (&(&q->lock)->rlock){+.-...}: [ 27.180129] [] lock_acquire+0x15e/0x450 [ 27.186437] [] _raw_spin_lock_irqsave+0x50/0x70 [ 27.193425] [] depot_save_stack+0x20c/0x5f0 [ 27.200383] [] kasan_kmalloc.part.0+0xc6/0xf0 [ 27.207179] [] kasan_kmalloc+0xb7/0xd0 [ 27.213435] [] kasan_slab_alloc+0xf/0x20 [ 27.219841] [] kmem_cache_alloc+0xdc/0x2c0 [ 27.226357] [] inet_getpeer+0x1525/0x1ce0 [ 27.232796] [] ip4_frag_init+0x2a2/0x310 [ 27.239138] [] inet_frag_create+0x1ac/0x14e0 [ 27.245833] [] inet_frag_find+0x64d/0x880 [ 27.252268] [] ip_defrag+0x2fb/0x3b70 [ 27.258360] [] ip_check_defrag+0x3d6/0x5b0 [ 27.264883] [] packet_rcv_fanout+0x51e/0x5f0 [ 27.271575] [] dev_hard_start_xmit+0x654/0x11e0 [ 27.278534] [] sch_direct_xmit+0x2b6/0x700 [ 27.285086] [] __dev_queue_xmit+0xd24/0x1bb0 [ 27.291783] [] dev_queue_xmit+0x18/0x20 [ 27.299359] [] neigh_resolve_output+0x4a0/0x7a0 [ 27.306326] [] ip_finish_output2+0x6a2/0x1280 [ 27.313194] [] ip_do_fragment+0x187c/0x1f70 [ 27.319808] [] ip_fragment.constprop.0+0x14b/0x200 [ 27.327020] [] ip_finish_output+0x3b9/0xc60 [ 27.333652] [] ip_mc_output+0x251/0xae0 [ 27.339915] [] ip_local_out+0x9c/0x180 [ 27.346128] [] ip_send_skb+0x3e/0xc0 [ 27.352256] [] udp_send_skb+0x4fd/0xc70 [ 27.358536] [] udp_push_pending_frames+0x4e/0xe0 [ 27.365565] [] udp_sendpage+0x2ae/0x410 [ 27.371842] [] inet_sendpage+0x223/0x520 [ 27.378280] [] kernel_sendpage+0x95/0xf0 [ 27.384711] [] sock_sendpage+0x8b/0xc0 [ 27.391087] [] pipe_to_sendpage+0x28d/0x3d0 [ 27.397705] [] __splice_from_pipe+0x37e/0x7a0 [ 27.404489] [] splice_from_pipe+0x108/0x170 [ 27.411204] [] generic_splice_sendpage+0x3c/0x50 [ 27.418241] [] SyS_splice+0xd71/0x13a0 [ 27.424397] [] do_fast_syscall_32+0x32d/0xa90 [ 27.431162] [] sysenter_flags_fixed+0xd/0x1a [ 27.437860] -> #0 (_xmit_NETROM){+.-...}: [ 27.442670] [] __lock_acquire+0x37d6/0x4f50 [ 27.449266] [] lock_acquire+0x15e/0x450 [ 27.455534] [] _raw_spin_lock+0x38/0x50 [ 27.461804] [] sch_direct_xmit+0x238/0x700 [ 27.468310] [] __dev_queue_xmit+0xd24/0x1bb0 [ 27.475022] [] dev_queue_xmit+0x18/0x20 [ 27.481386] [] neigh_resolve_output+0x4a0/0x7a0 [ 27.488366] [] ip6_finish_output2+0x9c7/0x1dc0 [ 27.495603] [] ip6_finish_output+0x2f3/0x750 [ 27.502605] [] ip6_output+0x1b4/0x520 [ 27.508935] [] ndisc_send_skb+0x98d/0x1110 [ 27.515447] [] ndisc_send_ns+0x4bf/0x6b0 [ 27.522014] [] ndisc_solicit+0x2b2/0x440 [ 27.528373] [] neigh_probe+0xc8/0x100 [ 27.534451] [] __neigh_event_send+0x2ab/0xc50 [ 27.541217] [] neigh_resolve_output+0x5ec/0x7a0 [ 27.548184] [] ip6_finish_output2+0x9c7/0x1dc0 [ 27.555051] [] ip6_finish_output+0x2f3/0x750 [ 27.561752] [] ip6_output+0x1b4/0x520 [ 27.567904] [] ip6_local_out+0x9c/0x180 [ 27.574214] [] ip6_send_skb+0xa2/0x340 [ 27.580421] [] ip6_push_pending_frames+0xbb/0xe0 [ 27.587500] [] icmpv6_push_pending_frames+0x336/0x530 [ 27.595108] [] icmp6_send+0x1506/0x1b40 [ 27.601378] [] icmpv6_param_prob+0x29/0x40 [ 27.607903] [] ipv6_frag_rcv+0x3ce5/0x51e0 [ 27.614437] [] ip6_input_finish+0x57d/0x14f0 [ 27.621172] [] ip6_input+0xf8/0x1f0 [ 27.627085] [] ip6_rcv_finish+0x14d/0x670 [ 27.633544] [] ipv6_rcv+0xfc1/0x1a20 [ 27.639547] [] __netif_receive_skb_core+0x1300/0x2950 [ 27.647028] [] __netif_receive_skb+0x58/0x1c0 [ 27.653810] [] process_backlog+0x200/0x630 [ 27.660347] [] net_rx_action+0x367/0xd30 [ 27.666677] [] __do_softirq+0x226/0xa3f [ 27.672944] [] do_softirq_own_stack+0x1c/0x30 [ 27.679733] [] do_softirq.part.0+0x54/0x60 [ 27.686266] [] do_softirq+0x18/0x20 [ 27.692183] [] netif_rx_ni+0xeb/0x3b0 [ 27.698299] [] tun_get_user+0xdbf/0x2640 [ 27.704651] [] tun_chr_write_iter+0xda/0x190 [ 27.711345] [] do_iter_readv_writev+0x141/0x1e0 [ 27.718305] [] compat_do_readv_writev+0x389/0x6e0 [ 27.725423] [] compat_writev+0xe1/0x150 [ 27.731694] [] compat_SyS_writev+0xdb/0x1c0 [ 27.738459] [] do_fast_syscall_32+0x32d/0xa90 [ 27.745258] [] sysenter_flags_fixed+0xd/0x1a [ 27.751956] [ 27.751956] other info that might help us debug this: [ 27.751956] [ 27.760175] Possible unsafe locking scenario: [ 27.760175] [ 27.766257] CPU0 CPU1 [ 27.771160] ---- ---- [ 27.775824] lock(&(&q->lock)->rlock); [ 27.780024] lock(_xmit_NETROM); [ 27.786350] lock(&(&q->lock)->rlock); [ 27.793158] lock(_xmit_NETROM); [ 27.796856] [ 27.796856] *** DEADLOCK *** [ 27.796856] [ 27.802959] 9 locks held by syz-executor653/2079: [ 27.807783] #0: (rcu_read_lock){......}, at: [] process_backlog+0x19c/0x630 [ 27.817231] #1: (rcu_read_lock){......}, at: [] ip6_input_finish+0x0/0x14f0 [ 27.826740] #2: (&(&q->lock)->rlock){+.-...}, at: [] ipv6_frag_rcv+0x6cc/0x51e0 [ 27.836754] #3: (slock-AF_INET6){+.....}, at: [] icmp6_send+0x7bd/0x1b40 [ 27.845968] #4: (rcu_read_lock){......}, at: [] icmp6_send+0xf44/0x1b40 [ 27.855241] #5: (rcu_read_lock_bh){......}, at: [] ip6_finish_output2+0x1e1/0x1dc0 [ 27.865344] #6: (rcu_read_lock){......}, at: [] ndisc_send_skb+0x779/0x1110 [ 27.875012] #7: (rcu_read_lock_bh){......}, at: [] ip6_finish_output2+0x1e1/0x1dc0 [ 27.885157] #8: (rcu_read_lock_bh){......}, at: [] __dev_queue_xmit+0x1d7/0x1bb0 [ 27.895030] [ 27.895030] stack backtrace: [ 27.899545] CPU: 0 PID: 2079 Comm: syz-executor653 Not tainted 4.4.174+ #17 [ 27.906633] 0000000000000000 f0202ce1eba31d26 ffff8801db6064e0 ffffffff81aad1a1 [ 27.914705] ffffffff84057a80 ffff8800b6fdaf80 ffffffff83ad3870 ffffffff83ad40e0 [ 27.922738] ffffffff83ad3870 ffff8801db606530 ffffffff813abcda ffff8801db606610 [ 27.930821] Call Trace: [ 27.933413] [] dump_stack+0xc1/0x120 [ 27.939511] [] print_circular_bug.cold+0x2f7/0x44e [ 27.946084] [] __lock_acquire+0x37d6/0x4f50 [ 27.952166] [] ? check_usage+0x14e/0x5a0 [ 27.957908] [] ? trace_hardirqs_on+0x10/0x10 [ 27.964067] [] ? __lock_acquire+0x2c79/0x4f50 [ 27.970212] [] ? __dev_get_by_index+0x130/0x130 [ 27.976532] [] ? __skb_gso_segment+0x4c0/0x4c0 [ 27.982872] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 27.989606] [] lock_acquire+0x15e/0x450 [ 27.995221] [] ? sch_direct_xmit+0x238/0x700 [ 28.001278] [] _raw_spin_lock+0x38/0x50 [ 28.006958] [] ? sch_direct_xmit+0x238/0x700 [ 28.013033] [] sch_direct_xmit+0x238/0x700 [ 28.018920] [] ? dev_deactivate_queue.constprop.0+0x160/0x160 [ 28.026458] [] __dev_queue_xmit+0xd24/0x1bb0 [ 28.032510] [] ? __dev_queue_xmit+0x1d7/0x1bb0 [ 28.038721] [] ? trace_hardirqs_on+0x10/0x10 [ 28.044768] [] ? netdev_pick_tx+0x2f0/0x2f0 [ 28.050740] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 28.057487] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 28.064238] [] ? memcpy+0x46/0x50 [ 28.069341] [] dev_queue_xmit+0x18/0x20 [ 28.074946] [] neigh_resolve_output+0x4a0/0x7a0 [ 28.081259] [] ? ip6_finish_output2+0x9c7/0x1dc0 [ 28.087658] [] ip6_finish_output2+0x9c7/0x1dc0 [ 28.093866] [] ? ip6_finish_output2+0x1e1/0x1dc0 [ 28.100317] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 28.107423] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 28.114174] [] ? ip6_forward_finish+0x4a0/0x4a0 [ 28.120501] [] ? check_preemption_disabled+0x3c/0x200 [ 28.127319] [] ? check_preemption_disabled+0x3c/0x200 [ 28.134260] [] ? ip6_mtu+0x21f/0x340 [ 28.139609] [] ip6_finish_output+0x2f3/0x750 [ 28.145669] [] ip6_output+0x1b4/0x520 [ 28.151106] [] ? ip6_finish_output+0x750/0x750 [ 28.157321] [] ? nf_iterate+0x220/0x220 [ 28.162929] [] ? ip6_fragment+0x3210/0x3210 [ 28.168902] [] ndisc_send_skb+0x98d/0x1110 [ 28.174775] [] ? ndisc_send_skb+0x779/0x1110 [ 28.180968] [] ? ndisc_alloc_skb+0x330/0x330 [ 28.187091] [] ? compat_ipv6_setsockopt+0x1d0/0x1d0 [ 28.193754] [] ? memcpy+0x46/0x50 [ 28.198865] [] ? ndisc_fill_addr_option+0x19b/0x1f0 [ 28.205535] [] ndisc_send_ns+0x4bf/0x6b0 [ 28.211231] [] ? trace_hardirqs_on+0xd/0x10 [ 28.217182] [] ? ndisc_netdev_event+0x360/0x360 [ 28.223533] [] ? ipv6_chk_addr_and_flags+0x3a6/0x530 [ 28.230268] [] ? ipv6_chk_addr_and_flags+0x69/0x530 [ 28.236932] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 28.243844] [] ndisc_solicit+0x2b2/0x440 [ 28.249534] [] ? ndisc_send_ns+0x6b0/0x6b0 [ 28.255528] [] ? ndisc_send_ns+0x6b0/0x6b0 [ 28.261591] [] neigh_probe+0xc8/0x100 [ 28.267284] [] __neigh_event_send+0x2ab/0xc50 [ 28.273462] [] ? __local_bh_enable_ip+0x6a/0xe0 [ 28.279804] [] ? _raw_write_unlock_bh+0x31/0x40 [ 28.286119] [] neigh_resolve_output+0x5ec/0x7a0 [ 28.292438] [] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 28.299703] [] ip6_finish_output2+0x9c7/0x1dc0 [ 28.305971] [] ? ip6_finish_output2+0x1e1/0x1dc0 [ 28.312362] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 28.319205] [] ? ip6_forward_finish+0x4a0/0x4a0 [ 28.325514] [] ? check_preemption_disabled+0x3c/0x200 [ 28.332351] [] ? check_preemption_disabled+0x3c/0x200 [ 28.339191] [] ? ip6_mtu+0x21f/0x340 [ 28.344540] [] ip6_finish_output+0x2f3/0x750 [ 28.350592] [] ip6_output+0x1b4/0x520 [ 28.356075] [] ? ip6_finish_output+0x750/0x750 [ 28.362353] [] ? ip6_fragment+0x3210/0x3210 [ 28.368330] [] ip6_local_out+0x9c/0x180 [ 28.373938] [] ip6_send_skb+0xa2/0x340 [ 28.379475] [] ip6_push_pending_frames+0xbb/0xe0 [ 28.385934] [] icmpv6_push_pending_frames+0x336/0x530 [ 28.392761] [] icmp6_send+0x1506/0x1b40 [ 28.398379] [] ? icmpv6_push_pending_frames+0x530/0x530 [ 28.405389] [] ? cpuacct_charge+0x32f/0x360 [ 28.411353] [] ? perf_trace_softirq+0x28a/0x3b0 [ 28.417669] [] ? ipv6_frag_rcv+0x6cc/0x51e0 [ 28.423619] [] icmpv6_param_prob+0x29/0x40 [ 28.429481] [] ipv6_frag_rcv+0x3ce5/0x51e0 [ 28.435345] [] ? ipv6_frags_init_net+0x3e0/0x3e0 [ 28.441731] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 28.448464] [] ip6_input_finish+0x57d/0x14f0 [ 28.454502] [] ? ip6_rcv_finish+0x670/0x670 [ 28.460474] [] ip6_input+0xf8/0x1f0 [ 28.465740] [] ? ipv6_rcv+0x1a20/0x1a20 [ 28.471341] [] ? ip6_rcv_finish+0x670/0x670 [ 28.477306] [] ip6_rcv_finish+0x14d/0x670 [ 28.483098] [] ipv6_rcv+0xfc1/0x1a20 [ 28.488439] [] ? ipv6_rcv+0xfc/0x1a20 [ 28.493966] [] ? ip6_input_finish+0x14f0/0x14f0 [ 28.500261] [] ? ip6_make_skb+0x3f0/0x3f0 [ 28.506127] [] ? packet_rcv_fanout+0x173/0x5f0 [ 28.512351] [] ? ip6_input_finish+0x14f0/0x14f0 [ 28.518652] [] __netif_receive_skb_core+0x1300/0x2950 [ 28.525488] [] ? dev_loopback_xmit+0x430/0x430 [ 28.531699] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 28.538430] [] ? check_preemption_disabled+0x3c/0x200 [ 28.545249] [] __netif_receive_skb+0x58/0x1c0 [ 28.551382] [] process_backlog+0x200/0x630 [ 28.557261] [] ? process_backlog+0x19c/0x630 [ 28.563328] [] ? net_rx_action+0x1fb/0xd30 [ 28.569215] [] net_rx_action+0x367/0xd30 [ 28.574913] [] ? rcu_read_lock_sched_held+0x10b/0x130 [ 28.581898] [] ? net_rps_action_and_irq_enable.isra.0+0x170/0x170 [ 28.589771] [] __do_softirq+0x226/0xa3f [ 28.595407] [] do_softirq_own_stack+0x1c/0x30 [ 28.601541] [] do_softirq.part.0+0x54/0x60 [ 28.608160] [] do_softirq+0x18/0x20 [ 28.613419] [] netif_rx_ni+0xeb/0x3b0 [ 28.618866] [] tun_get_user+0xdbf/0x2640 [ 28.624557] [] ? tun_free_netdev+0xb0/0xb0 [ 28.630422] [] ? futex_wait+0x47d/0x600 [ 28.636033] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 28.642764] [] ? __tun_get+0x126/0x230 [ 28.648283] [] tun_chr_write_iter+0xda/0x190 [ 28.654324] [] do_iter_readv_writev+0x141/0x1e0 [ 28.660623] [] ? tun_sendmsg+0x140/0x140 [ 28.666314] [] ? vfs_iter_read+0x280/0x280 [ 28.672217] [] ? rw_verify_area+0x103/0x2f0 [ 28.678183] [] ? tun_sendmsg+0x140/0x140 [ 28.683969] [] compat_do_readv_writev+0x389/0x6e0 [ 28.690446] [] ? vfs_writev+0xb0/0xb0 [ 28.695879] [] ? check_preemption_disabled+0x3c/0x200 [ 28.702720] [] ? __fget+0x13b/0x370 [ 28.707976] [] ? __fget+0x162/0x370 [ 28.713498] [] ? __fget+0x47/0x370 [ 28.718692] [] compat_writev+0xe1/0x150 [ 28.724360] [] compat_SyS_writev+0xdb/0x1c0 [ 28.730478] [] ? compat_SyS_preadv+0x50/0x50 [ 28.736529] [] ? do_fast_syscall_32+0xd6/0xa90 [ 28.742781] [] ? compat_SyS_preadv+0x50/0x50 [ 28.748837] [] do_fast_syscall_32+0x32d/0xa90 [ 28.754966] [] sysenter_flags_fixed+0xd/0x1a