ip6_tunnel: ip6gre1 xmit: Local address not yet configured!

======================================================
WARNING: possible circular locking dependency detected
4.18.0-rc7+ #73 Not tainted
------------------------------------------------------
syz-executor6/30696 is trying to acquire lock:
00000000733950fa (rlock-AF_UNIX){+.+.}, at: skb_queue_tail+0x26/0x150 net/core/skbuff.c:2916

but task is already holding lock:
0000000057b86544 (&(&u->lock)->rlock/1){+.+.}, at: unix_state_double_lock+0x80/0xb0 net/unix/af_unix.c:1078

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&(&u->lock)->rlock/1){+.+.}:
       _raw_spin_lock_nested+0x28/0x40 kernel/locking/spinlock.c:354
       sk_diag_dump_icons net/unix/diag.c:82 [inline]
       sk_diag_fill.isra.5+0xa57/0x10f0 net/unix/diag.c:144
       sk_diag_dump net/unix/diag.c:178 [inline]
       unix_diag_dump+0x35f/0x550 net/unix/diag.c:206
       netlink_dump+0x519/0xd50 net/netlink/af_netlink.c:2226
       __netlink_dump_start+0x51a/0x780 net/netlink/af_netlink.c:2323
       netlink_dump_start include/linux/netlink.h:214 [inline]
       unix_diag_handler_dump+0x3fc/0x7d0 net/unix/diag.c:307
       __sock_diag_cmd net/core/sock_diag.c:230 [inline]
       sock_diag_rcv_msg+0x2e0/0x3d0 net/core/sock_diag.c:261
       netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2448
       sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:272
       netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline]
       netlink_unicast+0x5a0/0x760 net/netlink/af_netlink.c:1336
       netlink_sendmsg+0xa18/0xfd0 net/netlink/af_netlink.c:1901
       sock_sendmsg_nosec net/socket.c:641 [inline]
       sock_sendmsg+0xd5/0x120 net/socket.c:651
       sock_write_iter+0x362/0x5c0 net/socket.c:920
       call_write_iter include/linux/fs.h:1793 [inline]
       do_iter_readv_writev+0x897/0xa90 fs/read_write.c:680
       do_iter_write+0x185/0x5f0 fs/read_write.c:959
       compat_writev+0x234/0x420 fs/read_write.c:1273
       do_compat_writev+0x128/0x260 fs/read_write.c:1294
       __do_compat_sys_writev fs/read_write.c:1305 [inline]
       __se_compat_sys_writev fs/read_write.c:1301 [inline]
       __ia32_compat_sys_writev+0x74/0xb0 fs/read_write.c:1301
       do_syscall_32_irqs_on arch/x86/entry/common.c:326 [inline]
       do_fast_syscall_32+0x34d/0xfb2 arch/x86/entry/common.c:397
       entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139

-> #0 (rlock-AF_UNIX){+.+.}:
       lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0x96/0xc0 kernel/locking/spinlock.c:152
       skb_queue_tail+0x26/0x150 net/core/skbuff.c:2916
       unix_dgram_sendmsg+0xfa2/0x1750 net/unix/af_unix.c:1797
       sock_sendmsg_nosec net/socket.c:641 [inline]
       sock_sendmsg+0xd5/0x120 net/socket.c:651
       ___sys_sendmsg+0x51d/0x930 net/socket.c:2125
       __sys_sendmmsg+0x3bb/0x6f0 net/socket.c:2213
       __compat_sys_sendmmsg net/compat.c:770 [inline]
       __do_compat_sys_sendmmsg net/compat.c:777 [inline]
       __se_compat_sys_sendmmsg net/compat.c:774 [inline]
       __ia32_compat_sys_sendmmsg+0x9f/0x100 net/compat.c:774
       do_syscall_32_irqs_on arch/x86/entry/common.c:326 [inline]
       do_fast_syscall_32+0x34d/0xfb2 arch/x86/entry/common.c:397
       entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&(&u->lock)->rlock/1);
                               lock(rlock-AF_UNIX);
                               lock(&(&u->lock)->rlock/1);
  lock(rlock-AF_UNIX);

 *** DEADLOCK ***

1 lock held by syz-executor6/30696:
 #0: 0000000057b86544 (&(&u->lock)->rlock/1){+.+.}, at: unix_state_double_lock+0x80/0xb0 net/unix/af_unix.c:1078

stack backtrace:
CPU: 1 PID: 30696 Comm: syz-executor6 Not tainted 4.18.0-rc7+ #73
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
 print_circular_bug.isra.36.cold.57+0x1bd/0x27d kernel/locking/lockdep.c:1227
 check_prev_add kernel/locking/lockdep.c:1867 [inline]
 check_prevs_add kernel/locking/lockdep.c:1980 [inline]
 validate_chain kernel/locking/lockdep.c:2421 [inline]
 __lock_acquire+0x3449/0x5020 kernel/locking/lockdep.c:3435
 lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x96/0xc0 kernel/locking/spinlock.c:152
 skb_queue_tail+0x26/0x150 net/core/skbuff.c:2916
 unix_dgram_sendmsg+0xfa2/0x1750 net/unix/af_unix.c:1797
 sock_sendmsg_nosec net/socket.c:641 [inline]
 sock_sendmsg+0xd5/0x120 net/socket.c:651
 ___sys_sendmsg+0x51d/0x930 net/socket.c:2125
 __sys_sendmmsg+0x3bb/0x6f0 net/socket.c:2213
 __compat_sys_sendmmsg net/compat.c:770 [inline]
 __do_compat_sys_sendmmsg net/compat.c:777 [inline]
 __se_compat_sys_sendmmsg net/compat.c:774 [inline]
 __ia32_compat_sys_sendmmsg+0x9f/0x100 net/compat.c:774
 do_syscall_32_irqs_on arch/x86/entry/common.c:326 [inline]
 do_fast_syscall_32+0x34d/0xfb2 arch/x86/entry/common.c:397
 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139
RIP: 0023:0xf7ff5cb9
Code: 55 08 8b 88 64 cd ff ff 8b 98 68 cd ff ff 89 c8 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 1c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 
RSP: 002b:00000000f5fd00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000159
RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 00000000200bd000
RDX: 00000000fffffdc3 RSI: 00000000750cae5e RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
IPv6 header not found
IPv6 header not found
IPv6 header not found
IPv6 header not found
IPv6 header not found
IPv6 header not found
IPv6 header not found
IPv6 header not found
IPv6 header not found
IPv6 header not found
netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'.
binder_alloc: 31739: binder_alloc_buf failed to map page at 20002000 in userspace
binder: 31739:31744 transaction failed 29201/-12, size 0-12288 line 2967
binder_alloc: binder_alloc_mmap_handler: 31739 20001000-20004000 already mapped failed -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: undelivered TRANSACTION_ERROR: 29201
netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'.
binder: 31739:31744 ioctl 40046207 0 returned -16