[....] Starting enhanced syslogd: rsyslogd[ 17.495499] audit: type=1400 audit(1517657252.613:5): avc: denied { syslog } for pid=4012 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.828535] audit: type=1400 audit(1517657257.946:6): avc: denied { map } for pid=4152 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.15.200' (ECDSA) to the list of known hosts. net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz0.router_solicitations = 0 [ 29.126865] audit: type=1400 audit(1517657264.244:7): avc: denied { map } for pid=4166 comm="syzkaller518321" path="/root/syzkaller518321593" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 29.503353] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument executing program [ 29.830578] ipt_CLUSTERIP: ipt_CLUSTERIP is deprecated and it will removed soon, use xt_cluster instead [ 29.840186] x_tables: ip_tables: osf match: only valid for protocol 6 [ 29.847424] [ 29.849038] ====================================================== [ 29.855319] WARNING: possible circular locking dependency detected [ 29.861604] 4.15.0+ #220 Not tainted [ 29.865281] ------------------------------------------------------ [ 29.871565] syzkaller518321/4166 is trying to acquire lock: [ 29.877240] (sk_lock-AF_INET){+.+.}, at: [<00000000824b7191>] do_ip_setsockopt.isra.12+0x1d9/0x3210 [ 29.886488] [ 29.886488] but task is already holding lock: [ 29.892422] (rtnl_mutex){+.+.}, at: [<00000000fb2f79b4>] rtnl_lock+0x17/0x20 [ 29.899667] [ 29.899667] which lock already depends on the new lock. [ 29.899667] [ 29.907948] [ 29.907948] the existing dependency chain (in reverse order) is: [ 29.915534] [ 29.915534] -> #1 (rtnl_mutex){+.+.}: [ 29.920786] __mutex_lock+0x16f/0x1a80 [ 29.925160] mutex_lock_nested+0x16/0x20 [ 29.929709] rtnl_lock+0x17/0x20 [ 29.933566] register_netdevice_notifier+0xad/0x860 [ 29.939077] clusterip_tg_check+0xeb9/0x1570 [ 29.943974] xt_check_target+0x22c/0x7d0 [ 29.948526] find_check_entry.isra.8+0x8c8/0xcb0 [ 29.953769] translate_table+0xed1/0x1610 [ 29.958411] do_ipt_set_ctl+0x370/0x5f0 [ 29.962876] nf_setsockopt+0x67/0xc0 [ 29.967080] ip_setsockopt+0xa1/0xb0 [ 29.971287] sctp_setsockopt+0x2b6/0x61d0 [ 29.975931] sock_common_setsockopt+0x95/0xd0 [ 29.980929] SyS_setsockopt+0x189/0x360 [ 29.985397] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 29.990640] [ 29.990640] -> #0 (sk_lock-AF_INET){+.+.}: [ 29.996325] lock_acquire+0x1d5/0x580 [ 30.000621] lock_sock_nested+0xc2/0x110 [ 30.005170] do_ip_setsockopt.isra.12+0x1d9/0x3210 [ 30.010587] ip_setsockopt+0x3a/0xb0 [ 30.014789] sctp_setsockopt+0x2b6/0x61d0 [ 30.019426] sock_common_setsockopt+0x95/0xd0 [ 30.024409] SyS_setsockopt+0x189/0x360 [ 30.028880] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 30.034120] [ 30.034120] other info that might help us debug this: [ 30.034120] [ 30.042225] Possible unsafe locking scenario: [ 30.042225] [ 30.048251] CPU0 CPU1 [ 30.052883] ---- ---- [ 30.057516] lock(rtnl_mutex); [ 30.060761] lock(sk_lock-AF_INET); [ 30.066959] lock(rtnl_mutex); [ 30.072721] lock(sk_lock-AF_INET); [ 30.076403] [ 30.076403] *** DEADLOCK *** [ 30.076403] [ 30.082436] 1 lock held by syzkaller518321/4166: [ 30.087157] #0: (rtnl_mutex){+.+.}, at: [<00000000fb2f79b4>] rtnl_lock+0x17/0x20 [ 30.094838] [ 30.094838] stack backtrace: [ 30.099309] CPU: 0 PID: 4166 Comm: syzkaller518321 Not tainted 4.15.0+ #220 [ 30.106372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.115694] Call Trace: [ 30.118254] dump_stack+0x194/0x257 [ 30.121849] ? arch_local_irq_restore+0x53/0x53 [ 30.126489] print_circular_bug.isra.38+0x2cd/0x2dc [ 30.131472] ? save_trace+0xe0/0x2b0 [ 30.135165] __lock_acquire+0x30a8/0x3e00 [ 30.139284] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 30.144440] ? rtnl_lock+0x17/0x20 [ 30.147949] ? rtnl_lock+0x17/0x20 [ 30.151456] ? __lock_acquire+0x664/0x3e00 [ 30.155660] ? mutex_lock_io_nested+0x1900/0x1900 [ 30.160471] ? page_swapcount+0x1d0/0x1d0 [ 30.164591] ? find_held_lock+0x35/0x1d0 [ 30.168630] ? check_noncircular+0x20/0x20 [ 30.172835] ? check_noncircular+0x20/0x20 [ 30.177037] ? print_irqtrace_events+0x270/0x270 [ 30.181762] ? find_held_lock+0x35/0x1d0 [ 30.185796] lock_acquire+0x1d5/0x580 [ 30.189576] ? lock_acquire+0x1d5/0x580 [ 30.193522] ? do_ip_setsockopt.isra.12+0x1d9/0x3210 [ 30.198596] ? lock_release+0xa40/0xa40 [ 30.202717] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 30.208569] ? do_raw_spin_trylock+0x190/0x190 [ 30.213122] ? lock_sock_nested+0x44/0x110 [ 30.217327] lock_sock_nested+0xc2/0x110 [ 30.221359] ? do_ip_setsockopt.isra.12+0x1d9/0x3210 [ 30.226431] do_ip_setsockopt.isra.12+0x1d9/0x3210 [ 30.231328] ? ip_ra_control+0x5c0/0x5c0 [ 30.235355] ? check_noncircular+0x20/0x20 [ 30.239564] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 30.244721] ? sctp_setsockopt+0x2b6/0x61d0 [ 30.249017] ? __lock_acquire+0x664/0x3e00 [ 30.253227] ? do_wp_page+0x80b/0x24d0 [ 30.257085] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 30.262240] ? wake_up_page_bit+0x530/0x530 [ 30.266528] ? do_raw_spin_trylock+0x190/0x190 [ 30.271076] ? reacquire_held_locks+0x1f9/0x3e0 [ 30.275712] ? print_irqtrace_events+0x270/0x270 [ 30.280436] ? _raw_spin_unlock+0x22/0x30 [ 30.284558] ? check_noncircular+0x20/0x20 [ 30.288761] ? mem_cgroup_update_lru_size+0xe0/0xe0 [ 30.293743] ? lock_downgrade+0x980/0x980 [ 30.297866] ? __lock_acquire+0x664/0x3e00 [ 30.302070] ? print_irqtrace_events+0x270/0x270 [ 30.306804] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 30.311963] ? __lock_acquire+0x664/0x3e00 [ 30.316166] ip_setsockopt+0x3a/0xb0 [ 30.319849] sctp_setsockopt+0x2b6/0x61d0 [ 30.323966] ? sctp_setsockopt_paddr_thresholds+0x550/0x550 [ 30.329646] ? __lock_is_held+0xb6/0x140 [ 30.333676] ? lru_cache_add+0x1c7/0x3a0 [ 30.337710] ? mem_cgroup_css_offline+0x510/0x510 [ 30.342521] ? check_noncircular+0x20/0x20 [ 30.346722] ? __mem_cgroup_threshold+0x8f0/0x8f0 [ 30.351534] ? mark_held_locks+0xaf/0x100 [ 30.355656] ? find_held_lock+0x35/0x1d0 [ 30.359686] ? check_noncircular+0x20/0x20 [ 30.363888] ? lock_downgrade+0x980/0x980 [ 30.368003] ? lock_release+0xa40/0xa40 [ 30.371952] ? find_held_lock+0x35/0x1d0 [ 30.375982] ? avc_has_perm+0x35e/0x680 [ 30.379923] ? lock_downgrade+0x980/0x980 [ 30.384040] ? lock_release+0xa40/0xa40 [ 30.387982] ? __pmd_alloc+0x4e0/0x4e0 [ 30.391835] ? check_noncircular+0x20/0x20 [ 30.396040] ? find_held_lock+0x35/0x1d0 [ 30.400070] ? avc_has_perm+0x43e/0x680 [ 30.404020] ? avc_has_perm_noaudit+0x520/0x520 [ 30.408665] ? __do_page_fault+0x5f7/0xc90 [ 30.412868] ? lock_downgrade+0x980/0x980 [ 30.416988] ? handle_mm_fault+0x476/0x930 [ 30.421191] ? down_read_trylock+0xdb/0x170 [ 30.425482] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 30.430038] ? vmacache_find+0x5f/0x280 [ 30.433982] ? sock_has_perm+0x2a4/0x420 [ 30.438015] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 30.443350] ? __do_page_fault+0x3d6/0xc90 [ 30.447554] ? selinux_netlbl_socket_setsockopt+0x10c/0x460 [ 30.453232] ? selinux_netlbl_sock_rcv_skb+0x730/0x730 [ 30.458483] sock_common_setsockopt+0x95/0xd0 [ 30.462945] SyS_setsockopt+0x189/0x360 [ 30.466889] ? SyS_recv+0x40/0x40 [ 30.470320] ? entry_SYSCALL_64_fastpath+0x5/0xa0 [ 30.475134] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 30.480118] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 30.484842] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 30.489567] RIP: 0033:0x445d29 [ 30.492727] RSP: 002b:00007ffec6fb3ac8 EFLAGS: 00000286 ORIG_RAX: 0000000000000036 [ 30.500403] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 0000000000445d29 [ 30.507640] RDX: 000000000000002d RSI: 0000000000000000 RDI: 0000000000000004 [ 30.514876] RBP: 00007ffec6fb3b78 R08: 0000000000000090 R09: 0000000000000000 [ 30.522113] R10: 0000000020010f70 R11: 0000000000000286 R12: 00007ffec6fb3b78 [ 30.529349] R13: 0000000000403250 R14: 00000000