[....] Starting enhanced syslogd: rsyslogd[ 13.169070] audit: type=1400 audit(1515865736.298:5): avc: denied { syslog } for pid=3507 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.993175] audit: type=1400 audit(1515865743.122:6): avc: denied { map } for pid=3647 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts. net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz0.router_solicitations = 0 [ 27.754995] audit: type=1400 audit(1515865750.884:7): avc: denied { map } for pid=3662 comm="syzkaller236227" path="/root/syzkaller236227413" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 28.084503] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument executing program [ 28.473574] [ 28.475239] ============================================ [ 28.480660] WARNING: possible recursive locking detected [ 28.486085] 4.15.0-rc7+ #170 Not tainted [ 28.490119] -------------------------------------------- [ 28.495629] syzkaller236227/3662 is trying to acquire lock: [ 28.501324] (_xmit_ETHER#2){+.-.}, at: [<000000004d3d9798>] sch_direct_xmit+0x280/0x6d0 [ 28.509546] [ 28.509546] but task is already holding lock: [ 28.515488] (_xmit_ETHER#2){+.-.}, at: [<000000004d3d9798>] sch_direct_xmit+0x280/0x6d0 [ 28.523705] [ 28.523705] other info that might help us debug this: [ 28.530346] Possible unsafe locking scenario: [ 28.530346] [ 28.536378] CPU0 [ 28.538932] ---- [ 28.541485] lock(_xmit_ETHER#2); [ 28.545000] lock(_xmit_ETHER#2); [ 28.548512] [ 28.548512] *** DEADLOCK *** [ 28.548512] [ 28.554543] May be due to missing lock nesting notation [ 28.554543] [ 28.561537] 10 locks held by syzkaller236227/3662: [ 28.566438] #0: (&tfile->napi_mutex){+.+.}, at: [<00000000df5efbb7>] tun_get_user+0xe5a/0x3710 [ 28.575357] #1: (rcu_read_lock){....}, at: [<000000009c870d58>] netif_receive_skb_internal+0xa2/0x670 [ 28.584883] #2: (k-slock-AF_INET){+...}, at: [<00000000fea1fbb2>] icmp_send+0x75e/0x19d0 [ 28.593278] #3: (rcu_read_lock_bh){....}, at: [<00000000a15ba273>] ip_finish_output2+0x2b6/0x1500 [ 28.602452] #4: (rcu_read_lock_bh){....}, at: [<000000004be7aa44>] __dev_queue_xmit+0x294/0x2920 [ 28.611550] #5: (dev->qdisc_running_key ?: &qdisc_running_key){+...}, at: [<00000000ff240ec6>] dev_queue_xmit+0x17/0x20 [ 28.622632] #6: (_xmit_ETHER#2){+.-.}, at: [<000000004d3d9798>] sch_direct_xmit+0x280/0x6d0 [ 28.631285] #7: (rcu_read_lock_bh){....}, at: [<00000000a15ba273>] ip_finish_output2+0x2b6/0x1500 [ 28.640455] #8: (rcu_read_lock_bh){....}, at: [<000000004be7aa44>] __dev_queue_xmit+0x294/0x2920 [ 28.649550] #9: (dev->qdisc_running_key ?: &qdisc_running_key){+...}, at: [<00000000ff240ec6>] dev_queue_xmit+0x17/0x20 [ 28.660633] [ 28.660633] stack backtrace: [ 28.665112] CPU: 0 PID: 3662 Comm: syzkaller236227 Not tainted 4.15.0-rc7+ #170 [ 28.672532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.681878] Call Trace: [ 28.684453] dump_stack+0x194/0x257 [ 28.688075] ? arch_local_irq_restore+0x53/0x53 [ 28.692727] __lock_acquire+0xe8f/0x3e00 [ 28.696781] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 28.701961] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 28.707131] ? __lock_acquire+0x664/0x3e00 [ 28.711348] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 28.716525] ? check_noncircular+0x20/0x20 [ 28.720737] ? trace_hardirqs_off+0x10/0x10 [ 28.725037] ? bpf_prog_kallsyms_find+0xbd/0x440 [ 28.729859] ? modules_open+0xa0/0xa0 [ 28.733641] ? trace_raw_output_xdp_redirect_map_err+0x440/0x440 [ 28.739777] ? check_noncircular+0x20/0x20 [ 28.743989] ? is_bpf_text_address+0x7b/0x120 [ 28.748461] ? lock_downgrade+0x980/0x980 [ 28.752598] ? skb_network_protocol+0xef/0x4b0 [ 28.757163] ? reacquire_held_locks+0x1f9/0x3e0 [ 28.761811] ? reacquire_held_locks+0x1f9/0x3e0 [ 28.766472] ? netif_skb_features+0x5ff/0x9b0 [ 28.770952] ? dev_get_by_index_rcu+0x320/0x320 [ 28.775603] lock_acquire+0x1d5/0x580 [ 28.779383] ? lock_acquire+0x1d5/0x580 [ 28.783339] ? sch_direct_xmit+0x280/0x6d0 [ 28.787562] ? lock_release+0xa40/0xa40 [ 28.791525] ? netif_skb_features+0x9b0/0x9b0 [ 28.796013] ? do_raw_spin_trylock+0x190/0x190 [ 28.800927] ? lock_acquire+0x1d5/0x580 [ 28.804890] ? __dev_queue_xmit+0xb37/0x2920 [ 28.809291] _raw_spin_lock+0x2a/0x40 [ 28.813084] ? sch_direct_xmit+0x280/0x6d0 [ 28.817298] sch_direct_xmit+0x280/0x6d0 [ 28.821349] ? dev_deactivate_queue.constprop.30+0x260/0x260 [ 28.827128] __dev_queue_xmit+0x1ce2/0x2920 [ 28.833437] ? netdev_pick_tx+0x300/0x300 [ 28.837568] ? find_held_lock+0x35/0x1d0 [ 28.841624] ? lock_downgrade+0x980/0x980 [ 28.845754] ? check_noncircular+0x20/0x20 [ 28.849973] ? __local_bh_enable_ip+0x121/0x230 [ 28.854626] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 28.859626] ? __neigh_create+0x1657/0x1d90 [ 28.863927] ? __local_bh_enable_ip+0x121/0x230 [ 28.868576] ? _raw_write_unlock_bh+0x30/0x40 [ 28.873053] ? __neigh_create+0xc06/0x1d90 [ 28.877269] ? print_irqtrace_events+0x270/0x270 [ 28.882023] ? ip_finish_output2+0x8d2/0x1500 [ 28.886514] ? lock_downgrade+0x980/0x980 [ 28.890650] ? lock_release+0xa40/0xa40 [ 28.894603] ? mark_held_locks+0xaf/0x100 [ 28.898733] ? memcpy+0x45/0x50 [ 28.902009] dev_queue_xmit+0x17/0x20 [ 28.905795] ? dev_queue_xmit+0x17/0x20 [ 28.909765] neigh_resolve_output+0x5e2/0xa00 [ 28.914258] ? ether_setup+0x2d0/0x2d0 [ 28.918142] ? __neigh_event_send+0x1050/0x1050 [ 28.922788] ? ip_finish_output+0x864/0xd10 [ 28.927086] ? ip_local_out+0x95/0x160 [ 28.930963] ? ip_send_skb+0x3c/0xc0 [ 28.934657] ? ip_push_pending_frames+0x64/0x80 [ 28.939341] ip_finish_output2+0x8d2/0x1500 [ 28.943655] ? ip_copy_metadata+0xac0/0xac0 [ 28.947953] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 28.952946] ? ipt_do_table+0xd0a/0x1330 [ 28.956995] ? trace_hardirqs_on+0xd/0x10 [ 28.961121] ? __local_bh_enable_ip+0x121/0x230 [ 28.965781] ? ipt_do_table+0xd75/0x1330 [ 28.969826] ? ipv4_mtu+0x34d/0x4c0 [ 28.973435] ? find_held_lock+0x35/0x1d0 [ 28.977494] ip_finish_output+0x864/0xd10 [ 28.981627] ? ip_finish_output+0x864/0xd10 [ 28.985939] ? ip_fragment.constprop.47+0x200/0x200 [ 28.990942] ? iptable_mangle_hook+0xa9/0x560 [ 28.995421] ? nf_hook_slow+0xd3/0x1a0 [ 28.999324] ip_mc_output+0x277/0x1360 [ 29.003192] ? ip_queue_xmit+0x18e0/0x18e0 [ 29.007414] ? lock_downgrade+0x980/0x980 [ 29.011541] ? nf_hook_slow+0xd3/0x1a0 [ 29.015409] ? __ip_local_out+0x494/0x7a0 [ 29.019535] ? ip_copy_addrs+0xe0/0xe0 [ 29.023399] ? skb_copy_ubufs+0x1910/0x1910 [ 29.027701] ? ip_fragment.constprop.47+0x200/0x200 [ 29.032779] ? __ip_select_ident+0x168/0x270 [ 29.037165] ? ip_idents_reserve+0x2a0/0x2a0 [ 29.041564] ip_local_out+0x95/0x160 [ 29.045260] iptunnel_xmit+0x556/0x810 [ 29.049133] ip_tunnel_xmit+0x1780/0x3650 [ 29.053279] ? skb_headers_offset_update+0x170/0x290 [ 29.058390] ? ip_md_tunnel_xmit+0x14e0/0x14e0 [ 29.062965] ? save_stack_trace+0x1a/0x20 [ 29.067095] ? skb_copy_ubufs+0x1910/0x1910 [ 29.071406] ? iptunnel_handle_offloads+0x3a3/0x710 [ 29.076406] __gre_xmit+0x546/0x8b0 [ 29.080013] erspan_xmit+0x409/0x13b0 [ 29.083804] ? prepare_fb_xmit+0x9a0/0x9a0 [ 29.088030] ? __lock_is_held+0xb6/0x140 [ 29.092078] dev_hard_start_xmit+0x24e/0xac0 [ 29.096465] ? validate_xmit_skb_list+0x120/0x120 [ 29.101304] ? netif_skb_features+0x5ff/0x9b0 [ 29.105790] ? lock_acquire+0x1d5/0x580 [ 29.109747] ? lock_acquire+0x1d5/0x580 [ 29.113699] ? sch_direct_xmit+0x280/0x6d0 [ 29.117913] ? lock_release+0xa40/0xa40 [ 29.121863] ? netif_skb_features+0x9b0/0x9b0 [ 29.126339] ? do_raw_spin_trylock+0x190/0x190 [ 29.131001] ? lock_acquire+0x1d5/0x580 [ 29.134968] ? __dev_queue_xmit+0xb37/0x2920 [ 29.139532] sch_direct_xmit+0x31d/0x6d0 [ 29.143575] ? dev_deactivate_queue.constprop.30+0x260/0x260 [ 29.149352] __dev_queue_xmit+0x1ce2/0x2920 [ 29.153651] ? netdev_pick_tx+0x300/0x300 [ 29.157959] ? find_held_lock+0x35/0x1d0 [ 29.162009] ? lock_downgrade+0x980/0x980 [ 29.166136] ? check_noncircular+0x20/0x20 [ 29.171142] ? __local_bh_enable_ip+0x121/0x230 [ 29.175806] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 29.180810] ? __neigh_create+0x1657/0x1d90 [ 29.185108] ? __local_bh_enable_ip+0x121/0x230 [ 29.189766] ? _raw_write_unlock_bh+0x30/0x40 [ 29.194243] ? __neigh_create+0xc06/0x1d90 [ 29.198478] ? print_irqtrace_events+0x270/0x270 [ 29.203222] ? ip_finish_output2+0x8d2/0x1500 [ 29.207695] ? lock_downgrade+0x980/0x980 [ 29.211822] ? lock_release+0xa40/0xa40 [ 29.215772] ? mark_held_locks+0xaf/0x100 [ 29.219898] ? memcpy+0x45/0x50 [ 29.223154] dev_queue_xmit+0x17/0x20 [ 29.226931] ? dev_queue_xmit+0x17/0x20 [ 29.230879] neigh_resolve_output+0x5e2/0xa00 [ 29.235351] ? ether_setup+0x2d0/0x2d0 [ 29.239237] ? __neigh_event_send+0x1050/0x1050 [ 29.243887] ? tun_get_user+0x262e/0x3710 [ 29.248017] ? tun_chr_write_iter+0xb9/0x160 [ 29.252422] ? do_iter_readv_writev+0x525/0x7f0 [ 29.257072] ip_finish_output2+0x8d2/0x1500 [ 29.261410] ? ip_copy_metadata+0xac0/0xac0 [ 29.265798] ? check_noncircular+0x20/0x20 [ 29.270013] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 29.275019] ? ipt_do_table+0xd0a/0x1330 [ 29.279064] ? trace_hardirqs_on+0xd/0x10 [ 29.283196] ? __local_bh_enable_ip+0x121/0x230 [ 29.287845] ? ipt_do_table+0xd75/0x1330 [ 29.291893] ? ipv4_mtu+0x34d/0x4c0 [ 29.295494] ? rt_cpu_seq_show+0x2c0/0x2c0 [ 29.299713] ? find_held_lock+0x35/0x1d0 [ 29.303756] ip_finish_output+0x864/0xd10 [ 29.307911] ? ip_finish_output+0x864/0xd10 [ 29.312223] ? ip_fragment.constprop.47+0x200/0x200 [ 29.317237] ? iptable_mangle_hook+0xa9/0x560 [ 29.321729] ? nf_hook_slow+0xd3/0x1a0 [ 29.325609] ip_mc_output+0x277/0x1360 [ 29.329482] ? ip_queue_xmit+0x18e0/0x18e0 [ 29.333696] ? lock_downgrade+0x980/0x980 [ 29.337824] ? nf_hook_slow+0xd3/0x1a0 [ 29.342123] ? __ip_local_out+0x494/0x7a0 [ 29.346249] ? ip_copy_addrs+0xe0/0xe0 [ 29.350121] ? dst_release+0x3d/0x90 [ 29.353825] ? __ip_make_skb+0xfd7/0x1860 [ 29.357951] ? ip_fragment.constprop.47+0x200/0x200 [ 29.362952] ip_local_out+0x95/0x160 [ 29.366644] ip_send_skb+0x3c/0xc0 [ 29.370172] ip_push_pending_frames+0x64/0x80 [ 29.374644] icmp_push_reply+0x395/0x4f0 [ 29.378684] icmp_send+0x1148/0x19d0 [ 29.382379] ? icmp_route_lookup.constprop.24+0x1360/0x1360 [ 29.388074] ? check_noncircular+0x20/0x20 [ 29.392290] ? __lock_acquire+0x664/0x3e00 [ 29.396515] ? __is_insn_slot_addr+0x1fc/0x330 [ 29.401076] ? find_held_lock+0x35/0x1d0 [ 29.405115] ? lock_downgrade+0x980/0x980 [ 29.409250] ? lock_release+0xa40/0xa40 [ 29.413211] ip_options_compile+0xc21/0x1a50 [ 29.417599] ? ip_forward+0x1ce0/0x1ce0 [ 29.421551] ? ip_route_input_rcu+0x31b0/0x31b0 [ 29.426211] ip_rcv_finish+0x80f/0x1e30 [ 29.430163] ? inet_del_offload+0x40/0x40 [ 29.434291] ? ip_rcv+0xf22/0x1840 [ 29.437813] ? lock_downgrade+0x980/0x980 [ 29.441953] ? nf_nat_ipv4_in+0x1cd/0x270 [ 29.446094] ? iptable_nat_ipv4_fn+0x40/0x40 [ 29.450485] ? nf_hook_slow+0xd3/0x1a0 [ 29.454354] ip_rcv+0xc5a/0x1840 [ 29.457700] ? ip_local_deliver+0x6e0/0x6e0 [ 29.462004] ? inet_del_offload+0x40/0x40 [ 29.466132] ? ip_local_deliver+0x6e0/0x6e0 [ 29.470435] __netif_receive_skb_core+0x1a41/0x3460 [ 29.475431] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 29.480613] ? nf_ingress+0x9f0/0x9f0 [ 29.484396] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 29.489742] ? __skb_flow_get_ports+0x420/0x420 [ 29.494401] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 29.499577] ? check_noncircular+0x20/0x20 [ 29.503810] ? check_noncircular+0x20/0x20 [ 29.508021] ? lock_release+0xa40/0xa40 [ 29.511976] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 29.517071] ? print_irqtrace_events+0x270/0x270 [ 29.521805] ? lock_downgrade+0x980/0x980 [ 29.525940] ? pvclock_read_flags+0x160/0x160 [ 29.530414] ? mark_held_locks+0xaf/0x100 [ 29.534542] ? lock_acquire+0x1d5/0x580 [ 29.538626] ? lock_acquire+0x1d5/0x580 [ 29.542580] ? netif_receive_skb_internal+0xa2/0x670 [ 29.547661] ? ktime_get_with_offset+0x2c1/0x420 [ 29.552395] ? lock_release+0xa40/0xa40 [ 29.556350] ? do_gettimeofday+0x190/0x190 [ 29.560565] __netif_receive_skb+0x2c/0x1b0 [ 29.564866] ? __netif_receive_skb+0x2c/0x1b0 [ 29.569340] netif_receive_skb_internal+0x10b/0x670 [ 29.574334] ? dev_cpu_dead+0xb00/0xb00 [ 29.578294] ? net_rx_action+0x1910/0x1910 [ 29.582516] ? eth_type_trans+0x2b2/0x710 [ 29.586640] ? eth_gro_receive+0x820/0x820 [ 29.590947] napi_gro_frags+0x58a/0xaf0 [ 29.594896] ? napi_gro_receive+0x500/0x500 [ 29.599291] ? tun_get_user+0x2605/0x3710 [ 29.603416] tun_get_user+0x262e/0x3710 [ 29.607381] ? tun_build_skb.isra.48+0x17d0/0x17d0 [ 29.612310] ? _raw_spin_unlock+0x22/0x30 [ 29.616436] ? do_huge_pmd_anonymous_page+0xb21/0x1b00 [ 29.621693] ? tun_get+0x1ab/0x2e0 [ 29.625224] ? perf_event_fork+0x30/0x30 [ 29.629278] ? lock_release+0xa40/0xa40 [ 29.633252] ? __lock_is_held+0xb6/0x140 [ 29.637302] ? tun_get+0x1d4/0x2e0 [ 29.640825] ? tun_chr_close+0x60/0x60 [ 29.644691] ? rcu_note_context_switch+0x710/0x710 [ 29.649602] ? vma_link+0xe9/0x170 [ 29.653120] tun_chr_write_iter+0xb9/0x160 [ 29.657332] do_iter_readv_writev+0x525/0x7f0 [ 29.661803] ? vfs_dedupe_file_range+0x8f0/0x8f0 [ 29.666539] ? rw_verify_area+0xe5/0x2b0 [ 29.670579] do_iter_write+0x154/0x540 [ 29.674451] ? iov_iter_get_pages+0x1150/0x1150 [ 29.679119] compat_writev+0x225/0x420 [ 29.682986] ? __fget_light+0x297/0x380 [ 29.686947] ? do_pwritev+0x1a0/0x1a0 [ 29.690730] ? find_held_lock+0x35/0x1d0 [ 29.694779] ? __do_page_fault+0x5f7/0xc90 [ 29.698991] ? __fdget_pos+0x130/0x190 [ 29.702950] ? __fdget_raw+0x20/0x20 [ 29.706641] ? down_read_trylock+0xdb/0x170 [ 29.710942] ? __do_page_fault+0x32d/0xc90 [ 29.715157] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 29.719718] do_compat_writev+0x115/0x220 [ 29.723852] ? do_compat_writev+0x115/0x220 [ 29.728154] ? compat_writev+0x420/0x420 [ 29.732195] compat_SyS_writev+0x26/0x30 [ 29.736235] ? compat_SyS_preadv2+0x90/0x90 [ 29.740543] do_fast_syscall_32+0x3ee/0xf9d [ 29.744853] ? do_int80_syscall_32+0x9d0/0x9d0 [ 29.749519] ? kasan_check_read+0x11/0x20 [ 29.753644] ? syscall_return_slowpath+0x550/0x550 [ 29.758553] ? SyS_rt_sigaction+0x94/0x1b0 [ 29.762767] ? SyS_sigprocmask+0x4b0/0x4b0 [ 29.767073] ? SyS_read+0x184/0x220 [ 29.770678] ? retint_user+0x18/0x18 [ 29.774376] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.779211] entry_SYSENTER_compat+0x54/0x63 [ 29.783597] RIP: 0023:0xf7f1ac79 [ 29.786936] RSP: 002b:00000000ffbf4598 EFLAGS: 00000246 ORIG_RAX: 0000000000000092 [ 29.794623] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000ffbf45d4 [ 29.801873] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 29.809131] RBP: 00000000ffbf4748 R08: 0000000000000000 R09: 0000000000000000 [ 29.816468] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 29.823715] R13: 0000000000000000 R14: 0000000000000000 R15: 000000