[....] Starting enhanced syslogd: rsyslogd[ 12.627369] audit: type=1400 audit(1515863824.909:5): avc: denied { syslog } for pid=3500 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.669639] audit: type=1400 audit(1515863831.951:6): avc: denied { map } for pid=3641 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.15.210' (ECDSA) to the list of known hosts. net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz0.router_solicitations = 0 [ 33.685202] audit: type=1400 audit(1515863845.967:7): avc: denied { map } for pid=3658 comm="syzkaller691714" path="/root/syzkaller691714095" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 33.940546] ip (3725) used greatest stack depth: 16672 bytes left [ 33.973433] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument executing program [ 34.318799] [ 34.320437] ============================================ [ 34.325865] WARNING: possible recursive locking detected [ 34.331287] 4.15.0-rc7+ #170 Not tainted [ 34.335323] -------------------------------------------- [ 34.340743] syzkaller691714/3658 is trying to acquire lock: [ 34.346516] (_xmit_ETHER#2){+.-.}, at: [<00000000a1f20440>] sch_direct_xmit+0x280/0x6d0 [ 34.354727] [ 34.354727] but task is already holding lock: [ 34.360667] (_xmit_ETHER#2){+.-.}, at: [<00000000a1f20440>] sch_direct_xmit+0x280/0x6d0 [ 34.368877] [ 34.368877] other info that might help us debug this: [ 34.375517] Possible unsafe locking scenario: [ 34.375517] [ 34.381541] CPU0 [ 34.384096] ---- [ 34.386645] lock(_xmit_ETHER#2); [ 34.390157] lock(_xmit_ETHER#2); [ 34.393668] [ 34.393668] *** DEADLOCK *** [ 34.393668] [ 34.399692] May be due to missing lock nesting notation [ 34.399692] [ 34.406595] 10 locks held by syzkaller691714/3658: [ 34.411496] #0: (&tfile->napi_mutex){+.+.}, at: [<000000007ec760ed>] tun_get_user+0xe5a/0x3710 [ 34.420397] #1: (rcu_read_lock){....}, at: [<00000000f84844cf>] netif_receive_skb_internal+0xa2/0x670 [ 34.429991] #2: (k-slock-AF_INET){+...}, at: [<000000005313ee64>] icmp_send+0x75e/0x19d0 [ 34.438370] #3: (rcu_read_lock_bh){....}, at: [<000000001b45b501>] ip_finish_output2+0x2b6/0x1500 [ 34.447532] #4: (rcu_read_lock_bh){....}, at: [<000000008bd0edf9>] __dev_queue_xmit+0x294/0x2920 [ 34.456602] #5: (dev->qdisc_running_key ?: &qdisc_running_key){+...}, at: [<000000004886c7c7>] dev_queue_xmit+0x17/0x20 [ 34.467668] #6: (_xmit_ETHER#2){+.-.}, at: [<00000000a1f20440>] sch_direct_xmit+0x280/0x6d0 [ 34.476319] #7: (rcu_read_lock_bh){....}, at: [<000000001b45b501>] ip_finish_output2+0x2b6/0x1500 [ 34.485487] #8: (rcu_read_lock_bh){....}, at: [<000000008bd0edf9>] __dev_queue_xmit+0x294/0x2920 [ 34.494558] #9: (dev->qdisc_running_key ?: &qdisc_running_key){+...}, at: [<000000004886c7c7>] dev_queue_xmit+0x17/0x20 [ 34.505623] [ 34.505623] stack backtrace: [ 34.510089] CPU: 1 PID: 3658 Comm: syzkaller691714 Not tainted 4.15.0-rc7+ #170 [ 34.517504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.526827] Call Trace: [ 34.529395] dump_stack+0x194/0x257 [ 34.532992] ? arch_local_irq_restore+0x53/0x53 [ 34.537633] __lock_acquire+0xe8f/0x3e00 [ 34.541664] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 34.546826] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 34.551993] ? __lock_acquire+0x664/0x3e00 [ 34.556200] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 34.561358] ? check_noncircular+0x20/0x20 [ 34.565563] ? trace_hardirqs_off+0x10/0x10 [ 34.569854] ? bpf_prog_kallsyms_find+0xbd/0x440 [ 34.574580] ? modules_open+0xa0/0xa0 [ 34.578352] ? trace_raw_output_xdp_redirect_map_err+0x440/0x440 [ 34.584468] ? check_noncircular+0x20/0x20 [ 34.588671] ? is_bpf_text_address+0x7b/0x120 [ 34.593139] ? lock_downgrade+0x980/0x980 [ 34.597259] ? skb_network_protocol+0xef/0x4b0 [ 34.601808] ? reacquire_held_locks+0x1f9/0x3e0 [ 34.606449] ? reacquire_held_locks+0x1f9/0x3e0 [ 34.611090] ? netif_skb_features+0x5ff/0x9b0 [ 34.615553] ? dev_get_by_index_rcu+0x320/0x320 [ 34.620198] lock_acquire+0x1d5/0x580 [ 34.623967] ? lock_acquire+0x1d5/0x580 [ 34.627910] ? sch_direct_xmit+0x280/0x6d0 [ 34.632113] ? lock_release+0xa40/0xa40 [ 34.636063] ? netif_skb_features+0x9b0/0x9b0 [ 34.640527] ? do_raw_spin_trylock+0x190/0x190 [ 34.645078] ? lock_acquire+0x1d5/0x580 [ 34.649024] ? __dev_queue_xmit+0xb37/0x2920 [ 34.653413] _raw_spin_lock+0x2a/0x40 [ 34.657185] ? sch_direct_xmit+0x280/0x6d0 [ 34.661388] sch_direct_xmit+0x280/0x6d0 [ 34.665420] ? dev_deactivate_queue.constprop.30+0x260/0x260 [ 34.671188] __dev_queue_xmit+0x1ce2/0x2920 [ 34.675575] ? netdev_pick_tx+0x300/0x300 [ 34.679696] ? find_held_lock+0x35/0x1d0 [ 34.683728] ? lock_downgrade+0x980/0x980 [ 34.687845] ? check_noncircular+0x20/0x20 [ 34.692064] ? __local_bh_enable_ip+0x121/0x230 [ 34.696703] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 34.701688] ? __neigh_create+0x1657/0x1d90 [ 34.705977] ? __local_bh_enable_ip+0x121/0x230 [ 34.710619] ? _raw_write_unlock_bh+0x30/0x40 [ 34.715091] ? __neigh_create+0xc06/0x1d90 [ 34.719295] ? print_irqtrace_events+0x270/0x270 [ 34.724034] ? ip_finish_output2+0x8d2/0x1500 [ 34.728497] ? lock_downgrade+0x980/0x980 [ 34.732611] ? lock_release+0xa40/0xa40 [ 34.736554] ? mark_held_locks+0xaf/0x100 [ 34.740675] ? memcpy+0x45/0x50 [ 34.743923] dev_queue_xmit+0x17/0x20 [ 34.747696] ? dev_queue_xmit+0x17/0x20 [ 34.751637] neigh_resolve_output+0x5e2/0xa00 [ 34.756101] ? ether_setup+0x2d0/0x2d0 [ 34.759957] ? __neigh_event_send+0x1050/0x1050 [ 34.764603] ? ip_finish_output+0x864/0xd10 [ 34.768892] ? ip_local_out+0x95/0x160 [ 34.772753] ? ip_send_skb+0x3c/0xc0 [ 34.776435] ? ip_push_pending_frames+0x64/0x80 [ 34.781074] ip_finish_output2+0x8d2/0x1500 [ 34.785366] ? ip_copy_metadata+0xac0/0xac0 [ 34.789654] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 34.794639] ? ipt_do_table+0xd0a/0x1330 [ 34.798667] ? trace_hardirqs_on+0xd/0x10 [ 34.802782] ? __local_bh_enable_ip+0x121/0x230 [ 34.807423] ? ipt_do_table+0xd75/0x1330 [ 34.811459] ? ipv4_mtu+0x34d/0x4c0 [ 34.815056] ? find_held_lock+0x35/0x1d0 [ 34.819089] ip_finish_output+0x864/0xd10 [ 34.823205] ? ip_finish_output+0x864/0xd10 [ 34.827495] ? ip_fragment.constprop.47+0x200/0x200 [ 34.832478] ? iptable_mangle_hook+0xa9/0x560 [ 34.836945] ? nf_hook_slow+0xd3/0x1a0 [ 34.840803] ip_mc_output+0x277/0x1360 [ 34.844662] ? ip_queue_xmit+0x18e0/0x18e0 [ 34.848865] ? lock_downgrade+0x980/0x980 [ 34.852983] ? nf_hook_slow+0xd3/0x1a0 [ 34.856842] ? __ip_local_out+0x494/0x7a0 [ 34.860960] ? ip_copy_addrs+0xe0/0xe0 [ 34.864822] ? skb_copy_ubufs+0x1910/0x1910 [ 34.869115] ? ip_fragment.constprop.47+0x200/0x200 [ 34.874097] ? __ip_select_ident+0x168/0x270 [ 34.878471] ? ip_idents_reserve+0x2a0/0x2a0 [ 34.882848] ip_local_out+0x95/0x160 [ 34.886530] iptunnel_xmit+0x556/0x810 [ 34.890387] ip_tunnel_xmit+0x1780/0x3650 [ 34.894515] ? skb_headers_offset_update+0x170/0x290 [ 34.899596] ? ip_md_tunnel_xmit+0x14e0/0x14e0 [ 34.904148] ? save_stack_trace+0x1a/0x20 [ 34.908265] ? skb_copy_ubufs+0x1910/0x1910 [ 34.912576] ? iptunnel_handle_offloads+0x3a3/0x710 [ 34.917569] __gre_xmit+0x546/0x8b0 [ 34.921164] erspan_xmit+0x409/0x13b0 [ 34.924936] ? prepare_fb_xmit+0x9a0/0x9a0 [ 34.929139] ? __lock_is_held+0xb6/0x140 [ 34.933174] dev_hard_start_xmit+0x24e/0xac0 [ 34.937553] ? validate_xmit_skb_list+0x120/0x120 [ 34.942365] ? netif_skb_features+0x5ff/0x9b0 [ 34.946838] ? lock_acquire+0x1d5/0x580 [ 34.950779] ? lock_acquire+0x1d5/0x580 [ 34.954722] ? sch_direct_xmit+0x280/0x6d0 [ 34.958926] ? lock_release+0xa40/0xa40 [ 34.962868] ? netif_skb_features+0x9b0/0x9b0 [ 34.967338] ? do_raw_spin_trylock+0x190/0x190 [ 34.971893] ? lock_acquire+0x1d5/0x580 [ 34.975859] ? __dev_queue_xmit+0xb37/0x2920 [ 34.980250] sch_direct_xmit+0x31d/0x6d0 [ 34.984289] ? dev_deactivate_queue.constprop.30+0x260/0x260 [ 34.990063] __dev_queue_xmit+0x1ce2/0x2920 [ 34.994359] ? netdev_pick_tx+0x300/0x300 [ 34.998480] ? find_held_lock+0x35/0x1d0 [ 35.002513] ? lock_downgrade+0x980/0x980 [ 35.006632] ? check_noncircular+0x20/0x20 [ 35.010839] ? __local_bh_enable_ip+0x121/0x230 [ 35.015483] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 35.020488] ? __neigh_create+0x1657/0x1d90 [ 35.024779] ? __local_bh_enable_ip+0x121/0x230 [ 35.029420] ? _raw_write_unlock_bh+0x30/0x40 [ 35.033898] ? __neigh_create+0xc06/0x1d90 [ 35.038120] ? print_irqtrace_events+0x270/0x270 [ 35.042871] ? ip_finish_output2+0x8d2/0x1500 [ 35.047350] ? lock_downgrade+0x980/0x980 [ 35.051467] ? lock_release+0xa40/0xa40 [ 35.055409] ? mark_held_locks+0xaf/0x100 [ 35.059527] ? memcpy+0x45/0x50 [ 35.062778] dev_queue_xmit+0x17/0x20 [ 35.066558] ? dev_queue_xmit+0x17/0x20 [ 35.070504] neigh_resolve_output+0x5e2/0xa00 [ 35.074974] ? ether_setup+0x2d0/0x2d0 [ 35.078835] ? __neigh_event_send+0x1050/0x1050 [ 35.083490] ? tun_get_user+0x262e/0x3710 [ 35.087616] ? tun_chr_write_iter+0xb9/0x160 [ 35.091997] ? do_iter_readv_writev+0x525/0x7f0 [ 35.096651] ip_finish_output2+0x8d2/0x1500 [ 35.100942] ? ip_copy_metadata+0xac0/0xac0 [ 35.105230] ? check_noncircular+0x20/0x20 [ 35.109441] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 35.114430] ? ipt_do_table+0xd0a/0x1330 [ 35.118461] ? trace_hardirqs_on+0xd/0x10 [ 35.122580] ? __local_bh_enable_ip+0x121/0x230 [ 35.127218] ? ipt_do_table+0xd75/0x1330 [ 35.131252] ? ipv4_mtu+0x34d/0x4c0 [ 35.134851] ? rt_cpu_seq_show+0x2c0/0x2c0 [ 35.139065] ? find_held_lock+0x35/0x1d0 [ 35.143098] ip_finish_output+0x864/0xd10 [ 35.147214] ? ip_finish_output+0x864/0xd10 [ 35.151504] ? ip_fragment.constprop.47+0x200/0x200 [ 35.156492] ? iptable_mangle_hook+0xa9/0x560 [ 35.160960] ? nf_hook_slow+0xd3/0x1a0 [ 35.164822] ip_mc_output+0x277/0x1360 [ 35.168678] ? ip_queue_xmit+0x18e0/0x18e0 [ 35.172880] ? lock_downgrade+0x980/0x980 [ 35.177004] ? nf_hook_slow+0xd3/0x1a0 [ 35.180860] ? __ip_local_out+0x494/0x7a0 [ 35.184983] ? ip_copy_addrs+0xe0/0xe0 [ 35.188845] ? dst_release+0x3d/0x90 [ 35.192529] ? __ip_make_skb+0xfd7/0x1860 [ 35.196645] ? ip_fragment.constprop.47+0x200/0x200 [ 35.201629] ip_local_out+0x95/0x160 [ 35.205313] ip_send_skb+0x3c/0xc0 [ 35.208822] ip_push_pending_frames+0x64/0x80 [ 35.213291] icmp_push_reply+0x395/0x4f0 [ 35.217321] icmp_send+0x1148/0x19d0 [ 35.221009] ? icmp_route_lookup.constprop.24+0x1360/0x1360 [ 35.226689] ? check_noncircular+0x20/0x20 [ 35.230891] ? __lock_acquire+0x664/0x3e00 [ 35.235098] ? __is_insn_slot_addr+0x1fc/0x330 [ 35.239650] ? find_held_lock+0x35/0x1d0 [ 35.243681] ? lock_downgrade+0x980/0x980 [ 35.247796] ? lock_release+0xa40/0xa40 [ 35.251738] ip_options_compile+0xc21/0x1a50 [ 35.256115] ? ip_forward+0x1ce0/0x1ce0 [ 35.260055] ? ip_route_input_rcu+0x31b0/0x31b0 [ 35.264692] ip_rcv_finish+0x80f/0x1e30 [ 35.268634] ? inet_del_offload+0x40/0x40 [ 35.272749] ? ip_rcv+0xf22/0x1840 [ 35.276255] ? lock_downgrade+0x980/0x980 [ 35.280370] ? nf_nat_ipv4_in+0x1cd/0x270 [ 35.284483] ? iptable_nat_ipv4_fn+0x40/0x40 [ 35.288862] ? nf_hook_slow+0xd3/0x1a0 [ 35.292720] ip_rcv+0xc5a/0x1840 [ 35.296053] ? ip_local_deliver+0x6e0/0x6e0 [ 35.300347] ? inet_del_offload+0x40/0x40 [ 35.304472] ? ip_local_deliver+0x6e0/0x6e0 [ 35.308768] __netif_receive_skb_core+0x1a41/0x3460 [ 35.313753] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 35.318915] ? nf_ingress+0x9f0/0x9f0 [ 35.322687] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 35.327845] ? __skb_flow_get_ports+0x420/0x420 [ 35.332482] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 35.337638] ? check_noncircular+0x20/0x20 [ 35.341840] ? check_noncircular+0x20/0x20 [ 35.346048] ? lock_release+0xa40/0xa40 [ 35.350007] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 35.355080] ? print_irqtrace_events+0x270/0x270 [ 35.359805] ? lock_downgrade+0x980/0x980 [ 35.363927] ? pvclock_read_flags+0x160/0x160 [ 35.368400] ? mark_held_locks+0xaf/0x100 [ 35.372525] ? lock_acquire+0x1d5/0x580 [ 35.376479] ? lock_acquire+0x1d5/0x580 [ 35.380450] ? netif_receive_skb_internal+0xa2/0x670 [ 35.385536] ? ktime_get_with_offset+0x2c1/0x420 [ 35.390266] ? lock_release+0xa40/0xa40 [ 35.394208] ? do_gettimeofday+0x190/0x190 [ 35.398420] __netif_receive_skb+0x2c/0x1b0 [ 35.402730] ? __netif_receive_skb+0x2c/0x1b0 [ 35.407217] netif_receive_skb_internal+0x10b/0x670 [ 35.412207] ? dev_cpu_dead+0xb00/0xb00 [ 35.416150] ? net_rx_action+0x1910/0x1910 [ 35.420354] ? eth_type_trans+0x2b2/0x710 [ 35.424472] ? eth_gro_receive+0x820/0x820 [ 35.428675] napi_gro_frags+0x58a/0xaf0 [ 35.432706] ? napi_gro_receive+0x500/0x500 [ 35.437001] ? tun_get_user+0x2605/0x3710 [ 35.441125] tun_get_user+0x262e/0x3710 [ 35.445078] ? tun_build_skb.isra.48+0x17d0/0x17d0 [ 35.449979] ? _raw_spin_unlock+0x22/0x30 [ 35.454105] ? do_huge_pmd_anonymous_page+0xb21/0x1b00 [ 35.459362] ? tun_get+0x1ab/0x2e0 [ 35.462885] ? perf_event_fork+0x30/0x30 [ 35.466931] ? lock_release+0xa40/0xa40 [ 35.470877] ? __lock_is_held+0xb6/0x140 [ 35.474910] ? tun_get+0x1d4/0x2e0 [ 35.478432] ? tun_chr_close+0x60/0x60 [ 35.482290] ? rcu_note_context_switch+0x710/0x710 [ 35.487191] ? vma_link+0xe9/0x170 [ 35.490701] tun_chr_write_iter+0xb9/0x160 [ 35.494906] do_iter_readv_writev+0x525/0x7f0 [ 35.499368] ? vfs_dedupe_file_range+0x8f0/0x8f0 [ 35.504093] ? rw_verify_area+0xe5/0x2b0 [ 35.508125] do_iter_write+0x154/0x540 [ 35.511990] ? iov_iter_get_pages+0x1150/0x1150 [ 35.516630] compat_writev+0x225/0x420 [ 35.520497] ? __fget_light+0x297/0x380 [ 35.524439] ? do_pwritev+0x1a0/0x1a0 [ 35.528217] ? find_held_lock+0x35/0x1d0 [ 35.532249] ? __do_page_fault+0x5f7/0xc90 [ 35.536454] ? __fdget_pos+0x130/0x190 [ 35.540310] ? __fdget_raw+0x20/0x20 [ 35.543991] ? down_read_trylock+0xdb/0x170 [ 35.548282] ? __do_page_fault+0x32d/0xc90 [ 35.552493] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 35.557049] do_compat_writev+0x115/0x220 [ 35.561166] ? do_compat_writev+0x115/0x220 [ 35.565457] ? compat_writev+0x420/0x420 [ 35.569487] compat_SyS_writev+0x26/0x30 [ 35.573524] ? compat_SyS_preadv2+0x90/0x90 [ 35.577816] do_fast_syscall_32+0x3ee/0xf9d [ 35.582109] ? do_int80_syscall_32+0x9d0/0x9d0 [ 35.586659] ? kasan_check_read+0x11/0x20 [ 35.590776] ? syscall_return_slowpath+0x550/0x550 [ 35.595676] ? SyS_rt_sigaction+0x94/0x1b0 [ 35.599879] ? SyS_sigprocmask+0x4b0/0x4b0 [ 35.604095] ? SyS_read+0x184/0x220 [ 35.607707] ? retint_user+0x18/0x18 [ 35.611392] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.616205] entry_SYSENTER_compat+0x54/0x63 [ 35.620580] RIP: 0023:0xf7f38c79 [ 35.623913] RSP: 002b:00000000ffcd12e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000092 [ 35.631592] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000ffcd1324 [ 35.638835] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 35.646077] RBP: 00000000ffcd1498 R08: 0000000000000000 R09: 0000000000000000 [ 35.653326] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 35.660570] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [