[....] Starting enhanced syslogd: rsyslogd[ 13.203986] audit: type=1400 audit(1515869410.695:5): avc: denied { syslog } for pid=3511 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.616040] audit: type=1400 audit(1515869416.107:6): avc: denied { map } for pid=3652 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.15.230' (ECDSA) to the list of known hosts. net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz0.router_solicitations = 0 [ 24.822229] audit: type=1400 audit(1515869422.314:7): avc: denied { map } for pid=3666 comm="syzkaller031107" path="/root/syzkaller031107171" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 25.117579] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument executing program [ 25.492050] [ 25.493687] ============================================ [ 25.499111] WARNING: possible recursive locking detected [ 25.504530] 4.15.0-rc7-next-20180112+ #96 Not tainted [ 25.509689] -------------------------------------------- [ 25.515106] syzkaller031107/3666 is trying to acquire lock: [ 25.520778] (_xmit_ETHER#2){+.-.}, at: [<000000007361185e>] sch_direct_xmit+0x361/0x1140 [ 25.529079] [ 25.529079] but task is already holding lock: [ 25.535104] (_xmit_ETHER#2){+.-.}, at: [<000000007361185e>] sch_direct_xmit+0x361/0x1140 [ 25.543395] [ 25.543395] other info that might help us debug this: [ 25.550034] Possible unsafe locking scenario: [ 25.550034] [ 25.556067] CPU0 [ 25.558616] ---- [ 25.561169] lock(_xmit_ETHER#2); [ 25.564678] lock(_xmit_ETHER#2); [ 25.568199] [ 25.568199] *** DEADLOCK *** [ 25.568199] [ 25.574224] May be due to missing lock nesting notation [ 25.574224] [ 25.581116] 8 locks held by syzkaller031107/3666: [ 25.585922] #0: (&tfile->napi_mutex){+.+.}, at: [<00000000267a68e4>] tun_get_user+0xe6c/0x3940 [ 25.594824] #1: (rcu_read_lock){....}, at: [<000000009857927e>] netif_receive_skb_internal+0xa2/0x670 [ 25.604332] #2: (k-slock-AF_INET){+...}, at: [<000000007070ab21>] icmp_send+0x758/0x19b0 [ 25.612711] #3: (rcu_read_lock_bh){....}, at: [<0000000061ec4805>] ip_finish_output2+0x2aa/0x14f0 [ 25.621869] #4: (rcu_read_lock_bh){....}, at: [<0000000002c23d24>] __dev_queue_xmit+0x2d8/0x2b50 [ 25.630941] #5: (_xmit_ETHER#2){+.-.}, at: [<000000007361185e>] sch_direct_xmit+0x361/0x1140 [ 25.639668] #6: (rcu_read_lock_bh){....}, at: [<0000000061ec4805>] ip_finish_output2+0x2aa/0x14f0 [ 25.648841] #7: (rcu_read_lock_bh){....}, at: [<0000000002c23d24>] __dev_queue_xmit+0x2d8/0x2b50 [ 25.657909] [ 25.657909] stack backtrace: [ 25.662375] CPU: 1 PID: 3666 Comm: syzkaller031107 Not tainted 4.15.0-rc7-next-20180112+ #96 [ 25.670913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.680238] Call Trace: [ 25.682802] dump_stack+0x194/0x257 [ 25.686404] ? arch_local_irq_restore+0x53/0x53 [ 25.691053] __lock_acquire+0xe8f/0x3e00 [ 25.695080] ? print_lockdep_cache.isra.31+0x109/0x109 [ 25.700334] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.705502] ? __kernel_text_address+0xd/0x40 [ 25.709974] ? unwind_get_return_address+0x61/0xa0 [ 25.714871] ? __save_stack_trace+0x7e/0xd0 [ 25.719162] ? print_lockdep_cache.isra.31+0x109/0x109 [ 25.724405] ? save_stack_trace+0x1a/0x20 [ 25.728520] ? save_trace+0xe0/0x2b0 [ 25.732200] ? __lock_acquire+0x36c0/0x3e00 [ 25.736491] ? skb_network_protocol+0xef/0x4b0 [ 25.741042] ? check_noncircular+0x20/0x20 [ 25.745245] ? netif_skb_features+0x5ff/0x9b0 [ 25.749721] ? dev_get_by_index_rcu+0x320/0x320 [ 25.754358] ? __skb_gso_segment+0x810/0x810 [ 25.758742] lock_acquire+0x1d5/0x580 [ 25.762510] ? lock_acquire+0x1d5/0x580 [ 25.766451] ? sch_direct_xmit+0x361/0x1140 [ 25.770740] ? validate_xmit_skb+0x50d/0xaf0 [ 25.775114] ? lock_release+0xa40/0xa40 [ 25.779061] ? netif_skb_features+0x9b0/0x9b0 [ 25.783531] ? pfifo_fast_dequeue+0x20e/0x870 [ 25.788008] _raw_spin_lock+0x2a/0x40 [ 25.791777] ? sch_direct_xmit+0x361/0x1140 [ 25.796068] sch_direct_xmit+0x361/0x1140 [ 25.800190] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 25.805174] ? pfifo_fast_reset+0x490/0x490 [ 25.809463] ? __lock_is_held+0xb6/0x140 [ 25.813503] __qdisc_run+0x57d/0x19c0 [ 25.817276] ? sch_direct_xmit+0x1140/0x1140 [ 25.821657] ? lock_release+0xa40/0xa40 [ 25.825606] ? __dev_queue_xmit+0x2d8/0x2b50 [ 25.829986] ? pfifo_fast_enqueue+0x2a0/0x420 [ 25.834449] __dev_queue_xmit+0xb62/0x2b50 [ 25.838663] ? netdev_pick_tx+0x300/0x300 [ 25.842788] ? find_held_lock+0x35/0x1d0 [ 25.846815] ? lock_downgrade+0x980/0x980 [ 25.850930] ? check_noncircular+0x20/0x20 [ 25.855136] ? __local_bh_enable_ip+0x121/0x230 [ 25.859772] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 25.864761] ? __neigh_create+0x1657/0x1d90 [ 25.869052] ? __local_bh_enable_ip+0x121/0x230 [ 25.873698] ? _raw_write_unlock_bh+0x30/0x40 [ 25.878157] ? __neigh_create+0xc06/0x1d90 [ 25.882360] ? print_irqtrace_events+0x270/0x270 [ 25.887091] ? ip_finish_output2+0x8c6/0x14f0 [ 25.891560] ? lock_downgrade+0x980/0x980 [ 25.895674] ? lock_release+0xa40/0xa40 [ 25.899614] ? mark_held_locks+0xaf/0x100 [ 25.903728] ? memcpy+0x45/0x50 [ 25.906973] dev_queue_xmit+0x17/0x20 [ 25.910741] ? dev_queue_xmit+0x17/0x20 [ 25.914693] neigh_resolve_output+0x5e2/0xa00 [ 25.919162] ? ether_setup+0x2d0/0x2d0 [ 25.923017] ? __neigh_event_send+0x1040/0x1040 [ 25.927652] ? ip_finish_output+0x864/0xd10 [ 25.931945] ? ip_mc_output+0x271/0x1350 [ 25.935991] ip_finish_output2+0x8c6/0x14f0 [ 25.940280] ? __local_bh_enable_ip+0x121/0x230 [ 25.945002] ? ip_copy_metadata+0xac0/0xac0 [ 25.949294] ? check_noncircular+0x20/0x20 [ 25.953584] ? ipt_do_table+0xdd3/0x13b0 [ 25.957625] ? ipv4_mtu+0x347/0x4c0 [ 25.961227] ? rt_cpu_seq_show+0x2c0/0x2c0 [ 25.965429] ? find_held_lock+0x35/0x1d0 [ 25.969460] ip_finish_output+0x864/0xd10 [ 25.973584] ? ip_finish_output+0x864/0xd10 [ 25.977871] ? ip_fragment.constprop.47+0x200/0x200 [ 25.982943] ? iptable_mangle_hook+0xaf/0x4a0 [ 25.987406] ? nf_hook_slow+0xd3/0x1a0 [ 25.991258] ip_mc_output+0x271/0x1350 [ 25.995110] ? ip_queue_xmit+0x18e0/0x18e0 [ 25.999310] ? lock_downgrade+0x980/0x980 [ 26.003444] ? nf_hook_slow+0xd3/0x1a0 [ 26.007301] ? __ip_local_out+0x494/0x7a0 [ 26.011416] ? ip_copy_addrs+0xe0/0xe0 [ 26.015270] ? skb_copy_ubufs+0x1910/0x1910 [ 26.019615] ? ip_fragment.constprop.47+0x200/0x200 [ 26.024603] ? __ip_select_ident+0x168/0x270 [ 26.028985] ? ip_idents_reserve+0x2a0/0x2a0 [ 26.033361] ip_local_out+0x95/0x160 [ 26.037042] iptunnel_xmit+0x556/0x810 [ 26.040908] ip_tunnel_xmit+0x1780/0x3650 [ 26.045033] ? ip_md_tunnel_xmit+0x14d0/0x14d0 [ 26.049582] ? lock_downgrade+0x980/0x980 [ 26.053713] ? pvclock_read_flags+0x160/0x160 [ 26.058174] ? mark_held_locks+0xaf/0x100 [ 26.062299] ? ktime_get_with_offset+0x188/0x420 [ 26.067023] ? kvm_clock_get_cycles+0x25/0x30 [ 26.071486] ? do_gettimeofday+0x190/0x190 [ 26.075689] __gre_xmit+0x546/0x8b0 [ 26.079285] erspan_xmit+0x7eb/0x2430 [ 26.083053] ? gretap_fb_dev_create+0x250/0x250 [ 26.087689] ? __lock_is_held+0xb6/0x140 [ 26.091728] dev_hard_start_xmit+0x24e/0xac0 [ 26.096106] ? validate_xmit_skb_list+0x120/0x120 [ 26.100915] ? __skb_gso_segment+0x810/0x810 [ 26.105300] ? lock_acquire+0x1d5/0x580 [ 26.109251] ? lock_acquire+0x1d5/0x580 [ 26.113197] ? sch_direct_xmit+0x361/0x1140 [ 26.117492] ? validate_xmit_skb+0x50d/0xaf0 [ 26.121868] ? lock_release+0xa40/0xa40 [ 26.125818] ? netif_skb_features+0x9b0/0x9b0 [ 26.130280] ? pfifo_fast_dequeue+0x20e/0x870 [ 26.134745] sch_direct_xmit+0x40d/0x1140 [ 26.138871] ? pfifo_fast_reset+0x490/0x490 [ 26.143168] ? __lock_is_held+0xb6/0x140 [ 26.147197] __qdisc_run+0x57d/0x19c0 [ 26.150967] ? sch_direct_xmit+0x1140/0x1140 [ 26.155343] ? lock_release+0xa40/0xa40 [ 26.159293] ? __dev_queue_xmit+0x2d8/0x2b50 [ 26.163671] ? pfifo_fast_enqueue+0x2a0/0x420 [ 26.168133] __dev_queue_xmit+0xb62/0x2b50 [ 26.172341] ? netdev_pick_tx+0x300/0x300 [ 26.176457] ? find_held_lock+0x35/0x1d0 [ 26.180500] ? lock_downgrade+0x980/0x980 [ 26.184624] ? check_noncircular+0x20/0x20 [ 26.188832] ? __local_bh_enable_ip+0x121/0x230 [ 26.193469] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 26.198461] ? __neigh_create+0x1657/0x1d90 [ 26.202765] ? __local_bh_enable_ip+0x121/0x230 [ 26.207400] ? _raw_write_unlock_bh+0x30/0x40 [ 26.211865] ? __neigh_create+0xc06/0x1d90 [ 26.216069] ? print_irqtrace_events+0x270/0x270 [ 26.220792] ? ip_finish_output2+0x8c6/0x14f0 [ 26.225253] ? lock_downgrade+0x980/0x980 [ 26.229456] ? lock_release+0xa40/0xa40 [ 26.233397] ? mark_held_locks+0xaf/0x100 [ 26.237513] ? memcpy+0x45/0x50 [ 26.240770] dev_queue_xmit+0x17/0x20 [ 26.244552] ? dev_queue_xmit+0x17/0x20 [ 26.248495] neigh_resolve_output+0x5e2/0xa00 [ 26.252957] ? ether_setup+0x2d0/0x2d0 [ 26.256813] ? __neigh_event_send+0x1040/0x1040 [ 26.261457] ? tun_get_user+0x2760/0x3940 [ 26.265608] ? tun_chr_write_iter+0xb9/0x160 [ 26.269995] ip_finish_output2+0x8c6/0x14f0 [ 26.274633] ? __local_bh_enable_ip+0x121/0x230 [ 26.279278] ? ip_copy_metadata+0xac0/0xac0 [ 26.283576] ? check_noncircular+0x20/0x20 [ 26.287777] ? ipt_do_table+0xdd3/0x13b0 [ 26.291814] ? ipv4_mtu+0x347/0x4c0 [ 26.295406] ? rt_cpu_seq_show+0x2c0/0x2c0 [ 26.299610] ? find_held_lock+0x35/0x1d0 [ 26.303663] ip_finish_output+0x864/0xd10 [ 26.307783] ? ip_finish_output+0x864/0xd10 [ 26.312075] ? ip_fragment.constprop.47+0x200/0x200 [ 26.317058] ? iptable_mangle_hook+0xaf/0x4a0 [ 26.321526] ? nf_hook_slow+0xd3/0x1a0 [ 26.325400] ip_mc_output+0x271/0x1350 [ 26.329257] ? ip_queue_xmit+0x18e0/0x18e0 [ 26.333465] ? lock_downgrade+0x980/0x980 [ 26.337584] ? nf_hook_slow+0xd3/0x1a0 [ 26.341438] ? __ip_local_out+0x494/0x7a0 [ 26.345563] ? ip_copy_addrs+0xe0/0xe0 [ 26.349424] ? dst_release+0x3a/0x90 [ 26.353105] ? __ip_make_skb+0xfd1/0x1850 [ 26.357223] ? ip_fragment.constprop.47+0x200/0x200 [ 26.362208] ip_local_out+0x95/0x160 [ 26.365888] ip_send_skb+0x3c/0xc0 [ 26.369413] ip_push_pending_frames+0x64/0x80 [ 26.373889] icmp_push_reply+0x395/0x4f0 [ 26.377920] icmp_send+0x1136/0x19b0 [ 26.381604] ? icmp_route_lookup.constprop.24+0x1360/0x1360 [ 26.387287] ? check_noncircular+0x20/0x20 [ 26.391490] ? __lock_acquire+0x664/0x3e00 [ 26.395698] ? __debug_object_init+0x235/0x1040 [ 26.400338] ? __is_insn_slot_addr+0x1fc/0x330 [ 26.405595] ? find_held_lock+0x35/0x1d0 [ 26.409626] ? lock_downgrade+0x980/0x980 [ 26.413753] ? lock_release+0xa40/0xa40 [ 26.417696] ip_options_compile+0xc21/0x1a50 [ 26.422080] ? ip_forward+0x1cd0/0x1cd0 [ 26.426024] ? ip_route_input_rcu+0x3180/0x3180 [ 26.430662] ip_rcv_finish+0x80f/0x1e30 [ 26.434603] ? inet_del_offload+0x40/0x40 [ 26.438720] ? ip_rcv+0xf22/0x1840 [ 26.442230] ? lock_downgrade+0x980/0x980 [ 26.446348] ? nf_nat_ipv4_in+0x1cd/0x270 [ 26.450471] ? iptable_nat_ipv4_fn+0x40/0x40 [ 26.454857] ? nf_hook_slow+0xd3/0x1a0 [ 26.458715] ip_rcv+0xc5a/0x1840 [ 26.462052] ? ip_local_deliver+0x6e0/0x6e0 [ 26.466342] ? inet_del_offload+0x40/0x40 [ 26.470458] ? ip_local_deliver+0x6e0/0x6e0 [ 26.474749] __netif_receive_skb_core+0x1a41/0x3460 [ 26.479751] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.484910] ? nf_ingress+0x9f0/0x9f0 [ 26.488680] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.493844] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.499004] ? check_noncircular+0x20/0x20 [ 26.503212] ? check_noncircular+0x20/0x20 [ 26.507413] ? lock_downgrade+0x980/0x980 [ 26.511528] ? lock_release+0xa40/0xa40 [ 26.515470] ? mark_held_locks+0xaf/0x100 [ 26.519587] ? print_irqtrace_events+0x270/0x270 [ 26.524317] ? lock_downgrade+0x980/0x980 [ 26.528435] ? pvclock_read_flags+0x160/0x160 [ 26.532905] ? mark_held_locks+0xaf/0x100 [ 26.537022] ? lock_acquire+0x1d5/0x580 [ 26.540978] ? lock_acquire+0x1d5/0x580 [ 26.544929] ? netif_receive_skb_internal+0xa2/0x670 [ 26.550000] ? ktime_get_with_offset+0x2c1/0x420 [ 26.554728] ? lock_release+0xa40/0xa40 [ 26.558669] ? do_gettimeofday+0x190/0x190 [ 26.562881] __netif_receive_skb+0x2c/0x1b0 [ 26.567182] ? __netif_receive_skb+0x2c/0x1b0 [ 26.571647] netif_receive_skb_internal+0x10b/0x670 [ 26.576638] ? dev_cpu_dead+0xb00/0xb00 [ 26.580588] ? net_rx_action+0x1910/0x1910 [ 26.584790] ? eth_type_trans+0x2b2/0x710 [ 26.588905] ? eth_gro_receive+0x820/0x820 [ 26.593107] napi_gro_frags+0x58a/0xaf0 [ 26.597058] ? napi_gro_receive+0x500/0x500 [ 26.601350] ? tun_get_user+0x2737/0x3940 [ 26.605465] tun_get_user+0x2760/0x3940 [ 26.609419] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.614589] ? do_huge_pmd_anonymous_page+0xb1e/0x1b00 [ 26.619846] ? tun_build_skb.isra.49+0x1810/0x1810 [ 26.624747] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.629904] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.635070] ? avc_has_extended_perms+0x12c0/0x12c0 [ 26.640056] ? find_held_lock+0x35/0x1d0 [ 26.644094] ? tun_get+0x1ab/0x2e0 [ 26.647600] ? lock_release+0xa40/0xa40 [ 26.651554] ? __lock_is_held+0xb6/0x140 [ 26.655585] ? tun_get+0x1d4/0x2e0 [ 26.659092] ? tun_do_read+0x2600/0x2600 [ 26.663119] ? __check_object_size+0x8b/0x530 [ 26.667592] ? rcu_note_context_switch+0x710/0x710 [ 26.672491] tun_chr_write_iter+0xb9/0x160 [ 26.676703] do_iter_readv_writev+0x525/0x7f0 [ 26.681176] ? vfs_dedupe_file_range+0x8f0/0x8f0 [ 26.685907] ? rw_verify_area+0xe5/0x2b0 [ 26.689934] do_iter_write+0x154/0x540 [ 26.693795] ? dup_iter+0x260/0x260 [ 26.697389] vfs_writev+0x18a/0x340 [ 26.700992] ? __fget_light+0x297/0x380 [ 26.704935] ? vfs_iter_write+0xb0/0xb0 [ 26.708876] ? up_read+0x1a/0x40 [ 26.712210] ? __do_page_fault+0x3d6/0xc90 [ 26.716412] ? mm_fault_error+0x2c0/0x2c0 [ 26.720536] ? __fdget_pos+0x130/0x190 [ 26.724390] ? __fdget_raw+0x20/0x20 [ 26.728070] ? __do_page_fault+0xc90/0xc90 [ 26.732272] do_writev+0xfc/0x2a0 [ 26.735691] ? do_writev+0xfc/0x2a0 [ 26.739285] ? vfs_writev+0x340/0x340 [ 26.743052] ? entry_SYSCALL_64_fastpath+0x5/0xa0 [ 26.747863] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 26.752848] SyS_writev+0x27/0x30 [ 26.756269] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 26.760992] RIP: 0033:0x444f50 [ 26.764150] RSP: 002b:00007ffdafdd3338 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 26.771826] RAX: ffffffffffffffda RBX: 00000000004a6852 RCX: 0000000000444f50 [ 26.779064] RDX: 0000000000000001 RSI: 00007ffdafdd3370 RDI: 0000000000000003 [ 26.786302] RBP: 00007ffdafdd3468 R08: 0000000000000023 R09: 0000000000000000 [ 26.793643] R10: 0000000000000000 R11: 000000000