audit: type=1400 audit(1571565823.763:635): avc: denied { create } for pid=15637 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 ============================================= [ INFO: possible recursive locking detected ] 4.4.174+ #4 Not tainted --------------------------------------------- syz-executor.2/15664 is trying to acquire lock: (_xmit_TUNNEL6#2){+.-...}, at: [] spin_lock include/linux/spinlock.h:302 [inline] (_xmit_TUNNEL6#2){+.-...}, at: [] __netif_tx_lock include/linux/netdevice.h:3306 [inline] (_xmit_TUNNEL6#2){+.-...}, at: [] __dev_queue_xmit+0x1439/0x1bb0 net/core/dev.c:3225 but task is already holding lock: (_xmit_TUNNEL6#2){+.-...}, at: [] spin_lock include/linux/spinlock.h:302 [inline] (_xmit_TUNNEL6#2){+.-...}, at: [] __netif_tx_lock include/linux/netdevice.h:3306 [inline] (_xmit_TUNNEL6#2){+.-...}, at: [] __dev_queue_xmit+0x1439/0x1bb0 net/core/dev.c:3225 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(_xmit_TUNNEL6#2); lock(_xmit_TUNNEL6#2); *** DEADLOCK *** May be due to missing lock nesting notation 10 locks held by syz-executor.2/15664: #0: (sk_lock-AF_INET6){+.+.+.}, at: [] lock_sock include/net/sock.h:1497 [inline] #0: (sk_lock-AF_INET6){+.+.+.}, at: [] inet_stream_connect+0x44/0xa0 net/ipv4/af_inet.c:675 #1: (rcu_read_lock){......}, at: [] inet6_csk_xmit+0x108/0x4b0 net/ipv6/inet6_connection_sock.c:163 #2: (rcu_read_lock_bh){......}, at: [] ip6_finish_output2+0x1e1/0x1dc0 net/ipv6/ip6_output.c:71 #3: (rcu_read_lock_bh){......}, at: [] __dev_queue_xmit+0x1d7/0x1bb0 net/core/dev.c:3161 #4: (_xmit_TUNNEL6#2){+.-...}, at: [] spin_lock include/linux/spinlock.h:302 [inline] #4: (_xmit_TUNNEL6#2){+.-...}, at: [] __netif_tx_lock include/linux/netdevice.h:3306 [inline] #4: (_xmit_TUNNEL6#2){+.-...}, at: [] __dev_queue_xmit+0x1439/0x1bb0 net/core/dev.c:3225 #5: (rcu_read_lock){......}, at: [] icmpv6_send+0x0/0x1b0 net/ipv6/ip6_icmp.c:30 #6: (slock-AF_INET6){+.-...}, at: [] spin_trylock include/linux/spinlock.h:312 [inline] #6: (slock-AF_INET6){+.-...}, at: [] icmpv6_xmit_lock net/ipv6/icmp.c:120 [inline] #6: (slock-AF_INET6){+.-...}, at: [] icmp6_send+0x7bd/0x1b40 net/ipv6/icmp.c:485 #7: (rcu_read_lock){......}, at: [] icmp6_send+0xf44/0x1b40 net/ipv6/icmp.c:517 #8: (rcu_read_lock_bh){......}, at: [] ip6_finish_output2+0x1e1/0x1dc0 net/ipv6/ip6_output.c:71 #9: (rcu_read_lock_bh){......}, at: [] __dev_queue_xmit+0x1d7/0x1bb0 net/core/dev.c:3161 stack backtrace: CPU: 0 PID: 15664 Comm: syz-executor.2 Not tainted 4.4.174+ #4 0000000000000000 a817c075c500e259 ffff8801d40fe3d0 ffffffff81aad1a1 ffffffff84057a80 ffff8801d7c5c740 ffffffff83ad56d0 ffff8801d7c5d0a8 ffff8801d7c5d0c8 ffff8801d40fe558 ffffffff813ad6ff 0000000000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] print_deadlock_bug kernel/locking/lockdep.c:1752 [inline] [] check_deadlock kernel/locking/lockdep.c:1796 [inline] [] validate_chain kernel/locking/lockdep.c:2128 [inline] [] __lock_acquire.cold+0x118/0x592 kernel/locking/lockdep.c:3213 [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __raw_spin_lock include/linux/spinlock_api_smp.h:144 [inline] [] _raw_spin_lock+0x38/0x50 kernel/locking/spinlock.c:151 [] spin_lock include/linux/spinlock.h:302 [inline] [] __netif_tx_lock include/linux/netdevice.h:3306 [inline] [] __dev_queue_xmit+0x1439/0x1bb0 net/core/dev.c:3225 [] dev_queue_xmit+0x18/0x20 net/core/dev.c:3263 [] neigh_direct_output+0x16/0x20 net/core/neighbour.c:1369 [] dst_neigh_output include/net/dst.h:461 [inline] [] ip6_finish_output2+0x9c7/0x1dc0 net/ipv6/ip6_output.c:113 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=543 sclass=netlink_route_socket audit: type=1400 audit(1571565823.903:636): avc: denied { create } for pid=15680 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=543 sclass=netlink_route_socket [] ip6_finish_output+0x2f3/0x750 net/ipv6/ip6_output.c:131 [] NF_HOOK_COND include/linux/netfilter.h:240 [inline] [] ip6_output+0x1b4/0x520 net/ipv6/ip6_output.c:145 [] dst_output include/net/dst.h:498 [inline] [] ip6_local_out+0x9c/0x180 net/ipv6/output_core.c:169 [] ip6_send_skb+0xa2/0x340 net/ipv6/ip6_output.c:1725 [] ip6_push_pending_frames+0xbb/0xe0 net/ipv6/ip6_output.c:1745 [] icmpv6_push_pending_frames+0x336/0x530 net/ipv6/icmp.c:276 [] icmp6_send+0x1506/0x1b40 net/ipv6/icmp.c:537 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=543 sclass=netlink_route_socket [] icmpv6_send+0xb1/0x1b0 net/ipv6/ip6_icmp.c:42 [] ip6_link_failure+0x2d/0x3e0 net/ipv6/route.c:1313 [] dst_link_failure include/net/dst.h:481 [inline] [] ip6_tnl_xmit2+0x4da/0x2320 net/ipv6/ip6_tunnel.c:1089 [] ip6ip6_tnl_xmit net/ipv6/ip6_tunnel.c:1193 [inline] [] ip6_tnl_xmit+0x5d5/0xe00 net/ipv6/ip6_tunnel.c:1215 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=543 sclass=netlink_route_socket [] __netdev_start_xmit include/linux/netdevice.h:3750 [inline] [] netdev_start_xmit include/linux/netdevice.h:3759 [inline] [] xmit_one net/core/dev.c:2781 [inline] [] dev_hard_start_xmit+0x7c1/0x11e0 net/core/dev.c:2797 [] __dev_queue_xmit+0x164b/0x1bb0 net/core/dev.c:3229 [] dev_queue_xmit+0x18/0x20 net/core/dev.c:3263 [] neigh_direct_output+0x16/0x20 net/core/neighbour.c:1369 [] dst_neigh_output include/net/dst.h:461 [inline] [] ip6_finish_output2+0x9c7/0x1dc0 net/ipv6/ip6_output.c:113 [] ip6_finish_output+0x2f3/0x750 net/ipv6/ip6_output.c:131 [] NF_HOOK_COND include/linux/netfilter.h:240 [inline] [] ip6_output+0x1b4/0x520 net/ipv6/ip6_output.c:145 [] dst_output include/net/dst.h:498 [inline] [] NF_HOOK_THRESH include/linux/netfilter.h:226 [inline] [] NF_HOOK include/linux/netfilter.h:249 [inline] [] ip6_xmit+0xc76/0x1a60 net/ipv6/ip6_output.c:240 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=543 sclass=netlink_route_socket [] inet6_csk_xmit+0x24c/0x4b0 net/ipv6/inet6_connection_sock.c:176 [] __tcp_transmit_skb+0x1904/0x2cf0 net/ipv4/tcp_output.c:1034 [] tcp_transmit_skb net/ipv4/tcp_output.c:1047 [inline] [] tcp_connect+0x223d/0x31b0 net/ipv4/tcp_output.c:3295 [] tcp_v6_connect+0x1391/0x1b30 net/ipv6/tcp_ipv6.c:294 [] __inet_stream_connect+0x2cf/0xc70 net/ipv4/af_inet.c:615 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=543 sclass=netlink_route_socket [] inet_stream_connect+0x55/0xa0 net/ipv4/af_inet.c:676 [] SYSC_connect net/socket.c:1570 [inline] [] SyS_connect+0x1a5/0x2e0 net/socket.c:1551 [] entry_SYSCALL_64_fastpath+0x1e/0x9a SELinux: unrecognized netlink message: protocol=0 nlmsg_type=543 sclass=netlink_route_socket syz-executor.2 (15664) used greatest stack depth: 22672 bytes left binder: 15715:15719 transaction failed 29189/-22, size 0-0 line 3014 binder: undelivered TRANSACTION_ERROR: 29189 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=543 sclass=netlink_route_socket audit_printk_skb: 75 callbacks suppressed audit: type=1400 audit(1571565826.123:662): avc: denied { create } for pid=15707 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1571565826.163:663): avc: denied { create } for pid=15707 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=543 sclass=netlink_route_socket audit: type=1400 audit(1571565826.273:664): avc: denied { write } for pid=15707 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=543 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=543 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=543 sclass=netlink_route_socket