======================================================
WARNING: possible circular locking dependency detected
4.16.0-rc1+ #315 Not tainted
------------------------------------------------------
syz-executor2/5572 is trying to acquire lock:
(sk_lock-AF_INET6){+.+.}, at: [<00000000561b838f>] lock_sock include/net/sock.h:1463 [inline]
(sk_lock-AF_INET6){+.+.}, at: [<00000000561b838f>] do_ipv6_setsockopt.isra.8+0x3c5/0x39d0 net/ipv6/ipv6_sockglue.c:167
but task is already holding lock:
(rtnl_mutex){+.+.}, at: [<00000000fad5da93>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (rtnl_mutex){+.+.}:
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74
unregister_netdevice_notifier+0x91/0x4e0 net/core/dev.c:1673
tee_tg_destroy+0x61/0xc0 net/netfilter/xt_TEE.c:123
cleanup_entry+0x218/0x350 net/ipv4/netfilter/ip_tables.c:654
__do_replace+0x79d/0xa50 net/ipv4/netfilter/ip_tables.c:1089
do_replace net/ipv4/netfilter/ip_tables.c:1145 [inline]
do_ipt_set_ctl+0x40f/0x5f0 net/ipv4/netfilter/ip_tables.c:1675
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ip_setsockopt+0x97/0xa0 net/ipv4/ip_sockglue.c:1259
raw_setsockopt+0xb7/0xd0 net/ipv4/raw.c:870
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2975
SYSC_setsockopt net/socket.c:1849 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1828
do_syscall_64+0x280/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
-> #1 (&xt[i].mutex){+.+.}:
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
xt_find_table_lock+0x3e/0x3e0 net/netfilter/x_tables.c:1046
xt_request_find_table_lock+0x28/0xc0 net/netfilter/x_tables.c:1093
get_info+0x154/0x690 net/ipv6/netfilter/ip6_tables.c:989
do_ip6t_get_ctl+0x159/0xaf0 net/ipv6/netfilter/ip6_tables.c:1710
nf_sockopt net/netfilter/nf_sockopt.c:104 [inline]
nf_getsockopt+0x6a/0xc0 net/netfilter/nf_sockopt.c:122
ipv6_getsockopt+0x1df/0x2e0 net/ipv6/ipv6_sockglue.c:1371
tcp_getsockopt+0x82/0xd0 net/ipv4/tcp.c:3359
sock_common_getsockopt+0x95/0xd0 net/core/sock.c:2934
SYSC_getsockopt net/socket.c:1880 [inline]
SyS_getsockopt+0x178/0x340 net/socket.c:1862
do_syscall_64+0x280/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
-> #0 (sk_lock-AF_INET6){+.+.}:
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920
lock_sock_nested+0xc2/0x110 net/core/sock.c:2777
lock_sock include/net/sock.h:1463 [inline]
do_ipv6_setsockopt.isra.8+0x3c5/0x39d0 net/ipv6/ipv6_sockglue.c:167
ipv6_setsockopt+0xd7/0x130 net/ipv6/ipv6_sockglue.c:922
sctp_setsockopt+0x2b6/0x61d0 net/sctp/socket.c:4104
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2975
SYSC_setsockopt net/socket.c:1849 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1828
do_syscall_64+0x280/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
other info that might help us debug this:
Chain exists of:
sk_lock-AF_INET6 --> &xt[i].mutex --> rtnl_mutex
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(rtnl_mutex);
lock(&xt[i].mutex);
lock(rtnl_mutex);
lock(sk_lock-AF_INET6);
*** DEADLOCK ***
1 lock held by syz-executor2/5572:
#0: (rtnl_mutex){+.+.}, at: [<00000000fad5da93>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74
stack backtrace:
CPU: 0 PID: 5572 Comm: syz-executor2 Not tainted 4.16.0-rc1+ #315
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
print_circular_bug.isra.38+0x2cd/0x2dc kernel/locking/lockdep.c:1223
check_prev_add kernel/locking/lockdep.c:1863 [inline]
check_prevs_add kernel/locking/lockdep.c:1976 [inline]
validate_chain kernel/locking/lockdep.c:2417 [inline]
__lock_acquire+0x30a8/0x3e00 kernel/locking/lockdep.c:3431
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920
lock_sock_nested+0xc2/0x110 net/core/sock.c:2777
lock_sock include/net/sock.h:1463 [inline]
do_ipv6_setsockopt.isra.8+0x3c5/0x39d0 net/ipv6/ipv6_sockglue.c:167
ipv6_setsockopt+0xd7/0x130 net/ipv6/ipv6_sockglue.c:922
sctp_setsockopt+0x2b6/0x61d0 net/sctp/socket.c:4104
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2975
SYSC_setsockopt net/socket.c:1849 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1828
do_syscall_64+0x280/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x453a59
RSP: 002b:00007ff9b9b6ac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007ff9b9b6b6d4 RCX: 0000000000453a59
RDX: 000000000000002a RSI: 0000000000000029 RDI: 0000000000000013
RBP: 000000000071bea0 R08: 0000000000000088 R09: 0000000000000000
R10: 0000000020058000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000004fb R14: 00000000006f7828 R15: 0000000000000000
audit: type=1400 audit(1518805400.557:31): avc: denied { getrlimit } for pid=5591 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=process permissive=1
audit: type=1326 audit(1518805400.586:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5615 comm="syz-executor1" exe="/root/syz-executor1" sig=9 arch=c000003e syscall=202 compat=0 ip=0x453a59 code=0x0
audit: type=1400 audit(1518805400.601:33): avc: denied { create } for pid=5610 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
syz-executor1 uses obsolete (PF_INET,SOCK_PACKET)
mmap: syz-executor2 (5959) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt.
Cannot find set identified by id 5 to match
Cannot find set identified by id 5 to match
xt_connbytes: Forcing CT accounting to be enabled
QAT: Invalid ioctl
QAT: Invalid ioctl
ieee80211 phy2: Selected rate control algorithm 'minstrel_ht'
netlink: 'syz-executor0': attribute type 21 has an invalid length.
ieee80211 phy3: Selected rate control algorithm 'minstrel_ht'
netlink: 'syz-executor0': attribute type 21 has an invalid length.
ieee80211 phy4: Selected rate control algorithm 'minstrel_ht'
rpcbind: RPC call returned error 22
rpcbind: RPC call returned error 22
do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app
xt_addrtype: ipv6 does not support BROADCAST matching
xt_addrtype: ipv6 does not support BROADCAST matching
xt_connbytes: Forcing CT accounting to be enabled
BUG: sleeping function called from invalid context at mm/slab.h:420
in_atomic(): 1, irqs_disabled(): 0, pid: 6989, name: syz-executor6
INFO: lockdep is turned off.
CPU: 1 PID: 6989 Comm: syz-executor6 Not tainted 4.16.0-rc1+ #315
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
___might_sleep+0x2b2/0x470 kernel/sched/core.c:6133
__might_sleep+0x95/0x190 kernel/sched/core.c:6086
slab_pre_alloc_hook mm/slab.h:420 [inline]
slab_alloc mm/slab.c:3365 [inline]
kmem_cache_alloc+0x2a2/0x760 mm/slab.c:3539
rds_tcp_conn_alloc+0xa7/0x4e0 net/rds/tcp.c:296
__rds_conn_create+0x112f/0x1b50 net/rds/connection.c:227
rds_conn_create_outgoing+0x3f/0x50 net/rds/connection.c:309
rds_sendmsg+0xda3/0x2390 net/rds/send.c:1126
sock_sendmsg_nosec net/socket.c:630 [inline]
sock_sendmsg+0xca/0x110 net/socket.c:640
___sys_sendmsg+0x767/0x8b0 net/socket.c:2046
__sys_sendmsg+0xe5/0x210 net/socket.c:2080
SYSC_sendmsg net/socket.c:2091 [inline]
SyS_sendmsg+0x2d/0x50 net/socket.c:2087
do_syscall_64+0x280/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x453a59
RSP: 002b:00007f70f8cbcc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f70f8cbd6d4 RCX: 0000000000453a59
RDX: 0000000000000000 RSI: 00000000201c3000 RDI: 0000000000000013
RBP: 000000000071bea0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000004b5 R14: 00000000006f7198 R15: 0000000000000000
atomic_op 00000000aee6e8c8 conn xmit_atomic (null)
atomic_op 000000008d7be3dd conn xmit_atomic (null)
netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'.
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
CPU: 1 PID: 7291 Comm: syz-executor7 Tainted: G W 4.16.0-rc1+ #315
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc_node mm/slab.c:3286 [inline]
kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3629
__alloc_skb+0xf1/0x780 net/core/skbuff.c:193
alloc_skb include/linux/skbuff.h:983 [inline]
nlmsg_new include/net/netlink.h:511 [inline]
mr6_netlink_event+0xd1/0x190 net/ipv6/ip6mr.c:2450
ip6mr_mfc_add net/ipv6/ip6mr.c:1493 [inline]
ip6_mroute_setsockopt+0x24f4/0x35b0 net/ipv6/ip6mr.c:1743
do_ipv6_setsockopt.isra.8+0x2f0/0x39d0 net/ipv6/ipv6_sockglue.c:163
ipv6_setsockopt+0xd7/0x130 net/ipv6/ipv6_sockglue.c:922
rawv6_setsockopt+0x4a/0xf0 net/ipv6/raw.c:1060
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2975
SYSC_setsockopt net/socket.c:1849 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1828
do_syscall_64+0x280/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x453a59
RSP: 002b:00007fc45db31c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007fc45db326d4 RCX: 0000000000453a59
RDX: 00000000000000cc RSI: 0000000000000029 RDI: 0000000000000013
RBP: 000000000071bea0 R08: 000000000000005c R09: 0000000000000000
R10: 0000000020f07000 R11: 0000000000000246 R12: 0000000000000014
R13: 00000000000004fe R14: 00000000006f7870 R15: 0000000000000000
TCP: request_sock_TCP: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters.
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 7768 Comm: syz-executor3 Tainted: G W 4.16.0-rc1+ #315
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc_node mm/slab.c:3286 [inline]
kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3629
__alloc_skb+0xf1/0x780 net/core/skbuff.c:193
alloc_skb include/linux/skbuff.h:983 [inline]
alloc_skb_with_frags+0x10d/0x750 net/core/skbuff.c:5190
sock_alloc_send_pskb+0x787/0x9b0 net/core/sock.c:2085
sock_alloc_send_skb+0x32/0x40 net/core/sock.c:2102
__ip6_append_data.isra.44+0x1c38/0x3390 net/ipv6/ip6_output.c:1409
ip6_make_skb+0x386/0x5e0 net/ipv6/ip6_output.c:1757
udpv6_sendmsg+0x27fc/0x3400 net/ipv6/udp.c:1310
inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:764
sock_sendmsg_nosec net/socket.c:630 [inline]
sock_sendmsg+0xca/0x110 net/socket.c:640
SYSC_sendto+0x361/0x5c0 net/socket.c:1747
SyS_sendto+0x40/0x50 net/socket.c:1715
do_syscall_64+0x280/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x453a59
RSP: 002b:00007f1025bf5c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f1025bf66d4 RCX: 0000000000453a59
RDX: 0000000000000000 RSI: 0000000020b26000 RDI: 0000000000000013
RBP: 000000000071bea0 R08: 0000000020fabfe4 R09: 000000000000001c
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014
R13: 00000000000004ba R14: 00000000006f7210 R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 7809 Comm: syz-executor2 Tainted: G W 4.16.0-rc1+ #315
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc mm/slab.c:3365 [inline]
kmem_cache_alloc+0x47/0x760 mm/slab.c:3539
kmem_cache_zalloc include/linux/slab.h:691 [inline]
ebitmap_cpy+0xce/0x260 security/selinux/ss/ebitmap.c:60
mls_context_cpy security/selinux/ss/context.h:51 [inline]
mls_compute_sid+0x555/0x930 security/selinux/ss/mls.c:556
security_compute_sid+0x8df/0x18f0 security/selinux/ss/services.c:1725
security_transition_sid+0x75/0x90 security/selinux/ss/services.c:1764
socket_sockcreate_sid security/selinux/hooks.c:4335 [inline]
selinux_socket_create+0x3cf/0x740 security/selinux/hooks.c:4368
security_socket_create+0x83/0xc0 security/security.c:1338
__sock_create+0xf7/0x850 net/socket.c:1240
sock_create net/socket.c:1325 [inline]
SYSC_socket net/socket.c:1355 [inline]
SyS_socket+0xeb/0x1d0 net/socket.c:1335
do_syscall_64+0x280/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x453a59
RSP: 002b:00007ff9b9b6ac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
RAX: ffffffffffffffda RBX: 00007ff9b9b6b6d4 RCX: 0000000000453a59
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a
RBP: 000000000071bea0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000013
R13: 00000000000005cb R14: 00000000006f8ba8 R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 7832 Comm: syz-executor2 Tainted: G W 4.16.0-rc1+ #315
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc mm/slab.c:3365 [inline]
kmem_cache_alloc+0x47/0x760 mm/slab.c:3539
kmem_cache_zalloc include/linux/slab.h:691 [inline]
ebitmap_cpy+0xce/0x260 security/selinux/ss/ebitmap.c:60
mls_context_cpy security/selinux/ss/context.h:51 [inline]
mls_compute_sid+0x555/0x930 security/selinux/ss/mls.c:556
security_compute_sid+0x8df/0x18f0 security/selinux/ss/services.c:1725
security_transition_sid+0x75/0x90 security/selinux/ss/services.c:1764
socket_sockcreate_sid security/selinux/hooks.c:4335 [inline]
selinux_socket_create+0x3cf/0x740 security/selinux/hooks.c:4368
security_socket_create+0x83/0xc0 security/security.c:1338
__sock_create+0xf7/0x850 net/socket.c:1240
sock_create net/socket.c:1325 [inline]
SYSC_socket net/socket.c:1355 [inline]
SyS_socket+0xeb/0x1d0 net/socket.c:1335
do_syscall_64+0x280/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x453a59
RSP: 002b:00007ff9b9b6ac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
RAX: ffffffffffffffda RBX: 00007ff9b9b6b6d4 RCX: 0000000000453a59
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a
RBP: 000000000071bea0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000013
R13: 00000000000005cb R14: 00000000006f8ba8 R15: 0000000000000001