netlink: 36 bytes leftover after parsing attributes in process `syz-executor4'.
======================================================
[ INFO: possible circular locking dependency detected ]
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=4835 sclass=netlink_xfrm_socket
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=4835 sclass=netlink_xfrm_socket
4.4.162+ #117 Not tainted
-------------------------------------------------------
syz-executor1/4461 is trying to acquire lock:
(rtnl_mutex){+.+.+.}, at: [ 105.632436] audit: type=1400 audit(1540541235.673:13): avc: denied { setattr } for pid=4429 comm="syz-executor2" name="control" dev="tmpfs" ino=12901 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tpm_device_t:s0 tclass=dir permissive=1
[<ffffffff8225a727>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
but task is already holding lock:
(sk_lock-AF_INET6){+.+.+.}, at: [<ffffffff825eab82>] lock_sock include/net/sock.h:1493 [inline]
(sk_lock-AF_INET6){+.+.+.}, at: [<ffffffff825eab82>] do_ipv6_setsockopt.isra.4+0x252/0x2d50 net/ipv6/ipv6_sockglue.c:166
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
[<ffffffff81202cde>] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592
[<ffffffff821d0406>] lock_sock_nested+0xc6/0x120 net/core/sock.c:2459
[<ffffffff825eab02>] lock_sock include/net/sock.h:1493 [inline]
[<ffffffff825eab02>] do_ipv6_setsockopt.isra.4+0x1d2/0x2d50 net/ipv6/ipv6_sockglue.c:166
[<ffffffff825ed717>] ipv6_setsockopt+0x97/0x130 net/ipv6/ipv6_sockglue.c:904
[<ffffffff823e4e68>] tcp_setsockopt+0x88/0xe0 net/ipv4/tcp.c:2643
[<ffffffff821ca60a>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2659
[<ffffffff821c8046>] SYSC_setsockopt net/socket.c:1780 [inline]
[<ffffffff821c8046>] SyS_setsockopt+0x166/0x260 net/socket.c:1759
[<ffffffff827062e1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
[<ffffffff811ff0fc>] check_prev_add kernel/locking/lockdep.c:1853 [inline]
[<ffffffff811ff0fc>] check_prevs_add kernel/locking/lockdep.c:1958 [inline]
[<ffffffff811ff0fc>] validate_chain kernel/locking/lockdep.c:2144 [inline]
[<ffffffff811ff0fc>] __lock_acquire+0x3e6c/0x5f10 kernel/locking/lockdep.c:3213
[<ffffffff81202cde>] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592
[<ffffffff826fad9b>] __mutex_lock_common kernel/locking/mutex.c:521 [inline]
[<ffffffff826fad9b>] mutex_lock_nested+0xbb/0x8d0 kernel/locking/mutex.c:621
[<ffffffff8225a727>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
[<ffffffff82624cce>] ipv6_sock_mc_close+0x10e/0x350 net/ipv6/mcast.c:288
[<ffffffff825eb637>] do_ipv6_setsockopt.isra.4+0xd07/0x2d50 net/ipv6/ipv6_sockglue.c:202
[<ffffffff825ed717>] ipv6_setsockopt+0x97/0x130 net/ipv6/ipv6_sockglue.c:904
[<ffffffff8260258a>] udpv6_setsockopt+0x4a/0x90 net/ipv6/udp.c:1436
[<ffffffff821ca60a>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2659
[<ffffffff821c8046>] SYSC_setsockopt net/socket.c:1780 [inline]
[<ffffffff821c8046>] SyS_setsockopt+0x166/0x260 net/socket.c:1759
[<ffffffff827062e1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(sk_lock-AF_INET6);
lock(rtnl_mutex);
lock(sk_lock-AF_INET6);
lock(rtnl_mutex);
*** DEADLOCK ***
1 lock held by syz-executor1/4461:
#0: (sk_lock-AF_INET6){+.+.+.}, at: [<ffffffff825eab82>] lock_sock include/net/sock.h:1493 [inline]
#0: (sk_lock-AF_INET6){+.+.+.}, at: [<ffffffff825eab82>] do_ipv6_setsockopt.isra.4+0x252/0x2d50 net/ipv6/ipv6_sockglue.c:166
stack backtrace:
CPU: 0 PID: 4461 Comm: syz-executor1 Not tainted 4.4.162+ #117
0000000000000000 5911eec383ab8f0d ffff8800a699f5a8 ffffffff81a994bd
ffffffff83a85b10 ffffffff83ac48d0 ffffffff83a85b10 ffff8801d1ee67e8
ffff8801d1ee5f00 ffff8800a699f5f0 ffffffff813a834a 0000000000000001
Call Trace:
[<ffffffff81a994bd>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81a994bd>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
[<ffffffff813a834a>] print_circular_bug.cold.34+0x2f7/0x432 kernel/locking/lockdep.c:1226
[<ffffffff811ff0fc>] check_prev_add kernel/locking/lockdep.c:1853 [inline]
[<ffffffff811ff0fc>] check_prevs_add kernel/locking/lockdep.c:1958 [inline]
[<ffffffff811ff0fc>] validate_chain kernel/locking/lockdep.c:2144 [inline]
[<ffffffff811ff0fc>] __lock_acquire+0x3e6c/0x5f10 kernel/locking/lockdep.c:3213
[<ffffffff81202cde>] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592
[<ffffffff826fad9b>] __mutex_lock_common kernel/locking/mutex.c:521 [inline]
[<ffffffff826fad9b>] mutex_lock_nested+0xbb/0x8d0 kernel/locking/mutex.c:621
[<ffffffff8225a727>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
[<ffffffff82624cce>] ipv6_sock_mc_close+0x10e/0x350 net/ipv6/mcast.c:288
[<ffffffff825eb637>] do_ipv6_setsockopt.isra.4+0xd07/0x2d50 net/ipv6/ipv6_sockglue.c:202
[<ffffffff825ed717>] ipv6_setsockopt+0x97/0x130 net/ipv6/ipv6_sockglue.c:904
[<ffffffff8260258a>] udpv6_setsockopt+0x4a/0x90 net/ipv6/udp.c:1436
[<ffffffff821ca60a>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2659
[<ffffffff821c8046>] SYSC_setsockopt net/socket.c:1780 [inline]
[<ffffffff821c8046>] SyS_setsockopt+0x166/0x260 net/socket.c:1759
[<ffffffff827062e1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
audit: type=1400 audit(1540541236.283:14): avc: denied { relabelfrom } for pid=4429 comm="syz-executor2" name="control" dev="tmpfs" ino=12901 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tpm_device_t:s0 tclass=dir permissive=1
audit: type=1400 audit(1540541236.313:15): avc: denied { getattr } for pid=2115 comm="syz-executor2" path="/46/control" dev="tmpfs" ino=12901 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tpm_device_t:s0 tclass=dir permissive=1
audit: type=1400 audit(1540541236.363:16): avc: denied { read } for pid=2115 comm="syz-executor2" name="control" dev="tmpfs" ino=12901 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tpm_device_t:s0 tclass=dir permissive=1
audit: type=1400 audit(1540541236.403:17): avc: denied { open } for pid=2115 comm="syz-executor2" path="/46/control" dev="tmpfs" ino=12901 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tpm_device_t:s0 tclass=dir permissive=1
audit: type=1400 audit(1540541236.433:18): avc: denied { rmdir } for pid=2115 comm="syz-executor2" name="control" dev="tmpfs" ino=12901 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tpm_device_t:s0 tclass=dir permissive=1
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=45 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=55681 sclass=netlink_xfrm_socket
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=55681 sclass=netlink_xfrm_socket
binder: binder_mmap: 4602 20ffd000-20fff000 bad vm_flags failed -1
binder: 4602:4605 got reply transaction with no transaction stack
binder: 4602:4605 transaction failed 29201/-71, size 32-32 line 2922
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=45 sclass=netlink_tcpdiag_socket
binder: BINDER_SET_CONTEXT_MGR already set
binder: 4602:4605 ioctl 40046207 0 returned -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: binder_mmap: 4602 20ffd000-20fff000 bad vm_flags failed -1
binder: 4602:4616 ioctl 40046207 0 returned -16
binder: 4602:4618 got reply transaction with no transaction stack
binder: 4602:4618 transaction failed 29201/-71, size 32-32 line 2922
binder: undelivered TRANSACTION_ERROR: 29201
binder: undelivered TRANSACTION_ERROR: 29201
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=63651 sclass=netlink_xfrm_socket
syz-executor4 uses obsolete (PF_INET,SOCK_PACKET)
netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'.
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=16741 sclass=netlink_xfrm_socket
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=16741 sclass=netlink_xfrm_socket
device lo entered promiscuous mode
audit: type=1400 audit(1540541240.313:19): avc: denied { write } for pid=4956 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
device lo left promiscuous mode
device lo entered promiscuous mode
netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'.
audit: type=1326 audit(1540541241.103:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5017 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3ca code=0x0
audit: type=1326 audit(1540541241.903:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5017 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3ca code=0x0
netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'.
capability: warning: `syz-executor0' uses 32-bit capabilities (legacy support in use)
netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'.
rtc rtc0: __rtc_set_alarm: err=-22
netlink: 36 bytes leftover after parsing attributes in process `syz-executor4'.
audit: type=1400 audit(1540541243.973:22): avc: denied { relabelto } for pid=5255 comm="syz-executor4" name="UNIX" dev="sockfs" ino=15532 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:crond_unit_file_t:s0 tclass=unix_stream_socket permissive=1