[....] Starting enhanced syslogd: rsyslogd[ 13.062535] audit: type=1400 audit(1571648718.017:4): avc: denied { syslog } for pid=1919 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.199' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 25.305717] [ 25.307378] ====================================================== [ 25.313670] [ INFO: possible circular locking dependency detected ] [ 25.320050] 4.4.174+ #17 Not tainted [ 25.323736] ------------------------------------------------------- [ 25.330113] syz-executor297/2075 is trying to acquire lock: [ 25.335795] (_xmit_NETROM){+.-...}, at: [] sch_direct_xmit+0x238/0x700 [ 25.344572] [ 25.344572] but task is already holding lock: [ 25.350528] (&(&q->lock)->rlock){+.-...}, at: [] ipv6_frag_rcv+0x6cc/0x51e0 [ 25.359763] [ 25.359763] which lock already depends on the new lock. [ 25.359763] [ 25.368052] [ 25.368052] the existing dependency chain (in reverse order) is: [ 25.375644] -> #1 (&(&q->lock)->rlock){+.-...}: [ 25.380947] [] lock_acquire+0x15e/0x450 [ 25.387195] [] _raw_spin_lock_irqsave+0x50/0x70 [ 25.394137] [] depot_save_stack+0x20c/0x5f0 [ 25.400731] [] kasan_kmalloc.part.0+0xc6/0xf0 [ 25.407497] [] kasan_kmalloc+0xb7/0xd0 [ 25.413661] [] kasan_slab_alloc+0xf/0x20 [ 25.419991] [] kmem_cache_alloc+0xdc/0x2c0 [ 25.426495] [] inet_getpeer+0x1525/0x1ce0 [ 25.432914] [] ip4_frag_init+0x2a2/0x310 [ 25.439251] [] inet_frag_create+0x1ac/0x14e0 [ 25.445947] [] inet_frag_find+0x64d/0x880 [ 25.452385] [] ip_defrag+0x2fb/0x3b70 [ 25.458479] [] ip_check_defrag+0x3d6/0x5b0 [ 25.464995] [] packet_rcv_fanout+0x51e/0x5f0 [ 25.471673] [] dev_hard_start_xmit+0x654/0x11e0 [ 25.478612] [] sch_direct_xmit+0x2b6/0x700 [ 25.485112] [] __dev_queue_xmit+0xd24/0x1bb0 [ 25.491796] [] dev_queue_xmit+0x18/0x20 [ 25.498039] [] neigh_resolve_output+0x4a0/0x7a0 [ 25.504988] [] ip_finish_output2+0x6a2/0x1280 [ 25.511813] [] ip_do_fragment+0x187c/0x1f70 [ 25.518406] [] ip_fragment.constprop.0+0x14b/0x200 [ 25.525606] [] ip_finish_output+0x3b9/0xc60 [ 25.532296] [] ip_mc_output+0x251/0xae0 [ 25.538576] [] ip_local_out+0x9c/0x180 [ 25.544731] [] ip_send_skb+0x3e/0xc0 [ 25.550741] [] udp_send_skb+0x4fd/0xc70 [ 25.556987] [] udp_push_pending_frames+0x4e/0xe0 [ 25.564019] [] udp_sendpage+0x2ae/0x410 [ 25.570313] [] inet_sendpage+0x223/0x520 [ 25.576649] [] kernel_sendpage+0x95/0xf0 [ 25.582980] [] sock_sendpage+0x8b/0xc0 [ 25.589161] [] pipe_to_sendpage+0x28d/0x3d0 [ 25.595748] [] __splice_from_pipe+0x37e/0x7a0 [ 25.602518] [] splice_from_pipe+0x108/0x170 [ 25.609107] [] generic_splice_sendpage+0x3c/0x50 [ 25.616125] [] SyS_splice+0xd71/0x13a0 [ 25.622287] [] do_fast_syscall_32+0x32d/0xa90 [ 25.629064] [] sysenter_flags_fixed+0xd/0x1a [ 25.635742] -> #0 (_xmit_NETROM){+.-...}: [ 25.640536] [] __lock_acquire+0x37d6/0x4f50 [ 25.647126] [] lock_acquire+0x15e/0x450 [ 25.653384] [] _raw_spin_lock+0x38/0x50 [ 25.659631] [] sch_direct_xmit+0x238/0x700 [ 25.666147] [] __dev_queue_xmit+0xd24/0x1bb0 [ 25.672860] [] dev_queue_xmit+0x18/0x20 [ 25.679110] [] neigh_resolve_output+0x4a0/0x7a0 [ 25.686053] [] ip6_finish_output2+0x9c7/0x1dc0 [ 25.692913] [] ip6_finish_output+0x2f3/0x750 [ 25.699597] [] ip6_output+0x1b4/0x520 [ 25.705664] [] ndisc_send_skb+0x98d/0x1110 [ 25.712951] [] ndisc_send_ns+0x4bf/0x6b0 [ 25.719301] [] ndisc_solicit+0x2b2/0x440 [ 25.725636] [] neigh_probe+0xc8/0x100 [ 25.731768] [] __neigh_event_send+0x2ab/0xc50 [ 25.738604] [] neigh_resolve_output+0x5ec/0x7a0 [ 25.745549] [] ip6_finish_output2+0x9c7/0x1dc0 [ 25.752403] [] ip6_finish_output+0x2f3/0x750 [ 25.759082] [] ip6_output+0x1b4/0x520 [ 25.765153] [] ip6_local_out+0x9c/0x180 [ 25.771457] [] ip6_send_skb+0xa2/0x340 [ 25.777705] [] ip6_push_pending_frames+0xbb/0xe0 [ 25.784739] [] icmpv6_push_pending_frames+0x336/0x530 [ 25.792206] [] icmp6_send+0x1506/0x1b40 [ 25.798446] [] icmpv6_param_prob+0x29/0x40 [ 25.804945] [] ipv6_frag_rcv+0x3ce5/0x51e0 [ 25.811449] [] ip6_input_finish+0x57d/0x14f0 [ 25.818120] [] ip6_input+0xf8/0x1f0 [ 25.824021] [] ip6_rcv_finish+0x14d/0x670 [ 25.830447] [] ipv6_rcv+0xfc1/0x1a20 [ 25.836447] [] __netif_receive_skb_core+0x1300/0x2950 [ 25.843909] [] __netif_receive_skb+0x58/0x1c0 [ 25.850702] [] process_backlog+0x200/0x630 [ 25.857209] [] net_rx_action+0x367/0xd30 [ 25.863552] [] __do_softirq+0x226/0xa3f [ 25.869816] [] do_softirq_own_stack+0x1c/0x30 [ 25.876594] [] do_softirq.part.0+0x54/0x60 [ 25.883105] [] do_softirq+0x18/0x20 [ 25.888999] [] netif_rx_ni+0xeb/0x3b0 [ 25.895064] [] tun_get_user+0xdbf/0x2640 [ 25.901408] [] tun_chr_write_iter+0xda/0x190 [ 25.908084] [] do_iter_readv_writev+0x141/0x1e0 [ 25.915034] [] compat_do_readv_writev+0x389/0x6e0 [ 25.922140] [] compat_writev+0xe1/0x150 [ 25.928391] [] compat_SyS_writev+0xdb/0x1c0 [ 25.934979] [] do_fast_syscall_32+0x32d/0xa90 [ 25.942103] [] sysenter_flags_fixed+0xd/0x1a [ 25.948792] [ 25.948792] other info that might help us debug this: [ 25.948792] [ 25.956911] Possible unsafe locking scenario: [ 25.956911] [ 25.962948] CPU0 CPU1 [ 25.967591] ---- ---- [ 25.972234] lock(&(&q->lock)->rlock); [ 25.976516] lock(_xmit_NETROM); [ 25.982706] lock(&(&q->lock)->rlock); [ 25.989430] lock(_xmit_NETROM); [ 25.993112] [ 25.993112] *** DEADLOCK *** [ 25.993112] [ 25.999156] 9 locks held by syz-executor297/2075: [ 26.003984] #0: (rcu_read_lock){......}, at: [] process_backlog+0x19c/0x630 [ 26.013410] #1: (rcu_read_lock){......}, at: [] ip6_input_finish+0x0/0x14f0 [ 26.022881] #2: (&(&q->lock)->rlock){+.-...}, at: [] ipv6_frag_rcv+0x6cc/0x51e0 [ 26.032672] #3: (slock-AF_INET6){+.....}, at: [] icmp6_send+0x7bd/0x1b40 [ 26.041839] #4: (rcu_read_lock){......}, at: [] icmp6_send+0xf44/0x1b40 [ 26.050933] #5: (rcu_read_lock_bh){......}, at: [] ip6_finish_output2+0x1e1/0x1dc0 [ 26.061009] #6: (rcu_read_lock){......}, at: [] ndisc_send_skb+0x779/0x1110 [ 26.070446] #7: (rcu_read_lock_bh){......}, at: [] ip6_finish_output2+0x1e1/0x1dc0 [ 26.080482] #8: (rcu_read_lock_bh){......}, at: [] __dev_queue_xmit+0x1d7/0x1bb0 [ 26.090378] [ 26.090378] stack backtrace: [ 26.094860] CPU: 1 PID: 2075 Comm: syz-executor297 Not tainted 4.4.174+ #17 [ 26.101937] 0000000000000000 acc62226d0b7b338 ffff8801db7064e0 ffffffff81aad1a1 [ 26.109961] ffffffff84057a80 ffff8800b7ed2f80 ffffffff83ad3360 ffffffff83ad3a20 [ 26.117997] ffffffff83ad3360 ffff8801db706530 ffffffff813abcda ffff8801db706610 [ 26.126011] Call Trace: [ 26.128570] [] dump_stack+0xc1/0x120 [ 26.134653] [] print_circular_bug.cold+0x2f7/0x44e [ 26.141208] [] __lock_acquire+0x37d6/0x4f50 [ 26.147167] [] ? check_usage+0x14e/0x5a0 [ 26.152853] [] ? trace_hardirqs_on+0x10/0x10 [ 26.158886] [] ? __lock_acquire+0x2c79/0x4f50 [ 26.165007] [] ? __dev_get_by_index+0x130/0x130 [ 26.171317] [] ? __skb_gso_segment+0x4c0/0x4c0 [ 26.177539] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.184316] [] lock_acquire+0x15e/0x450 [ 26.189924] [] ? sch_direct_xmit+0x238/0x700 [ 26.195958] [] _raw_spin_lock+0x38/0x50 [ 26.201556] [] ? sch_direct_xmit+0x238/0x700 [ 26.207588] [] sch_direct_xmit+0x238/0x700 [ 26.213446] [] ? dev_deactivate_queue.constprop.0+0x160/0x160 [ 26.220955] [] __dev_queue_xmit+0xd24/0x1bb0 [ 26.226989] [] ? __dev_queue_xmit+0x1d7/0x1bb0 [ 26.233194] [] ? trace_hardirqs_on+0x10/0x10 [ 26.239226] [] ? netdev_pick_tx+0x2f0/0x2f0 [ 26.245172] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.251923] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.258655] [] ? memcpy+0x46/0x50 [ 26.263764] [] dev_queue_xmit+0x18/0x20 [ 26.269373] [] neigh_resolve_output+0x4a0/0x7a0 [ 26.275669] [] ? ip6_finish_output2+0x9c7/0x1dc0 [ 26.282136] [] ip6_finish_output2+0x9c7/0x1dc0 [ 26.288342] [] ? ip6_finish_output2+0x1e1/0x1dc0 [ 26.294725] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.301464] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.308192] [] ? ip6_forward_finish+0x4a0/0x4a0 [ 26.314486] [] ? check_preemption_disabled+0x3c/0x200 [ 26.321300] [] ? check_preemption_disabled+0x3c/0x200 [ 26.328111] [] ? ip6_mtu+0x21f/0x340 [ 26.333454] [] ip6_finish_output+0x2f3/0x750 [ 26.339485] [] ip6_output+0x1b4/0x520 [ 26.344910] [] ? ip6_finish_output+0x750/0x750 [ 26.351117] [] ? nf_iterate+0x220/0x220 [ 26.356724] [] ? ip6_fragment+0x3210/0x3210 [ 26.362681] [] ndisc_send_skb+0x98d/0x1110 [ 26.372458] [] ? ndisc_send_skb+0x779/0x1110 [ 26.378497] [] ? ndisc_alloc_skb+0x330/0x330 [ 26.384528] [] ? compat_ipv6_setsockopt+0x1d0/0x1d0 [ 26.391167] [] ? memcpy+0x46/0x50 [ 26.396250] [] ? ndisc_fill_addr_option+0x19b/0x1f0 [ 26.402892] [] ndisc_send_ns+0x4bf/0x6b0 [ 26.408579] [] ? trace_hardirqs_on+0xd/0x10 [ 26.414526] [] ? ndisc_netdev_event+0x360/0x360 [ 26.420817] [] ? ipv6_chk_addr_and_flags+0x3a6/0x530 [ 26.427553] [] ? ipv6_chk_addr_and_flags+0x69/0x530 [ 26.434192] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 26.441105] [] ndisc_solicit+0x2b2/0x440 [ 26.446803] [] ? ndisc_send_ns+0x6b0/0x6b0 [ 26.452679] [] ? ndisc_send_ns+0x6b0/0x6b0 [ 26.458730] [] neigh_probe+0xc8/0x100 [ 26.464154] [] __neigh_event_send+0x2ab/0xc50 [ 26.470275] [] ? __local_bh_enable_ip+0x6a/0xe0 [ 26.476570] [] ? _raw_write_unlock_bh+0x31/0x40 [ 26.482875] [] neigh_resolve_output+0x5ec/0x7a0 [ 26.489179] [] ip6_finish_output2+0x9c7/0x1dc0 [ 26.495471] [] ? ip6_finish_output2+0x1e1/0x1dc0 [ 26.501851] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.508586] [] ? ip6_forward_finish+0x4a0/0x4a0 [ 26.514885] [] ? check_preemption_disabled+0x3c/0x200 [ 26.521708] [] ? check_preemption_disabled+0x3c/0x200 [ 26.529219] [] ? ip6_mtu+0x21f/0x340 [ 26.534556] [] ip6_finish_output+0x2f3/0x750 [ 26.540677] [] ip6_output+0x1b4/0x520 [ 26.546110] [] ? ip6_finish_output+0x750/0x750 [ 26.552317] [] ? ip6_fragment+0x3210/0x3210 [ 26.558270] [] ip6_local_out+0x9c/0x180 [ 26.563878] [] ip6_send_skb+0xa2/0x340 [ 26.569418] [] ip6_push_pending_frames+0xbb/0xe0 [ 26.575808] [] icmpv6_push_pending_frames+0x336/0x530 [ 26.582625] [] icmp6_send+0x1506/0x1b40 [ 26.588237] [] ? icmpv6_push_pending_frames+0x530/0x530 [ 26.595237] [] ? __lock_acquire+0x94f/0x4f50 [ 26.602499] [] ? perf_trace_softirq+0x28a/0x3b0 [ 26.608806] [] ? ipv6_frag_rcv+0x6cc/0x51e0 [ 26.614753] [] icmpv6_param_prob+0x29/0x40 [ 26.620709] [] ipv6_frag_rcv+0x3ce5/0x51e0 [ 26.626573] [] ? ipv6_frags_init_net+0x3e0/0x3e0 [ 26.632963] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.639699] [] ip6_input_finish+0x57d/0x14f0 [ 26.645730] [] ? ip6_rcv_finish+0x670/0x670 [ 26.651675] [] ip6_input+0xf8/0x1f0 [ 26.656948] [] ? ipv6_rcv+0x1a20/0x1a20 [ 26.662546] [] ? ip6_rcv_finish+0x670/0x670 [ 26.668510] [] ip6_rcv_finish+0x14d/0x670 [ 26.674281] [] ipv6_rcv+0xfc1/0x1a20 [ 26.679632] [] ? ipv6_rcv+0xfc/0x1a20 [ 26.685131] [] ? ip6_input_finish+0x14f0/0x14f0 [ 26.691434] [] ? ip6_make_skb+0x3f0/0x3f0 [ 26.697302] [] ? packet_rcv_fanout+0x173/0x5f0 [ 26.703618] [] ? ip6_input_finish+0x14f0/0x14f0 [ 26.709928] [] __netif_receive_skb_core+0x1300/0x2950 [ 26.716747] [] ? dev_loopback_xmit+0x430/0x430 [ 26.722963] [] ? try_to_wake_up+0x701/0x1110 [ 26.729013] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.735739] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.742478] [] ? check_preemption_disabled+0x3c/0x200 [ 26.749360] [] __netif_receive_skb+0x58/0x1c0 [ 26.755608] [] process_backlog+0x200/0x630 [ 26.761473] [] ? process_backlog+0x19c/0x630 [ 26.767513] [] ? net_rx_action+0x1fb/0xd30 [ 26.773383] [] net_rx_action+0x367/0xd30 [ 26.779082] [] ? net_rps_action_and_irq_enable.isra.0+0x170/0x170 [ 26.786954] [] __do_softirq+0x226/0xa3f [ 26.792555] [] do_softirq_own_stack+0x1c/0x30 [ 26.798703] [] do_softirq.part.0+0x54/0x60 [ 26.805298] [] do_softirq+0x18/0x20 [ 26.810549] [] netif_rx_ni+0xeb/0x3b0 [ 26.815983] [] tun_get_user+0xdbf/0x2640 [ 26.821696] [] ? tun_free_netdev+0xb0/0xb0 [ 26.827556] [] ? futex_wait+0x47d/0x600 [ 26.833155] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.839883] [] ? __tun_get+0x126/0x230 [ 26.845394] [] tun_chr_write_iter+0xda/0x190 [ 26.851449] [] do_iter_readv_writev+0x141/0x1e0 [ 26.857741] [] ? tun_sendmsg+0x140/0x140 [ 26.863426] [] ? vfs_iter_read+0x280/0x280 [ 26.869314] [] ? rw_verify_area+0x103/0x2f0 [ 26.875259] [] ? tun_sendmsg+0x140/0x140 [ 26.880954] [] compat_do_readv_writev+0x389/0x6e0 [ 26.887421] [] ? vfs_writev+0xb0/0xb0 [ 26.892847] [] ? check_preemption_disabled+0x3c/0x200 [ 26.899660] [] ? __fget+0x13b/0x370 [ 26.904909] [] ? __fget+0x162/0x370 [ 26.910157] [] ? __fget+0x47/0x370 [ 26.915320] [] compat_writev+0xe1/0x150 [ 26.920926] [] compat_SyS_writev+0xdb/0x1c0 [ 26.926870] [] ? compat_SyS_preadv+0x50/0x50 [ 26.932902] [] ? do_fast_syscall_32+0xd6/0xa90 [ 26.939105] [] ? compat_SyS_preadv+0x50/0x50 [ 26.945144] [] do_fast_syscall_32+0x32d/0xa90 [ 26.951276] [] sysenter_flags_fixed+0xd/0x1a