[....] Starting enhanced syslogd: rsyslogd[ 16.583829] audit: type=1400 audit(1517276157.871:5): avc: denied { syslog } for pid=4001 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Starting mcstransd:
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 22.385771] audit: type=1400 audit(1517276163.673:6): avc: denied { map } for pid=4140 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.55' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
[ 28.682256] audit: type=1400 audit(1517276169.970:7): avc: denied { map } for pid=4153 comm="syzkaller332496" path="/root/syzkaller332496755" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[ 29.083889] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
[ 29.435943]
[ 29.437603] ======================================================
[ 29.443889] WARNING: possible circular locking dependency detected
[ 29.450178] 4.15.0+ #285 Not tainted
[ 29.453859] ------------------------------------------------------
[ 29.460144] syzkaller332496/4153 is trying to acquire lock:
[ 29.465821] (rtnl_mutex){+.+.}, at: [<00000000b45fdd36>] rtnl_lock+0x17/0x20
[ 29.473073]
[ 29.473073] but task is already holding lock:
[ 29.479017] (sk_lock-AF_INET){+.+.}, at: [<0000000004e9e26d>] ip_setsockopt+0x8c/0xb0
[ 29.487060]
[ 29.487060] which lock already depends on the new lock.
[ 29.487060]
[ 29.495345]
[ 29.495345] the existing dependency chain (in reverse order) is:
[ 29.502937]
[ 29.502937] -> #1 (sk_lock-AF_INET){+.+.}:
[ 29.508634] lock_sock_nested+0xc2/0x110
[ 29.513191] do_ip_getsockopt+0x1b3/0x2170
[ 29.517917] ip_getsockopt+0x90/0x220
[ 29.522206] udp_getsockopt+0x45/0x80
[ 29.526500] sock_common_getsockopt+0x95/0xd0
[ 29.531484] SyS_getsockopt+0x178/0x340
[ 29.535951] entry_SYSCALL_64_fastpath+0x29/0xa0
[ 29.541194]
[ 29.541194] -> #0 (rtnl_mutex){+.+.}:
[ 29.546451] lock_acquire+0x1d5/0x580
[ 29.550743] __mutex_lock+0x16f/0x1a80
[ 29.555121] mutex_lock_nested+0x16/0x20
[ 29.559678] rtnl_lock+0x17/0x20
[ 29.563536] register_netdevice_notifier+0xad/0x860
[ 29.569050] clusterip_tg_check+0xeb9/0x1570
[ 29.573952] xt_check_target+0x22c/0x7d0
[ 29.578505] find_check_entry.isra.8+0x8c8/0xcb0
[ 29.583752] translate_table+0xed1/0x1610
[ 29.588393] do_ipt_set_ctl+0x370/0x5f0
[ 29.592863] nf_setsockopt+0x67/0xc0
[ 29.597070] ip_setsockopt+0xa1/0xb0
[ 29.601277] raw_setsockopt+0xb7/0xd0
[ 29.605592] sock_common_setsockopt+0x95/0xd0
[ 29.610581] SyS_setsockopt+0x189/0x360
[ 29.615055] entry_SYSCALL_64_fastpath+0x29/0xa0
[ 29.620309]
[ 29.620309] other info that might help us debug this:
[ 29.620309]
[ 29.628421] Possible unsafe locking scenario:
[ 29.628421]
[ 29.634452] CPU0 CPU1
[ 29.639091] ---- ----
[ 29.643724] lock(sk_lock-AF_INET);
[ 29.647416] lock(rtnl_mutex);
[ 29.653220] lock(sk_lock-AF_INET);
[ 29.659429] lock(rtnl_mutex);
[ 29.662689]
[ 29.662689] *** DEADLOCK ***
[ 29.662689]
[ 29.668722] 1 lock held by syzkaller332496/4153:
[ 29.673445] #0: (sk_lock-AF_INET){+.+.}, at: [<0000000004e9e26d>] ip_setsockopt+0x8c/0xb0
[ 29.681918]
[ 29.681918] stack backtrace:
[ 29.686388] CPU: 0 PID: 4153 Comm: syzkaller332496 Not tainted 4.15.0+ #285
[ 29.693456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 29.702780] Call Trace:
[ 29.705342] dump_stack+0x194/0x257
[ 29.708944] ? arch_local_irq_restore+0x53/0x53
[ 29.713594] print_circular_bug.isra.37+0x2cd/0x2dc
[ 29.718586] ? save_trace+0xe0/0x2b0
[ 29.722280] __lock_acquire+0x30a8/0x3e00
[ 29.726405] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 29.731570] ? trace_hardirqs_off+0x10/0x10
[ 29.735865] ? __is_insn_slot_addr+0x1fc/0x330
[ 29.740428] ? lock_downgrade+0x980/0x980
[ 29.744550] ? lock_release+0xa40/0xa40
[ 29.748526] ? bpf_prog_kallsyms_find+0xbd/0x440
[ 29.753259] ? modules_open+0xa0/0xa0
[ 29.757303] ? trace_raw_output_xdp_redirect_map_err+0x440/0x440
[ 29.763425] ? is_bpf_text_address+0x7b/0x120
[ 29.767897] ? lock_downgrade+0x980/0x980
[ 29.772023] ? lock_release+0xa40/0xa40
[ 29.775978] ? __free_insn_slot+0x5c0/0x5c0
[ 29.780272] ? check_noncircular+0x20/0x20
[ 29.784484] ? kernel_text_address+0x102/0x140
[ 29.789041] lock_acquire+0x1d5/0x580
[ 29.792815] ? lock_acquire+0x1d5/0x580
[ 29.796762] ? rtnl_lock+0x17/0x20
[ 29.800276] ? lock_release+0xa40/0xa40
[ 29.804222] ? trace_event_raw_event_sched_switch+0x800/0x800
[ 29.810081] ? print_irqtrace_events+0x270/0x270
[ 29.814817] ? idr_get_free_cmn+0x64e/0xfd0
[ 29.819120] ? rcu_note_context_switch+0x710/0x710
[ 29.824032] ? __might_sleep+0x95/0x190
[ 29.827982] ? rtnl_lock+0x17/0x20
[ 29.831494] __mutex_lock+0x16f/0x1a80
[ 29.835364] ? rtnl_lock+0x17/0x20
[ 29.838879] ? rtnl_lock+0x17/0x20
[ 29.842397] ? __lock_acquire+0x664/0x3e00
[ 29.846612] ? _raw_spin_unlock_irqrestore+0x31/0xba
[ 29.851711] ? mutex_lock_io_nested+0x1900/0x1900
[ 29.856528] ? trace_hardirqs_on+0xd/0x10
[ 29.860660] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 29.865838] ? save_stack+0xa3/0xd0
[ 29.869437] ? kasan_kmalloc+0xad/0xe0
[ 29.873297] ? __proc_create+0x21a/0x880
[ 29.877327] ? proc_create_data+0x76/0x180
[ 29.881536] ? clusterip_tg_check+0xe4d/0x1570
[ 29.886090] ? rb_insert_color+0x1580/0x1580
[ 29.890469] ? do_ipt_set_ctl+0x370/0x5f0
[ 29.894601] ? ip_setsockopt+0xa1/0xb0
[ 29.898460] ? raw_setsockopt+0xb7/0xd0
[ 29.902410] ? sock_common_setsockopt+0x95/0xd0
[ 29.907049] ? SyS_setsockopt+0x189/0x360
[ 29.911172] ? entry_SYSCALL_64_fastpath+0x29/0xa0
[ 29.916078] ? _find_next_bit+0xee/0x120
[ 29.920122] ? check_noncircular+0x20/0x20
[ 29.924418] ? find_first_zero_bit+0x93/0xe0
[ 29.928825] ? ida_get_new_above+0x421/0x9d0
[ 29.933219] ? print_irqtrace_events+0x270/0x270
[ 29.937957] ? check_noncircular+0x20/0x20
[ 29.942166] ? print_irqtrace_events+0x270/0x270
[ 29.946892] ? ida_simple_get+0x15c/0x220
[ 29.951011] ? lock_downgrade+0x980/0x980
[ 29.955134] ? find_held_lock+0x35/0x1d0
[ 29.959177] mutex_lock_nested+0x16/0x20
[ 29.963216] ? mutex_lock_nested+0x16/0x20
[ 29.967423] rtnl_lock+0x17/0x20
[ 29.970761] register_netdevice_notifier+0xad/0x860
[ 29.975749] ? lock_downgrade+0x980/0x980
[ 29.979864] ? __dev_close_many+0x330/0x330
[ 29.984158] ? ida_simple_get+0x176/0x220
[ 29.988279] ? do_raw_write_trylock+0x190/0x190
[ 29.992920] ? ida_remove+0x3f0/0x3f0
[ 29.996696] ? _raw_write_unlock+0x22/0x30
[ 30.000902] ? proc_register+0x261/0x370
[ 30.004934] ? proc_create_data+0x101/0x180
[ 30.009241] clusterip_tg_check+0xeb9/0x1570
[ 30.013622] ? arp_mangle+0x550/0x550
[ 30.017408] ? xt_find_target+0x150/0x1e0
[ 30.021534] ? lock_downgrade+0x980/0x980
[ 30.025654] ? rcu_read_lock_sched_held+0x108/0x120
[ 30.030642] ? pcpu_alloc+0x146/0x10e0
[ 30.034502] ? __mutex_unlock_slowpath+0xe9/0xac0
[ 30.039315] ? pcpu_free_area+0xa00/0xa00
[ 30.043436] ? __mutex_unlock_slowpath+0xe9/0xac0
[ 30.048261] ? __kernel_text_address+0xd/0x40
[ 30.052726] ? wait_for_completion+0x770/0x770
[ 30.057279] ? trace_hardirqs_off+0xd/0x10
[ 30.061484] ? arp_mangle+0x550/0x550
[ 30.065260] xt_check_target+0x22c/0x7d0
[ 30.069293] ? xt_target_seq_next+0x30/0x30
[ 30.073585] ? mutex_unlock+0xd/0x10
[ 30.077268] ? mutex_unlock+0xd/0x10
[ 30.080951] ? xt_find_target+0x17b/0x1e0
[ 30.085075] find_check_entry.isra.8+0x8c8/0xcb0
[ 30.089806] ? ipt_do_table+0x1860/0x1860
[ 30.093927] ? mark_held_locks+0xaf/0x100
[ 30.098051] ? kfree+0xf0/0x260
[ 30.101303] ? trace_hardirqs_on+0xd/0x10
[ 30.105429] translate_table+0xed1/0x1610
[ 30.109555] ? alloc_counters.isra.11+0x7d0/0x7d0
[ 30.114377] ? kasan_check_write+0x14/0x20
[ 30.118588] ? _copy_from_user+0x99/0x110
[ 30.122720] do_ipt_set_ctl+0x370/0x5f0
[ 30.126673] ? translate_compat_table+0x1b90/0x1b90
[ 30.131663] ? mutex_unlock+0xd/0x10
[ 30.135352] ? nf_sockopt_find.constprop.0+0x1a7/0x220
[ 30.140599] nf_setsockopt+0x67/0xc0
[ 30.144287] ip_setsockopt+0xa1/0xb0
[ 30.147974] raw_setsockopt+0xb7/0xd0
[ 30.151746] sock_common_setsockopt+0x95/0xd0
[ 30.156210] SyS_setsockopt+0x189/0x360
[ 30.160155] ? SyS_recv+0x40/0x40
[ 30.163578] ? entry_SYSCALL_64_fastpath+0x5/0xa0
[ 30.168396] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 30.173390] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 30.178124] entry_SYSCALL_64_fastpath+0x29/0xa0
[ 30.182848] RIP: 0033:0x445cf9
[ 30.186008] RSP: 002b:00007ffe63cae958 EFLAGS: 00000203 ORIG_RAX: 0000000000000036
[ 30.193696] RAX: ffffffffffffffda RBX: 00000000004a75b2 RCX: 0000000000445cf9
[ 30.200948] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000005
[ 30.208197] RBP: 00007ffe63caea58 R08: 00000000000002f8 R09: 00000000207a6f2e
[ 30.215445] R10: 000000002000b000 R11: 0000000000000203 R12: 00007ffe63caea58
[ 30.222692] R13: 00000000004031c0 R14: 0000000000000000 R15: 0000000000000000