[....] Starting enhanced syslogd: rsyslogd[ 12.475865] audit: type=1400 audit(1515861300.746:5): avc: denied { syslog } for pid=3499 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.226555] audit: type=1400 audit(1515861307.497:6): avc: denied { map } for pid=3641 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.13' (ECDSA) to the list of known hosts. net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz0.router_solicitations = 0 [ 25.460388] audit: type=1400 audit(1515861313.731:7): avc: denied { map } for pid=3655 comm="syzkaller130066" path="/root/syzkaller130066366" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 25.815037] ip (3721) used greatest stack depth: 16576 bytes left [ 25.850436] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument executing program [ 26.194857] [ 26.196495] ============================================ [ 26.201908] WARNING: possible recursive locking detected [ 26.207329] 4.15.0-rc7+ #187 Not tainted [ 26.211351] -------------------------------------------- [ 26.216764] syzkaller130066/3655 is trying to acquire lock: [ 26.222439] (_xmit_ETHER#2){+.-.}, at: [<000000005a1b0b04>] sch_direct_xmit+0x361/0x1140 [ 26.230731] [ 26.230731] but task is already holding lock: [ 26.236925] (_xmit_ETHER#2){+.-.}, at: [<000000005a1b0b04>] sch_direct_xmit+0x361/0x1140 [ 26.245208] [ 26.245208] other info that might help us debug this: [ 26.251841] Possible unsafe locking scenario: [ 26.251841] [ 26.257862] CPU0 [ 26.260416] ---- [ 26.262961] lock(_xmit_ETHER#2); [ 26.266471] lock(_xmit_ETHER#2); [ 26.269979] [ 26.269979] *** DEADLOCK *** [ 26.269979] [ 26.275999] May be due to missing lock nesting notation [ 26.275999] [ 26.282896] 8 locks held by syzkaller130066/3655: [ 26.287705] #0: (&tfile->napi_mutex){+.+.}, at: [<00000000f1b5d5e3>] tun_get_user+0xe6c/0x3940 [ 26.296605] #1: (rcu_read_lock){....}, at: [<00000000c1d0923e>] netif_receive_skb_internal+0xa2/0x670 [ 26.306113] #2: (k-slock-AF_INET){+...}, at: [<00000000e520273c>] icmp_send+0x758/0x19b0 [ 26.314492] #3: (rcu_read_lock_bh){....}, at: [<00000000b54f1700>] ip_finish_output2+0x2aa/0x14f0 [ 26.323653] #4: (rcu_read_lock_bh){....}, at: [<000000004ab6fcd3>] __dev_queue_xmit+0x2d8/0x2b50 [ 26.332729] #5: (_xmit_ETHER#2){+.-.}, at: [<000000005a1b0b04>] sch_direct_xmit+0x361/0x1140 [ 26.341451] #6: (rcu_read_lock_bh){....}, at: [<00000000b54f1700>] ip_finish_output2+0x2aa/0x14f0 [ 26.350604] #7: (rcu_read_lock_bh){....}, at: [<000000004ab6fcd3>] __dev_queue_xmit+0x2d8/0x2b50 [ 26.359671] [ 26.359671] stack backtrace: [ 26.364141] CPU: 0 PID: 3655 Comm: syzkaller130066 Not tainted 4.15.0-rc7+ #187 [ 26.372430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.381749] Call Trace: [ 26.384313] dump_stack+0x194/0x257 [ 26.387910] ? arch_local_irq_restore+0x53/0x53 [ 26.394431] __lock_acquire+0xe8f/0x3e00 [ 26.399504] ? print_lockdep_cache.isra.31+0x109/0x109 [ 26.404749] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.409910] ? __kernel_text_address+0xd/0x40 [ 26.414377] ? __save_stack_trace+0x7e/0xd0 [ 26.418664] ? print_lockdep_cache.isra.31+0x109/0x109 [ 26.423921] ? save_stack_trace+0x1a/0x20 [ 26.428035] ? save_trace+0xe0/0x2b0 [ 26.431715] ? __lock_acquire+0x36c0/0x3e00 [ 26.436008] ? skb_network_protocol+0xef/0x4b0 [ 26.441427] ? check_noncircular+0x20/0x20 [ 26.446492] ? netif_skb_features+0x5ff/0x9b0 [ 26.450966] ? dev_get_by_index_rcu+0x320/0x320 [ 26.456568] ? __skb_gso_segment+0x810/0x810 [ 26.460950] lock_acquire+0x1d5/0x580 [ 26.465150] ? lock_acquire+0x1d5/0x580 [ 26.469089] ? sch_direct_xmit+0x361/0x1140 [ 26.473375] ? validate_xmit_skb+0x50d/0xaf0 [ 26.477752] ? lock_release+0xa40/0xa40 [ 26.481701] ? netif_skb_features+0x9b0/0x9b0 [ 26.486165] ? pfifo_fast_dequeue+0x20e/0x870 [ 26.490631] _raw_spin_lock+0x2a/0x40 [ 26.494401] ? sch_direct_xmit+0x361/0x1140 [ 26.498685] sch_direct_xmit+0x361/0x1140 [ 26.502813] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 26.507800] ? pfifo_fast_reset+0x490/0x490 [ 26.512697] ? __lock_is_held+0xb6/0x140 [ 26.516727] __qdisc_run+0x57d/0x19c0 [ 26.520511] ? sch_direct_xmit+0x1140/0x1140 [ 26.524889] ? lock_release+0xa40/0xa40 [ 26.528827] ? __dev_queue_xmit+0x2d8/0x2b50 [ 26.533204] ? pfifo_fast_enqueue+0x2a0/0x420 [ 26.537664] __dev_queue_xmit+0xb62/0x2b50 [ 26.541870] ? netdev_pick_tx+0x300/0x300 [ 26.545993] ? check_noncircular+0x20/0x20 [ 26.550194] ? __local_bh_enable_ip+0x121/0x230 [ 26.554838] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 26.559821] ? __neigh_create+0x1657/0x1d90 [ 26.564115] ? __local_bh_enable_ip+0x121/0x230 [ 26.568753] ? _raw_write_unlock_bh+0x30/0x40 [ 26.573213] ? __neigh_create+0xc06/0x1d90 [ 26.577414] ? print_irqtrace_events+0x270/0x270 [ 26.582140] ? ip_finish_output2+0x8c6/0x14f0 [ 26.586861] ? lock_downgrade+0x980/0x980 [ 26.590973] ? lock_release+0xa40/0xa40 [ 26.594916] ? mark_held_locks+0xaf/0x100 [ 26.599031] ? memcpy+0x45/0x50 [ 26.602281] dev_queue_xmit+0x17/0x20 [ 26.606046] ? dev_queue_xmit+0x17/0x20 [ 26.609983] neigh_resolve_output+0x5e2/0xa00 [ 26.614449] ? ether_setup+0x2d0/0x2d0 [ 26.618302] ? __neigh_event_send+0x1040/0x1040 [ 26.622938] ? ip_finish_output+0x864/0xd10 [ 26.627228] ? ip_mc_output+0x271/0x1350 [ 26.631251] ? ip_local_out+0x95/0x160 [ 26.636406] ip_finish_output2+0x8c6/0x14f0 [ 26.640955] ? mark_held_locks+0x10/0x100 [ 26.645073] ? ip_copy_metadata+0xac0/0xac0 [ 26.649358] ? check_noncircular+0x20/0x20 [ 26.653556] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 26.658541] ? ipt_do_table+0xd0a/0x1330 [ 26.662566] ? trace_hardirqs_on+0xd/0x10 [ 26.667031] ? __local_bh_enable_ip+0x121/0x230 [ 26.671663] ? ipt_do_table+0xd75/0x1330 [ 26.676125] ? ipv4_mtu+0x347/0x4c0 [ 26.681371] ? rt_cpu_seq_show+0x2c0/0x2c0 [ 26.687047] ? find_held_lock+0x35/0x1d0 [ 26.691076] ip_finish_output+0x864/0xd10 [ 26.695188] ? ip_finish_output+0x864/0xd10 [ 26.699474] ? ip_fragment.constprop.47+0x200/0x200 [ 26.704454] ? iptable_mangle_hook+0xaf/0x4a0 [ 26.708919] ? nf_hook_slow+0xd3/0x1a0 [ 26.712780] ip_mc_output+0x271/0x1350 [ 26.716635] ? ip_queue_xmit+0x18e0/0x18e0 [ 26.720839] ? lock_downgrade+0x980/0x980 [ 26.724954] ? nf_hook_slow+0xd3/0x1a0 [ 26.728813] ? __ip_local_out+0x494/0x7a0 [ 26.732930] ? ip_copy_addrs+0xe0/0xe0 [ 26.736790] ? skb_copy_ubufs+0x1910/0x1910 [ 26.741083] ? ip_fragment.constprop.47+0x200/0x200 [ 26.746066] ? __ip_select_ident+0x168/0x270 [ 26.750442] ? ip_idents_reserve+0x2a0/0x2a0 [ 26.754833] ip_local_out+0x95/0x160 [ 26.758524] iptunnel_xmit+0x556/0x810 [ 26.762387] ip_tunnel_xmit+0x1780/0x3650 [ 26.766509] ? ip_md_tunnel_xmit+0x14d0/0x14d0 [ 26.771071] ? lock_downgrade+0x980/0x980 [ 26.775190] ? pvclock_read_flags+0x160/0x160 [ 26.779650] ? mark_held_locks+0xaf/0x100 [ 26.783852] ? ktime_get_with_offset+0x188/0x420 [ 26.788575] ? kvm_clock_get_cycles+0x25/0x30 [ 26.793040] ? do_gettimeofday+0x190/0x190 [ 26.797245] __gre_xmit+0x546/0x8b0 [ 26.800838] erspan_xmit+0x7eb/0x2430 [ 26.804605] ? gretap_fb_dev_create+0x250/0x250 [ 26.809239] ? __lock_is_held+0xb6/0x140 [ 26.813270] dev_hard_start_xmit+0x24e/0xac0 [ 26.817645] ? validate_xmit_skb_list+0x120/0x120 [ 26.822459] ? __skb_gso_segment+0x810/0x810 [ 26.826835] ? lock_acquire+0x1d5/0x580 [ 26.830859] ? lock_acquire+0x1d5/0x580 [ 26.834815] ? sch_direct_xmit+0x361/0x1140 [ 26.839102] ? validate_xmit_skb+0x50d/0xaf0 [ 26.843475] ? lock_release+0xa40/0xa40 [ 26.847418] ? netif_skb_features+0x9b0/0x9b0 [ 26.851878] ? pfifo_fast_dequeue+0x20e/0x870 [ 26.856345] sch_direct_xmit+0x40d/0x1140 [ 26.860463] ? pfifo_fast_reset+0x490/0x490 [ 26.865023] ? __lock_is_held+0xb6/0x140 [ 26.869060] __qdisc_run+0x57d/0x19c0 [ 26.872837] ? sch_direct_xmit+0x1140/0x1140 [ 26.877213] ? lock_release+0xa40/0xa40 [ 26.881157] ? __dev_queue_xmit+0x2d8/0x2b50 [ 26.885542] ? pfifo_fast_enqueue+0x2a0/0x420 [ 26.890012] __dev_queue_xmit+0xb62/0x2b50 [ 26.894216] ? netdev_pick_tx+0x300/0x300 [ 26.898331] ? find_held_lock+0x35/0x1d0 [ 26.902364] ? lock_downgrade+0x980/0x980 [ 26.906483] ? check_noncircular+0x20/0x20 [ 26.911037] ? __local_bh_enable_ip+0x121/0x230 [ 26.915675] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 26.920659] ? __neigh_create+0x1657/0x1d90 [ 26.924950] ? __local_bh_enable_ip+0x121/0x230 [ 26.929597] ? _raw_write_unlock_bh+0x30/0x40 [ 26.934413] ? __neigh_create+0xc06/0x1d90 [ 26.938615] ? print_irqtrace_events+0x270/0x270 [ 26.943342] ? ip_finish_output2+0x8c6/0x14f0 [ 26.947803] ? lock_downgrade+0x980/0x980 [ 26.951914] ? lock_release+0xa40/0xa40 [ 26.955854] ? mark_held_locks+0xaf/0x100 [ 26.960321] ? memcpy+0x45/0x50 [ 26.963586] dev_queue_xmit+0x17/0x20 [ 26.967357] ? dev_queue_xmit+0x17/0x20 [ 26.971295] neigh_resolve_output+0x5e2/0xa00 [ 26.975760] ? ether_setup+0x2d0/0x2d0 [ 26.979615] ? __neigh_event_send+0x1040/0x1040 [ 26.984249] ? tun_get_user+0x2760/0x3940 [ 26.988364] ? tun_chr_write_iter+0xb9/0x160 [ 26.993260] ? do_iter_readv_writev+0x525/0x7f0 [ 26.999200] ip_finish_output2+0x8c6/0x14f0 [ 27.003493] ? mark_held_locks+0x10/0x100 [ 27.007620] ? ip_copy_metadata+0xac0/0xac0 [ 27.011910] ? check_noncircular+0x20/0x20 [ 27.016114] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 27.021096] ? ipt_do_table+0xd0a/0x1330 [ 27.025125] ? trace_hardirqs_on+0xd/0x10 [ 27.029238] ? __local_bh_enable_ip+0x121/0x230 [ 27.033874] ? ipt_do_table+0xd75/0x1330 [ 27.037903] ? ipv4_mtu+0x347/0x4c0 [ 27.041494] ? rt_cpu_seq_show+0x2c0/0x2c0 [ 27.045694] ? find_held_lock+0x35/0x1d0 [ 27.049721] ip_finish_output+0x864/0xd10 [ 27.053840] ? ip_finish_output+0x864/0xd10 [ 27.058131] ? ip_fragment.constprop.47+0x200/0x200 [ 27.063110] ? iptable_mangle_hook+0xaf/0x4a0 [ 27.067574] ? nf_hook_slow+0xd3/0x1a0 [ 27.071428] ip_mc_output+0x271/0x1350 [ 27.075280] ? ip_queue_xmit+0x18e0/0x18e0 [ 27.079478] ? lock_downgrade+0x980/0x980 [ 27.083592] ? nf_hook_slow+0xd3/0x1a0 [ 27.087711] ? __ip_local_out+0x494/0x7a0 [ 27.091830] ? ip_copy_addrs+0xe0/0xe0 [ 27.095683] ? dst_release+0x3a/0x90 [ 27.099364] ? __ip_make_skb+0xfd1/0x1850 [ 27.103490] ? ip_fragment.constprop.47+0x200/0x200 [ 27.108479] ip_local_out+0x95/0x160 [ 27.112161] ip_send_skb+0x3c/0xc0 [ 27.115669] ip_push_pending_frames+0x64/0x80 [ 27.120130] icmp_push_reply+0x395/0x4f0 [ 27.124163] icmp_send+0x1136/0x19b0 [ 27.127846] ? icmp_route_lookup.constprop.24+0x1360/0x1360 [ 27.133534] ? check_noncircular+0x20/0x20 [ 27.137732] ? __lock_acquire+0x664/0x3e00 [ 27.141939] ? __debug_object_init+0x235/0x1040 [ 27.146577] ? __is_insn_slot_addr+0x1fc/0x330 [ 27.151128] ? find_held_lock+0x35/0x1d0 [ 27.155159] ? lock_downgrade+0x980/0x980 [ 27.159272] ? lock_release+0xa40/0xa40 [ 27.163211] ip_options_compile+0xc21/0x1a50 [ 27.167587] ? ip_forward+0x1cd0/0x1cd0 [ 27.171539] ? ip_route_input_rcu+0x3180/0x3180 [ 27.176179] ip_rcv_finish+0x80f/0x1e30 [ 27.180120] ? inet_del_offload+0x40/0x40 [ 27.184240] ? ip_rcv+0xf22/0x1840 [ 27.187745] ? lock_downgrade+0x980/0x980 [ 27.191857] ? nf_nat_ipv4_in+0x1cd/0x270 [ 27.195977] ? iptable_nat_ipv4_fn+0x40/0x40 [ 27.200350] ? nf_hook_slow+0xd3/0x1a0 [ 27.204202] ip_rcv+0xc5a/0x1840 [ 27.207536] ? ip_local_deliver+0x6e0/0x6e0 [ 27.211830] ? inet_del_offload+0x40/0x40 [ 27.215941] ? ip_local_deliver+0x6e0/0x6e0 [ 27.220235] __netif_receive_skb_core+0x1a41/0x3460 [ 27.225221] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 27.230379] ? nf_ingress+0x9f0/0x9f0 [ 27.234327] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 27.239498] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 27.244653] ? check_noncircular+0x20/0x20 [ 27.248852] ? check_noncircular+0x20/0x20 [ 27.253054] ? lock_release+0xa40/0xa40 [ 27.256996] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 27.262071] ? print_irqtrace_events+0x270/0x270 [ 27.266795] ? lock_downgrade+0x980/0x980 [ 27.270908] ? pvclock_read_flags+0x160/0x160 [ 27.275369] ? mark_held_locks+0xaf/0x100 [ 27.279489] ? lock_acquire+0x1d5/0x580 [ 27.283436] ? lock_acquire+0x1d5/0x580 [ 27.287379] ? netif_receive_skb_internal+0xa2/0x670 [ 27.292458] ? ktime_get_with_offset+0x2c1/0x420 [ 27.297185] ? lock_release+0xa40/0xa40 [ 27.301473] ? do_gettimeofday+0x190/0x190 [ 27.305685] __netif_receive_skb+0x2c/0x1b0 [ 27.309973] ? __netif_receive_skb+0x2c/0x1b0 [ 27.314434] netif_receive_skb_internal+0x10b/0x670 [ 27.319417] ? dev_cpu_dead+0xb00/0xb00 [ 27.323365] ? net_rx_action+0x1910/0x1910 [ 27.327567] ? eth_type_trans+0x2b2/0x710 [ 27.331679] ? eth_gro_receive+0x820/0x820 [ 27.335881] napi_gro_frags+0x58a/0xaf0 [ 27.339830] ? napi_gro_receive+0x500/0x500 [ 27.344123] ? tun_get_user+0x2737/0x3940 [ 27.348237] tun_get_user+0x2760/0x3940 [ 27.352177] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 27.357344] ? do_huge_pmd_anonymous_page+0xb21/0x1b00 [ 27.362596] ? tun_build_skb.isra.49+0x1810/0x1810 [ 27.367494] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 27.372912] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 27.378245] ? avc_has_extended_perms+0x12c0/0x12c0 [ 27.383233] ? find_held_lock+0x35/0x1d0 [ 27.387270] ? tun_get+0x1ab/0x2e0 [ 27.390780] ? lock_release+0xa40/0xa40 [ 27.394718] ? __lock_is_held+0xb6/0x140 [ 27.398748] ? tun_get+0x1d4/0x2e0 [ 27.402253] ? tun_do_read+0x2600/0x2600 [ 27.406282] ? __check_object_size+0x25d/0x4f0 [ 27.410834] ? rcu_note_context_switch+0x710/0x710 [ 27.415733] tun_chr_write_iter+0xb9/0x160 [ 27.419944] do_iter_readv_writev+0x525/0x7f0 [ 27.424408] ? vfs_dedupe_file_range+0x8f0/0x8f0 [ 27.429136] ? rw_verify_area+0xe5/0x2b0 [ 27.433162] do_iter_write+0x154/0x540 [ 27.437019] ? dup_iter+0x260/0x260 [ 27.440615] vfs_writev+0x18a/0x340 [ 27.444205] ? __fget_light+0x297/0x380 [ 27.448142] ? vfs_iter_write+0xb0/0xb0 [ 27.452083] ? up_read+0x1a/0x40 [ 27.455416] ? __do_page_fault+0x3d6/0xc90 [ 27.459623] ? mm_fault_error+0x2c0/0x2c0 [ 27.463737] ? __fdget_pos+0x130/0x190 [ 27.467595] ? __fdget_raw+0x20/0x20 [ 27.471273] ? __do_page_fault+0xc90/0xc90 [ 27.475996] do_writev+0xfc/0x2a0 [ 27.481068] ? do_writev+0xfc/0x2a0 [ 27.484927] ? vfs_writev+0x340/0x340 [ 27.488699] ? entry_SYSCALL_64_fastpath+0x5/0x9a [ 27.493515] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 27.498497] SyS_writev+0x27/0x30 [ 27.501921] entry_SYSCALL_64_fastpath+0x23/0x9a [ 27.506644] RIP: 0033:0x444f50 [ 27.509802] RSP: 002b:00007ffca38e6448 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 27.517477] RAX: ffffffffffffffda RBX: 00000000004a6852 RCX: 0000000000444f50 [ 27.524719] RDX: 0000000000000001 RSI: 00007ffca38e6480 RDI: 0000000000000003 [ 27.531958] RBP: 00007ffca38e6578 R08: 000000000000001f R09: 0000000000000000 [ 27.539198] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffca38e6578 [ 27.546434] R13: 0000000000402520 R14: 0000000