[....] Starting enhanced syslogd: rsyslogd[ 15.150405] audit: type=1400 audit(1517406329.993:5): avc: denied { syslog } for pid=3941 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.076097] audit: type=1400 audit(1517406333.918:6): avc: denied { map } for pid=4081 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.15.202' (ECDSA) to the list of known hosts. net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz0.router_solicitations = 0 [ 25.366047] audit: type=1400 audit(1517406340.208:7): avc: denied { map } for pid=4094 comm="syzkaller723860" path="/root/syzkaller723860489" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 25.755182] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument executing program [ 26.085889] [ 26.087544] ====================================================== [ 26.093829] WARNING: possible circular locking dependency detected [ 26.100119] 4.15.0-rc9+ #217 Not tainted [ 26.104147] ------------------------------------------------------ [ 26.110431] syzkaller723860/4094 is trying to acquire lock: [ 26.116108] (rtnl_mutex){+.+.}, at: [<00000000927fd332>] rtnl_lock+0x17/0x20 [ 26.123372] [ 26.123372] but task is already holding lock: [ 26.129308] (sk_lock-AF_INET){+.+.}, at: [<0000000055e3ac8f>] ip_setsockopt+0x8c/0xb0 [ 26.137339] [ 26.137339] which lock already depends on the new lock. [ 26.137339] [ 26.145636] [ 26.145636] the existing dependency chain (in reverse order) is: [ 26.153234] [ 26.153234] -> #1 (sk_lock-AF_INET){+.+.}: [ 26.158926] lock_sock_nested+0xc2/0x110 [ 26.163479] do_ip_setsockopt.isra.12+0x1d9/0x3210 [ 26.168900] ip_setsockopt+0x3a/0xb0 [ 26.173103] tcp_setsockopt+0x82/0xd0 [ 26.177405] sock_common_setsockopt+0x95/0xd0 [ 26.182391] SyS_setsockopt+0x189/0x360 [ 26.186856] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 26.192107] [ 26.192107] -> #0 (rtnl_mutex){+.+.}: [ 26.197370] lock_acquire+0x1d5/0x580 [ 26.201662] __mutex_lock+0x16f/0x1a80 [ 26.206041] mutex_lock_nested+0x16/0x20 [ 26.210592] rtnl_lock+0x17/0x20 [ 26.214452] register_netdevice_notifier+0xad/0x860 [ 26.219960] tee_tg_check+0x1a0/0x280 [ 26.224249] xt_check_target+0x22c/0x7d0 [ 26.228802] find_check_entry.isra.8+0x8c8/0xcb0 [ 26.234046] translate_table+0xed1/0x1610 [ 26.238687] do_ipt_set_ctl+0x370/0x5f0 [ 26.243160] nf_setsockopt+0x67/0xc0 [ 26.247364] ip_setsockopt+0xa1/0xb0 [ 26.251567] sctp_setsockopt+0x2b6/0x61d0 [ 26.256205] sock_common_setsockopt+0x95/0xd0 [ 26.261206] SyS_setsockopt+0x189/0x360 [ 26.265671] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 26.270912] [ 26.270912] other info that might help us debug this: [ 26.270912] [ 26.279025] Possible unsafe locking scenario: [ 26.279025] [ 26.285053] CPU0 CPU1 [ 26.289686] ---- ---- [ 26.294328] lock(sk_lock-AF_INET); [ 26.298013] lock(rtnl_mutex); [ 26.304218] lock(sk_lock-AF_INET); [ 26.310417] lock(rtnl_mutex); [ 26.313673] [ 26.313673] *** DEADLOCK *** [ 26.313673] [ 26.319700] 1 lock held by syzkaller723860/4094: [ 26.324429] #0: (sk_lock-AF_INET){+.+.}, at: [<0000000055e3ac8f>] ip_setsockopt+0x8c/0xb0 [ 26.332897] [ 26.332897] stack backtrace: [ 26.337361] CPU: 0 PID: 4094 Comm: syzkaller723860 Not tainted 4.15.0-rc9+ #217 [ 26.344773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.354111] Call Trace: [ 26.356672] dump_stack+0x194/0x257 [ 26.360271] ? arch_local_irq_restore+0x53/0x53 [ 26.364913] print_circular_bug.isra.37+0x2cd/0x2dc [ 26.369898] ? save_trace+0xe0/0x2b0 [ 26.373581] __lock_acquire+0x30a8/0x3e00 [ 26.377699] ? print_irqtrace_events+0x270/0x270 [ 26.382428] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.387586] ? check_noncircular+0x20/0x20 [ 26.391789] ? print_irqtrace_events+0x270/0x270 [ 26.396993] ? __lock_acquire+0x664/0x3e00 [ 26.401207] ? __debug_object_init+0x235/0x1040 [ 26.405845] ? lock_downgrade+0x980/0x980 [ 26.409967] ? print_irqtrace_events+0x270/0x270 [ 26.414693] ? __lock_acquire+0x664/0x3e00 [ 26.418909] ? debug_object_activate+0x307/0x730 [ 26.423633] ? lock_downgrade+0x980/0x980 [ 26.427760] ? check_noncircular+0x20/0x20 [ 26.431967] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.437128] ? __lock_acquire+0x664/0x3e00 [ 26.441336] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.446513] lock_acquire+0x1d5/0x580 [ 26.450283] ? lock_acquire+0x1d5/0x580 [ 26.454228] ? rtnl_lock+0x17/0x20 [ 26.457740] ? lock_release+0xa40/0xa40 [ 26.461683] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 26.467538] ? rcu_note_context_switch+0x710/0x710 [ 26.472437] ? find_held_lock+0x35/0x1d0 [ 26.476469] ? __might_sleep+0x95/0x190 [ 26.480416] ? rtnl_lock+0x17/0x20 [ 26.483927] __mutex_lock+0x16f/0x1a80 [ 26.487783] ? rtnl_lock+0x17/0x20 [ 26.491291] ? check_noncircular+0x20/0x20 [ 26.495494] ? lock_downgrade+0x980/0x980 [ 26.499613] ? rtnl_lock+0x17/0x20 [ 26.503123] ? find_held_lock+0x35/0x1d0 [ 26.507153] ? mutex_lock_io_nested+0x1900/0x1900 [ 26.511968] ? is_bpf_text_address+0x7b/0x120 [ 26.516445] ? print_irqtrace_events+0x270/0x270 [ 26.521171] ? depot_save_stack+0x3b5/0x490 [ 26.525461] ? lock_downgrade+0x980/0x980 [ 26.529579] ? lock_release+0xa40/0xa40 [ 26.533525] ? mark_held_locks+0xaf/0x100 [ 26.537645] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 26.542727] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 26.547713] ? trace_hardirqs_on+0xd/0x10 [ 26.551840] ? depot_save_stack+0x3b5/0x490 [ 26.556145] ? save_stack+0xa3/0xd0 [ 26.559740] ? save_stack+0x43/0xd0 [ 26.563345] ? kasan_kmalloc+0xad/0xe0 [ 26.567201] ? kmem_cache_alloc_trace+0x136/0x750 [ 26.572027] ? tee_tg_check+0xed/0x280 [ 26.575888] ? xt_check_target+0x22c/0x7d0 [ 26.580092] ? find_check_entry.isra.8+0x8c8/0xcb0 [ 26.584989] ? translate_table+0xed1/0x1610 [ 26.589283] ? do_ipt_set_ctl+0x370/0x5f0 [ 26.593399] ? nf_setsockopt+0x67/0xc0 [ 26.597254] ? ip_setsockopt+0xa1/0xb0 [ 26.601109] ? sctp_setsockopt+0x2b6/0x61d0 [ 26.605401] ? sock_common_setsockopt+0x95/0xd0 [ 26.610039] ? SyS_setsockopt+0x189/0x360 [ 26.614155] ? entry_SYSCALL_64_fastpath+0x29/0xa0 [ 26.619055] mutex_lock_nested+0x16/0x20 [ 26.623090] ? print_irqtrace_events+0x270/0x270 [ 26.627813] ? mutex_lock_nested+0x16/0x20 [ 26.632025] rtnl_lock+0x17/0x20 [ 26.635366] register_netdevice_notifier+0xad/0x860 [ 26.640351] ? __dev_close_many+0x350/0x350 [ 26.644644] ? __lock_is_held+0xb6/0x140 [ 26.648675] ? tee_tg_check+0xed/0x280 [ 26.652529] ? rcu_read_lock_sched_held+0x108/0x120 [ 26.657516] ? kmem_cache_alloc_trace+0x456/0x750 [ 26.662328] ? __kernel_text_address+0xd/0x40 [ 26.666795] ? wait_for_completion+0x770/0x770 [ 26.671348] tee_tg_check+0x1a0/0x280 [ 26.675116] ? tee_tg4+0x170/0x170 [ 26.678626] xt_check_target+0x22c/0x7d0 [ 26.682658] ? xt_target_seq_next+0x30/0x30 [ 26.686951] ? mutex_unlock+0xd/0x10 [ 26.690635] ? mutex_unlock+0xd/0x10 [ 26.694324] ? xt_find_target+0x17b/0x1e0 [ 26.698447] find_check_entry.isra.8+0x8c8/0xcb0 [ 26.703187] ? ipt_do_table+0x1860/0x1860 [ 26.707310] ? mark_held_locks+0xaf/0x100 [ 26.711428] ? kfree+0xf0/0x260 [ 26.714678] ? trace_hardirqs_on+0xd/0x10 [ 26.718797] translate_table+0xed1/0x1610 [ 26.722920] ? alloc_counters.isra.11+0x7d0/0x7d0 [ 26.727735] ? kasan_check_write+0x14/0x20 [ 26.731943] ? _copy_from_user+0x99/0x110 [ 26.736061] do_ipt_set_ctl+0x370/0x5f0 [ 26.740007] ? translate_compat_table+0x1b90/0x1b90 [ 26.745004] ? mutex_unlock+0xd/0x10 [ 26.748694] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 26.753941] nf_setsockopt+0x67/0xc0 [ 26.757624] ip_setsockopt+0xa1/0xb0 [ 26.761318] sctp_setsockopt+0x2b6/0x61d0 [ 26.765436] ? sctp_setsockopt_paddr_thresholds+0x550/0x550 [ 26.771118] ? __free_insn_slot+0x5c0/0x5c0 [ 26.775420] ? rcutorture_record_progress+0x10/0x10 [ 26.780410] ? is_bpf_text_address+0xa4/0x120 [ 26.784880] ? __lock_acquire+0x664/0x3e00 [ 26.789086] ? unwind_get_return_address+0x61/0xa0 [ 26.793995] ? __save_stack_trace+0x7e/0xd0 [ 26.798301] ? check_noncircular+0x20/0x20 [ 26.802512] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.807672] ? save_stack+0xa3/0xd0 [ 26.811268] ? save_stack+0x43/0xd0 [ 26.814865] ? kasan_kmalloc+0xad/0xe0 [ 26.818731] ? kasan_slab_alloc+0x12/0x20 [ 26.822850] ? kmem_cache_alloc+0x12e/0x760 [ 26.827140] ? selinux_file_alloc_security+0xae/0x190 [ 26.832308] ? security_file_alloc+0x6d/0xa0 [ 26.836684] ? get_empty_filp+0x189/0x4f0 [ 26.840804] ? alloc_file+0x26/0x390 [ 26.844500] ? sock_alloc_file+0x1f3/0x560 [ 26.848704] ? sock_map_fd+0x34/0x90 [ 26.852388] ? SyS_socket+0x125/0x1d0 [ 26.856158] ? entry_SYSCALL_64_fastpath+0x29/0xa0 [ 26.861060] ? kasan_slab_alloc+0x12/0x20 [ 26.865178] ? kmem_cache_alloc+0x12e/0x760 [ 26.869480] ? get_empty_filp+0xfb/0x4f0 [ 26.873510] ? alloc_file+0x26/0x390 [ 26.877204] ? sock_alloc_file+0x1f3/0x560 [ 26.881413] ? find_held_lock+0x35/0x1d0 [ 26.885449] ? avc_has_perm+0x35e/0x680 [ 26.889395] ? lock_downgrade+0x980/0x980 [ 26.893516] ? debug_mutex_init+0x1c/0x60 [ 26.897644] ? lock_release+0xa40/0xa40 [ 26.901599] ? __lockdep_init_map+0xe4/0x650 [ 26.905979] ? avc_has_perm+0x43e/0x680 [ 26.909925] ? avc_has_perm_noaudit+0x520/0x520 [ 26.914583] ? __fd_install+0x25f/0x740 [ 26.918529] ? lock_downgrade+0x980/0x980 [ 26.922658] ? __lock_is_held+0xb6/0x140 [ 26.926691] ? sock_has_perm+0x2a4/0x420 [ 26.930722] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 26.936056] ? selinux_netlbl_socket_setsockopt+0x10c/0x460 [ 26.941737] ? selinux_netlbl_sock_rcv_skb+0x730/0x730 [ 26.946985] ? alloc_file+0x27e/0x390 [ 26.950764] sock_common_setsockopt+0x95/0xd0 [ 26.955232] SyS_setsockopt+0x189/0x360 [ 26.959184] ? SyS_recv+0x40/0x40 [ 26.962609] ? entry_SYSCALL_64_fastpath+0x5/0xa0 [ 26.967422] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 26.972420] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 26.977149] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 26.981872] RIP: 0033:0x445af9 [ 26.985035] RSP: 002b:00007fff24efece8 EFLAGS: 00000203 ORIG_RAX: 0000000000000036 [ 26.992730] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 0000000000445af9 [ 26.999981] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000005 [ 27.007232] RBP: 00007fff24efed98 R08: 0000000000000308 R09: 0000000000000000 [ 27.014473] R10: 0000000020019000 R11: 0000000000000203 R12: 00007fff24efed98 [ 27.021713] R13: 0000000000403020 R14: 0000000000000000 R15: 0000000000000000