[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 19.638070] audit: type=1400 audit(1517432870.872:6): avc: denied { map } for pid=4200 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.49' (ECDSA) to the list of known hosts. net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz0.router_solicitations = 0 syzkaller login: [ 25.974480] audit: type=1400 audit(1517432877.209:7): avc: denied { map } for pid=4214 comm="syzkaller037548" path="/root/syzkaller037548402" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 26.385741] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument executing program [ 26.766888] [ 26.768543] ====================================================== [ 26.774834] WARNING: possible circular locking dependency detected [ 26.781124] 4.15.0-rc9+ #218 Not tainted [ 26.785152] ------------------------------------------------------ [ 26.791453] syzkaller037548/4214 is trying to acquire lock: [ 26.797133] (rtnl_mutex){+.+.}, at: [<00000000dfd91461>] rtnl_lock+0x17/0x20 [ 26.804393] [ 26.804393] but task is already holding lock: [ 26.810334] (sk_lock-AF_INET){+.+.}, at: [<00000000bfa2d2a7>] ip_setsockopt+0x8c/0xb0 [ 26.818369] [ 26.818369] which lock already depends on the new lock. [ 26.818369] [ 26.826654] [ 26.826654] the existing dependency chain (in reverse order) is: [ 26.834253] [ 26.834253] -> #1 (sk_lock-AF_INET){+.+.}: [ 26.839973] lock_sock_nested+0xc2/0x110 [ 26.844529] do_ip_setsockopt.isra.12+0x1d9/0x3210 [ 26.849949] ip_setsockopt+0x3a/0xb0 [ 26.854155] tcp_setsockopt+0x82/0xd0 [ 26.858450] sock_common_setsockopt+0x95/0xd0 [ 26.863435] SyS_setsockopt+0x189/0x360 [ 26.867900] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 26.873143] [ 26.873143] -> #0 (rtnl_mutex){+.+.}: [ 26.878663] lock_acquire+0x1d5/0x580 [ 26.882966] __mutex_lock+0x16f/0x1a80 [ 26.887344] mutex_lock_nested+0x16/0x20 [ 26.891911] rtnl_lock+0x17/0x20 [ 26.895772] register_netdevice_notifier+0xad/0x860 [ 26.901294] tee_tg_check+0x1a0/0x280 [ 26.905588] xt_check_target+0x22c/0x7d0 [ 26.910143] find_check_entry.isra.8+0x8c8/0xcb0 [ 26.915413] translate_table+0xed1/0x1610 [ 26.920059] do_ipt_set_ctl+0x370/0x5f0 [ 26.924530] nf_setsockopt+0x67/0xc0 [ 26.928740] ip_setsockopt+0xa1/0xb0 [ 26.932948] sctp_setsockopt+0x2b6/0x61d0 [ 26.937606] sock_common_setsockopt+0x95/0xd0 [ 26.942594] SyS_setsockopt+0x189/0x360 [ 26.947071] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 26.952320] [ 26.952320] other info that might help us debug this: [ 26.952320] [ 26.960432] Possible unsafe locking scenario: [ 26.960432] [ 26.966472] CPU0 CPU1 [ 26.971109] ---- ---- [ 26.975750] lock(sk_lock-AF_INET); [ 26.979438] lock(rtnl_mutex); [ 26.985215] lock(sk_lock-AF_INET); [ 26.991428] lock(rtnl_mutex); [ 26.994678] [ 26.994678] *** DEADLOCK *** [ 26.994678] [ 27.000710] 1 lock held by syzkaller037548/4214: [ 27.005433] #0: (sk_lock-AF_INET){+.+.}, at: [<00000000bfa2d2a7>] ip_setsockopt+0x8c/0xb0 [ 27.013905] [ 27.013905] stack backtrace: [ 27.018373] CPU: 1 PID: 4214 Comm: syzkaller037548 Not tainted 4.15.0-rc9+ #218 [ 27.025787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.035122] Call Trace: [ 27.037691] dump_stack+0x194/0x257 [ 27.041292] ? arch_local_irq_restore+0x53/0x53 [ 27.045936] print_circular_bug.isra.37+0x2cd/0x2dc [ 27.050924] ? save_trace+0xe0/0x2b0 [ 27.054610] __lock_acquire+0x30a8/0x3e00 [ 27.058730] ? print_irqtrace_events+0x270/0x270 [ 27.063471] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 27.068632] ? print_irqtrace_events+0x270/0x270 [ 27.073359] ? __lock_acquire+0x664/0x3e00 [ 27.077568] ? rcutorture_record_progress+0x10/0x10 [ 27.082572] ? print_irqtrace_events+0x270/0x270 [ 27.087300] ? __lock_acquire+0x664/0x3e00 [ 27.091521] ? add_lock_to_list.isra.28+0x24d/0x352 [ 27.096521] ? check_noncircular+0x20/0x20 [ 27.100732] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 27.105897] ? __lock_acquire+0x664/0x3e00 [ 27.110119] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 27.115291] lock_acquire+0x1d5/0x580 [ 27.119068] ? lock_acquire+0x1d5/0x580 [ 27.123020] ? rtnl_lock+0x17/0x20 [ 27.126540] ? lock_release+0xa40/0xa40 [ 27.130487] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 27.136345] ? rcu_note_context_switch+0x710/0x710 [ 27.141248] ? find_held_lock+0x35/0x1d0 [ 27.145287] ? __might_sleep+0x95/0x190 [ 27.149235] ? rtnl_lock+0x17/0x20 [ 27.152750] __mutex_lock+0x16f/0x1a80 [ 27.156609] ? rtnl_lock+0x17/0x20 [ 27.160122] ? check_noncircular+0x20/0x20 [ 27.164328] ? lock_downgrade+0x980/0x980 [ 27.168457] ? rtnl_lock+0x17/0x20 [ 27.171975] ? find_held_lock+0x35/0x1d0 [ 27.176006] ? mutex_lock_io_nested+0x1900/0x1900 [ 27.180842] ? is_bpf_text_address+0x7b/0x120 [ 27.185309] ? print_irqtrace_events+0x270/0x270 [ 27.190044] ? depot_save_stack+0x3b5/0x490 [ 27.194348] ? lock_downgrade+0x980/0x980 [ 27.198468] ? lock_release+0xa40/0xa40 [ 27.202414] ? mark_held_locks+0xaf/0x100 [ 27.206535] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 27.211622] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 27.216613] ? trace_hardirqs_on+0xd/0x10 [ 27.220737] ? depot_save_stack+0x3b5/0x490 [ 27.225040] ? save_stack+0xa3/0xd0 [ 27.228640] ? save_stack+0x43/0xd0 [ 27.232235] ? kasan_kmalloc+0xad/0xe0 [ 27.236094] ? kmem_cache_alloc_trace+0x136/0x750 [ 27.240909] ? tee_tg_check+0xed/0x280 [ 27.244769] ? xt_check_target+0x22c/0x7d0 [ 27.248976] ? find_check_entry.isra.8+0x8c8/0xcb0 [ 27.253875] ? translate_table+0xed1/0x1610 [ 27.258169] ? do_ipt_set_ctl+0x370/0x5f0 [ 27.262291] ? nf_setsockopt+0x67/0xc0 [ 27.266156] ? ip_setsockopt+0xa1/0xb0 [ 27.270022] ? sctp_setsockopt+0x2b6/0x61d0 [ 27.274319] ? sock_common_setsockopt+0x95/0xd0 [ 27.278961] ? SyS_setsockopt+0x189/0x360 [ 27.283092] ? entry_SYSCALL_64_fastpath+0x29/0xa0 [ 27.287997] mutex_lock_nested+0x16/0x20 [ 27.292046] ? print_irqtrace_events+0x270/0x270 [ 27.296777] ? mutex_lock_nested+0x16/0x20 [ 27.301002] rtnl_lock+0x17/0x20 [ 27.304348] register_netdevice_notifier+0xad/0x860 [ 27.309337] ? __dev_close_many+0x350/0x350 [ 27.313633] ? __lock_is_held+0xb6/0x140 [ 27.317672] ? tee_tg_check+0xed/0x280 [ 27.321533] ? rcu_read_lock_sched_held+0x108/0x120 [ 27.326527] ? kmem_cache_alloc_trace+0x456/0x750 [ 27.332062] ? __kernel_text_address+0xd/0x40 [ 27.336537] ? wait_for_completion+0x770/0x770 [ 27.341093] tee_tg_check+0x1a0/0x280 [ 27.344864] ? tee_tg4+0x170/0x170 [ 27.348388] xt_check_target+0x22c/0x7d0 [ 27.352422] ? xt_target_seq_next+0x30/0x30 [ 27.356719] ? save_stack+0xa3/0xd0 [ 27.360322] ? kasan_slab_free+0x71/0xc0 [ 27.364358] ? kfree+0xd6/0x260 [ 27.367620] ? kvfree+0x36/0x60 [ 27.370880] ? translate_table+0xdd2/0x1610 [ 27.375178] ? mutex_unlock+0xd/0x10 [ 27.378865] ? xt_find_target+0x17b/0x1e0 [ 27.382993] find_check_entry.isra.8+0x8c8/0xcb0 [ 27.387730] ? ipt_do_table+0x1860/0x1860 [ 27.391861] ? mark_held_locks+0xaf/0x100 [ 27.395995] ? kfree+0xf0/0x260 [ 27.399257] ? trace_hardirqs_on+0xd/0x10 [ 27.403381] translate_table+0xed1/0x1610 [ 27.407524] ? alloc_counters.isra.11+0x7d0/0x7d0 [ 27.412354] ? kasan_check_write+0x14/0x20 [ 27.416570] ? _copy_from_user+0x99/0x110 [ 27.420778] do_ipt_set_ctl+0x370/0x5f0 [ 27.424730] ? translate_compat_table+0x1b90/0x1b90 [ 27.429725] ? mutex_unlock+0xd/0x10 [ 27.433413] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 27.438663] nf_setsockopt+0x67/0xc0 [ 27.442353] ip_setsockopt+0xa1/0xb0 [ 27.446045] sctp_setsockopt+0x2b6/0x61d0 [ 27.450167] ? sctp_setsockopt_paddr_thresholds+0x550/0x550 [ 27.455854] ? __thp_get_unmapped_area+0x130/0x130 [ 27.460756] ? __lock_acquire+0x664/0x3e00 [ 27.464961] ? __lock_acquire+0x664/0x3e00 [ 27.469173] ? is_bpf_text_address+0xa4/0x120 [ 27.473642] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 27.478806] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 27.483970] ? check_noncircular+0x20/0x20 [ 27.488189] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 27.493363] ? save_stack+0xa3/0xd0 [ 27.496961] ? save_stack+0x43/0xd0 [ 27.500558] ? kasan_kmalloc+0xad/0xe0 [ 27.504418] ? kasan_slab_alloc+0x12/0x20 [ 27.508538] ? kmem_cache_alloc+0x12e/0x760 [ 27.512831] ? selinux_file_alloc_security+0xae/0x190 [ 27.517990] ? security_file_alloc+0x6d/0xa0 [ 27.522375] ? get_empty_filp+0x189/0x4f0 [ 27.526578] ? alloc_file+0x26/0x390 [ 27.530264] ? sock_alloc_file+0x1f3/0x560 [ 27.534471] ? sock_map_fd+0x34/0x90 [ 27.538158] ? SyS_socket+0x125/0x1d0 [ 27.541933] ? entry_SYSCALL_64_fastpath+0x29/0xa0 [ 27.546835] ? kasan_slab_alloc+0x12/0x20 [ 27.550955] ? kmem_cache_alloc+0x12e/0x760 [ 27.555247] ? get_empty_filp+0xfb/0x4f0 [ 27.559277] ? alloc_file+0x26/0x390 [ 27.562961] ? sock_alloc_file+0x1f3/0x560 [ 27.567173] ? find_held_lock+0x35/0x1d0 [ 27.571210] ? avc_has_perm+0x35e/0x680 [ 27.575155] ? lock_downgrade+0x980/0x980 [ 27.579296] ? lock_release+0xa40/0xa40 [ 27.583244] ? check_noncircular+0x20/0x20 [ 27.587454] ? __pmd_alloc+0x4e0/0x4e0 [ 27.591312] ? __lockdep_init_map+0xe4/0x650 [ 27.595692] ? find_held_lock+0x35/0x1d0 [ 27.599726] ? avc_has_perm+0x43e/0x680 [ 27.603673] ? avc_has_perm_noaudit+0x520/0x520 [ 27.608317] ? __do_page_fault+0x5f7/0xc90 [ 27.612523] ? lock_downgrade+0x980/0x980 [ 27.616642] ? handle_mm_fault+0x410/0x8d0 [ 27.620847] ? down_read_trylock+0xdb/0x170 [ 27.625141] ? __do_page_fault+0x32d/0xc90 [ 27.629350] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 27.633901] ? vmacache_find+0x5f/0x280 [ 27.637849] ? sock_has_perm+0x2a4/0x420 [ 27.641884] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 27.647218] ? __do_page_fault+0x3d6/0xc90 [ 27.651431] ? selinux_netlbl_socket_setsockopt+0x10c/0x460 [ 27.657116] ? selinux_netlbl_sock_rcv_skb+0x730/0x730 [ 27.662373] sock_common_setsockopt+0x95/0xd0 [ 27.666844] SyS_setsockopt+0x189/0x360 [ 27.670790] ? SyS_recv+0x40/0x40 [ 27.674222] ? entry_SYSCALL_64_fastpath+0x5/0xa0 [ 27.679038] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 27.684031] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 27.688765] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 27.693494] RIP: 0033:0x445d19 [ 27.696655] RSP: 002b:00007ffd18ce2688 EFLAGS: 00000203 ORIG_RAX: 0000000000000036 [ 27.704346] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 0000000000445d19 [ 27.711592] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000005 [ 27.718839] RBP: 00007ffd1