syzbot

audit: type=1400 audit(1517075481.336:7): avc:  denied  { map } for  pid=3676 comm="syzkaller251332" path="/root/syzkaller251332582" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1

======================================================
WARNING: possible circular locking dependency detected
4.15.0-rc9+ #283 Not tainted
------------------------------------------------------
syzkaller251332/3676 is trying to acquire lock:
 (sk_lock-AF_INET6){+.+.}, at: [<000000004222b5b8>] lock_sock include/net/sock.h:1461 [inline]
 (sk_lock-AF_INET6){+.+.}, at: [<000000004222b5b8>] do_ipv6_setsockopt.isra.8+0x3c5/0x39d0 net/ipv6/ipv6_sockglue.c:167

but task is already holding lock:
 (rtnl_mutex){+.+.}, at: [<00000000ee4ed558>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (rtnl_mutex){+.+.}:
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
       mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
       rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72
       register_netdevice_notifier+0xad/0x860 net/core/dev.c:1590
       tee_tg_check+0x1a0/0x280 net/netfilter/xt_TEE.c:106
       xt_check_target+0x22c/0x7d0 net/netfilter/x_tables.c:845
       check_target net/ipv6/netfilter/ip6_tables.c:538 [inline]
       find_check_entry.isra.7+0x935/0xcf0 net/ipv6/netfilter/ip6_tables.c:580
       translate_table+0xf52/0x1690 net/ipv6/netfilter/ip6_tables.c:749
       do_replace net/ipv6/netfilter/ip6_tables.c:1167 [inline]
       do_ip6t_set_ctl+0x370/0x5f0 net/ipv6/netfilter/ip6_tables.c:1693
       nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
       nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
       ipv6_setsockopt+0x115/0x150 net/ipv6/ipv6_sockglue.c:928
       udpv6_setsockopt+0x45/0x80 net/ipv6/udp.c:1452
       sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2968
       SYSC_setsockopt net/socket.c:1831 [inline]
       SyS_setsockopt+0x189/0x360 net/socket.c:1810
       entry_SYSCALL_64_fastpath+0x29/0xa0

-> #0 (sk_lock-AF_INET6){+.+.}:
       lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
       lock_sock_nested+0xc2/0x110 net/core/sock.c:2770
       lock_sock include/net/sock.h:1461 [inline]
       do_ipv6_setsockopt.isra.8+0x3c5/0x39d0 net/ipv6/ipv6_sockglue.c:167
       ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:922
       udpv6_setsockopt+0x45/0x80 net/ipv6/udp.c:1452
       sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2968
       SYSC_setsockopt net/socket.c:1831 [inline]
       SyS_setsockopt+0x189/0x360 net/socket.c:1810
       entry_SYSCALL_64_fastpath+0x29/0xa0

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(rtnl_mutex);
                               lock(sk_lock-AF_INET6);
                               lock(rtnl_mutex);
  lock(sk_lock-AF_INET6);

 *** DEADLOCK ***

1 lock held by syzkaller251332/3676:
 #0:  (rtnl_mutex){+.+.}, at: [<00000000ee4ed558>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72

stack backtrace:
CPU: 0 PID: 3676 Comm: syzkaller251332 Not tainted 4.15.0-rc9+ #283
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 print_circular_bug.isra.37+0x2cd/0x2dc kernel/locking/lockdep.c:1218
 check_prev_add kernel/locking/lockdep.c:1858 [inline]
 check_prevs_add kernel/locking/lockdep.c:1971 [inline]
 validate_chain kernel/locking/lockdep.c:2412 [inline]
 __lock_acquire+0x30a8/0x3e00 kernel/locking/lockdep.c:3426
 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
 lock_sock_nested+0xc2/0x110 net/core/sock.c:2770
 lock_sock include/net/sock.h:1461 [inline]
 do_ipv6_setsockopt.isra.8+0x3c5/0x39d0 net/ipv6/ipv6_sockglue.c:167
 ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:922
 udpv6_setsockopt+0x45/0x80 net/ipv6/udp.c:1452
 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2968
 SYSC_setsockopt net/socket.c:1831 [inline]
 SyS_setsockopt+0x189/0x360 net/socket.c:1810
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x4411d9
RSP: 002b:00007ffe8e9dd0d8 EFLAGS: 00000207 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00000000004411d9
RDX: 000000000000002d RSI: 0000000000000029 RDI: 0000000000000004
RBP: 00000000006cb018 R08: 0000000000000088 R09: 0000000000000000
R10: 00