[....] Starting enhanced syslogd: rsyslogd[ 13.060879] audit: type=1400 audit(1515867284.802:5): avc: denied { syslog } for pid=3503 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.516038] audit: type=1400 audit(1515867290.257:6): avc: denied { map } for pid=3643 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.15.247' (ECDSA) to the list of known hosts. net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz0.router_solicitations = 0 [ 24.747174] audit: type=1400 audit(1515867296.488:7): avc: denied { map } for pid=3657 comm="syzkaller218108" path="/root/syzkaller218108853" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 25.134840] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument executing program [ 25.476654] [ 25.478306] ============================================ [ 25.483746] WARNING: possible recursive locking detected [ 25.489174] 4.15.0-rc7+ #260 Not tainted [ 25.493203] -------------------------------------------- [ 25.498622] syzkaller218108/3657 is trying to acquire lock: [ 25.504644] (_xmit_ETHER#2){+.-.}, at: [<000000005c439601>] sch_direct_xmit+0x280/0x6d0 [ 25.512865] [ 25.512865] but task is already holding lock: [ 25.518805] (_xmit_ETHER#2){+.-.}, at: [<000000005c439601>] sch_direct_xmit+0x280/0x6d0 [ 25.527022] [ 25.527022] other info that might help us debug this: [ 25.533927] Possible unsafe locking scenario: [ 25.533927] [ 25.539963] CPU0 [ 25.542515] ---- [ 25.545067] lock(_xmit_ETHER#2); [ 25.548587] lock(_xmit_ETHER#2); [ 25.552099] [ 25.552099] *** DEADLOCK *** [ 25.552099] [ 25.558126] May be due to missing lock nesting notation [ 25.558126] [ 25.565025] 10 locks held by syzkaller218108/3657: [ 25.569931] #0: (&tfile->napi_mutex){+.+.}, at: [<00000000129cc53a>] tun_get_user+0xe5a/0x3710 [ 25.578835] #1: (rcu_read_lock){....}, at: [<000000007677140a>] netif_receive_skb_internal+0xa2/0x670 [ 25.589298] #2: (k-slock-AF_INET){+...}, at: [<0000000095e11f1b>] icmp_send+0x75e/0x19d0 [ 25.597679] #3: (rcu_read_lock_bh){....}, at: [<0000000016d9d0cb>] ip_finish_output2+0x2b6/0x1500 [ 25.606841] #4: (rcu_read_lock_bh){....}, at: [<000000007d2deb0a>] __dev_queue_xmit+0x294/0x2920 [ 25.615913] #5: (dev->qdisc_running_key ?: &qdisc_running_key){+...}, at: [<00000000d2573a7c>] dev_queue_xmit+0x17/0x20 [ 25.626982] #6: (_xmit_ETHER#2){+.-.}, at: [<000000005c439601>] sch_direct_xmit+0x280/0x6d0 [ 25.635626] #7: (rcu_read_lock_bh){....}, at: [<0000000016d9d0cb>] ip_finish_output2+0x2b6/0x1500 [ 25.644785] #8: (rcu_read_lock_bh){....}, at: [<000000007d2deb0a>] __dev_queue_xmit+0x294/0x2920 [ 25.653855] #9: (dev->qdisc_running_key ?: &qdisc_running_key){+...}, at: [<00000000d2573a7c>] dev_queue_xmit+0x17/0x20 [ 25.664924] [ 25.664924] stack backtrace: [ 25.669391] CPU: 0 PID: 3657 Comm: syzkaller218108 Not tainted 4.15.0-rc7+ #260 [ 25.676816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.686142] Call Trace: [ 25.688705] dump_stack+0x194/0x257 [ 25.692304] ? arch_local_irq_restore+0x53/0x53 [ 25.696945] __lock_acquire+0xe8f/0x3e00 [ 25.700974] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.706139] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.711298] ? __lock_acquire+0x664/0x3e00 [ 25.715505] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.720667] ? check_noncircular+0x20/0x20 [ 25.724883] ? trace_hardirqs_off+0x10/0x10 [ 25.729178] ? bpf_prog_kallsyms_find+0xbd/0x440 [ 25.733905] ? modules_open+0xa0/0xa0 [ 25.737678] ? trace_raw_output_xdp_redirect_map_err+0x440/0x440 [ 25.743792] ? check_noncircular+0x20/0x20 [ 25.747998] ? is_bpf_text_address+0x7b/0x120 [ 25.752469] ? lock_downgrade+0x980/0x980 [ 25.756589] ? skb_network_protocol+0xef/0x4b0 [ 25.761142] ? reacquire_held_locks+0x1f9/0x3e0 [ 25.765778] ? reacquire_held_locks+0x1f9/0x3e0 [ 25.770416] ? netif_skb_features+0x5ff/0x9b0 [ 25.774879] ? dev_get_by_index_rcu+0x320/0x320 [ 25.779519] lock_acquire+0x1d5/0x580 [ 25.783288] ? lock_acquire+0x1d5/0x580 [ 25.787232] ? sch_direct_xmit+0x280/0x6d0 [ 25.791452] ? lock_release+0xa40/0xa40 [ 25.795400] ? netif_skb_features+0x9b0/0x9b0 [ 25.799877] ? do_raw_spin_trylock+0x190/0x190 [ 25.804429] ? lock_acquire+0x1d5/0x580 [ 25.808373] ? __dev_queue_xmit+0xb37/0x2920 [ 25.812753] _raw_spin_lock+0x2a/0x40 [ 25.816526] ? sch_direct_xmit+0x280/0x6d0 [ 25.820732] sch_direct_xmit+0x280/0x6d0 [ 25.824765] ? dev_deactivate_queue.constprop.30+0x260/0x260 [ 25.830536] __dev_queue_xmit+0x1ce2/0x2920 [ 25.834830] ? netdev_pick_tx+0x300/0x300 [ 25.838961] ? find_held_lock+0x35/0x1d0 [ 25.842997] ? lock_downgrade+0x980/0x980 [ 25.847562] ? check_noncircular+0x20/0x20 [ 25.851770] ? __local_bh_enable_ip+0x121/0x230 [ 25.856408] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 25.861395] ? __neigh_create+0x1657/0x1d90 [ 25.865687] ? __local_bh_enable_ip+0x121/0x230 [ 25.870337] ? _raw_write_unlock_bh+0x30/0x40 [ 25.874814] ? __neigh_create+0xc06/0x1d90 [ 25.879028] ? print_irqtrace_events+0x270/0x270 [ 25.883757] ? ip_finish_output2+0x8d2/0x1500 [ 25.888222] ? lock_downgrade+0x980/0x980 [ 25.892352] ? lock_release+0xa40/0xa40 [ 25.896304] ? mark_held_locks+0xaf/0x100 [ 25.900436] ? memcpy+0x45/0x50 [ 25.903700] dev_queue_xmit+0x17/0x20 [ 25.907472] ? dev_queue_xmit+0x17/0x20 [ 25.911430] neigh_resolve_output+0x5e2/0xa00 [ 25.915907] ? ether_setup+0x2d0/0x2d0 [ 25.920034] ? __neigh_event_send+0x1050/0x1050 [ 25.924684] ? ip_finish_output+0x864/0xd10 [ 25.928993] ? ip_local_out+0x95/0x160 [ 25.933821] ? ip_send_skb+0x3c/0xc0 [ 25.937507] ? ip_push_pending_frames+0x64/0x80 [ 25.942149] ip_finish_output2+0x8d2/0x1500 [ 25.946715] ? ip_copy_metadata+0xac0/0xac0 [ 25.951010] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 25.956008] ? ipt_do_table+0xd0a/0x1330 [ 25.960054] ? trace_hardirqs_on+0xd/0x10 [ 25.964867] ? __local_bh_enable_ip+0x121/0x230 [ 25.969865] ? ipt_do_table+0xd75/0x1330 [ 25.973898] ? ipv4_mtu+0x34d/0x4c0 [ 25.977497] ? find_held_lock+0x35/0x1d0 [ 25.981530] ip_finish_output+0x864/0xd10 [ 25.985648] ? ip_finish_output+0x864/0xd10 [ 25.989940] ? ip_fragment.constprop.47+0x200/0x200 [ 25.994928] ? iptable_mangle_hook+0xa9/0x560 [ 25.999408] ? nf_hook_slow+0xd3/0x1a0 [ 26.003372] ip_mc_output+0x277/0x1360 [ 26.007231] ? ip_queue_xmit+0x18e0/0x18e0 [ 26.011436] ? lock_downgrade+0x980/0x980 [ 26.015557] ? nf_hook_slow+0xd3/0x1a0 [ 26.019428] ? __ip_local_out+0x494/0x7a0 [ 26.024703] ? ip_copy_addrs+0xe0/0xe0 [ 26.028561] ? skb_copy_ubufs+0x1910/0x1910 [ 26.032857] ? ip_fragment.constprop.47+0x200/0x200 [ 26.037841] ? __ip_select_ident+0x168/0x270 [ 26.042218] ? ip_idents_reserve+0x2a0/0x2a0 [ 26.046608] ip_local_out+0x95/0x160 [ 26.050296] iptunnel_xmit+0x556/0x810 [ 26.054154] ip_tunnel_xmit+0x1780/0x3650 [ 26.058275] ? skb_headers_offset_update+0x170/0x290 [ 26.063349] ? ip_md_tunnel_xmit+0x14e0/0x14e0 [ 26.067913] ? save_stack_trace+0x1a/0x20 [ 26.072034] ? skb_copy_ubufs+0x1910/0x1910 [ 26.076330] ? iptunnel_handle_offloads+0x3a3/0x710 [ 26.081317] __gre_xmit+0x546/0x8b0 [ 26.084916] erspan_xmit+0x409/0x13b0 [ 26.088705] ? prepare_fb_xmit+0x9a0/0x9a0 [ 26.093955] ? __lock_is_held+0xb6/0x140 [ 26.099295] dev_hard_start_xmit+0x24e/0xac0 [ 26.103686] ? validate_xmit_skb_list+0x120/0x120 [ 26.108499] ? netif_skb_features+0x5ff/0x9b0 [ 26.112964] ? lock_acquire+0x1d5/0x580 [ 26.117862] ? lock_acquire+0x1d5/0x580 [ 26.122424] ? sch_direct_xmit+0x280/0x6d0 [ 26.126630] ? lock_release+0xa40/0xa40 [ 26.130751] ? netif_skb_features+0x9b0/0x9b0 [ 26.135217] ? do_raw_spin_trylock+0x190/0x190 [ 26.139769] ? lock_acquire+0x1d5/0x580 [ 26.143721] ? __dev_queue_xmit+0xb37/0x2920 [ 26.148117] sch_direct_xmit+0x31d/0x6d0 [ 26.152151] ? dev_deactivate_queue.constprop.30+0x260/0x260 [ 26.157920] __dev_queue_xmit+0x1ce2/0x2920 [ 26.162214] ? netdev_pick_tx+0x300/0x300 [ 26.166332] ? find_held_lock+0x35/0x1d0 [ 26.171060] ? lock_downgrade+0x980/0x980 [ 26.175189] ? check_noncircular+0x20/0x20 [ 26.179394] ? __local_bh_enable_ip+0x121/0x230 [ 26.184036] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 26.189030] ? __neigh_create+0x1657/0x1d90 [ 26.193323] ? __local_bh_enable_ip+0x121/0x230 [ 26.197964] ? _raw_write_unlock_bh+0x30/0x40 [ 26.202430] ? __neigh_create+0xc06/0x1d90 [ 26.206636] ? print_irqtrace_events+0x270/0x270 [ 26.211366] ? ip_finish_output2+0x8d2/0x1500 [ 26.215840] ? lock_downgrade+0x980/0x980 [ 26.219958] ? lock_release+0xa40/0xa40 [ 26.223904] ? mark_held_locks+0xaf/0x100 [ 26.228030] ? memcpy+0x45/0x50 [ 26.231292] dev_queue_xmit+0x17/0x20 [ 26.235071] ? dev_queue_xmit+0x17/0x20 [ 26.239022] neigh_resolve_output+0x5e2/0xa00 [ 26.243490] ? ether_setup+0x2d0/0x2d0 [ 26.247349] ? __neigh_event_send+0x1050/0x1050 [ 26.252000] ? tun_get_user+0x262e/0x3710 [ 26.256133] ? tun_chr_write_iter+0xb9/0x160 [ 26.260513] ? do_iter_readv_writev+0x525/0x7f0 [ 26.265153] ip_finish_output2+0x8d2/0x1500 [ 26.269448] ? ip_copy_metadata+0xac0/0xac0 [ 26.273739] ? check_noncircular+0x20/0x20 [ 26.277943] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 26.283540] ? ipt_do_table+0xd0a/0x1330 [ 26.287571] ? trace_hardirqs_on+0xd/0x10 [ 26.291690] ? __local_bh_enable_ip+0x121/0x230 [ 26.296344] ? ipt_do_table+0xd75/0x1330 [ 26.300376] ? ipv4_mtu+0x34d/0x4c0 [ 26.303971] ? rt_cpu_seq_show+0x2c0/0x2c0 [ 26.308178] ? find_held_lock+0x35/0x1d0 [ 26.312212] ip_finish_output+0x864/0xd10 [ 26.316330] ? ip_finish_output+0x864/0xd10 [ 26.320624] ? ip_fragment.constprop.47+0x200/0x200 [ 26.325610] ? iptable_mangle_hook+0xa9/0x560 [ 26.330077] ? nf_hook_slow+0xd3/0x1a0 [ 26.333936] ip_mc_output+0x277/0x1360 [ 26.337793] ? ip_queue_xmit+0x18e0/0x18e0 [ 26.341998] ? lock_downgrade+0x980/0x980 [ 26.346130] ? nf_hook_slow+0xd3/0x1a0 [ 26.349992] ? __ip_local_out+0x494/0x7a0 [ 26.354378] ? ip_copy_addrs+0xe0/0xe0 [ 26.358237] ? dst_release+0x3d/0x90 [ 26.361921] ? __ip_make_skb+0xfd7/0x1860 [ 26.366049] ? ip_fragment.constprop.47+0x200/0x200 [ 26.371039] ip_local_out+0x95/0x160 [ 26.374724] ip_send_skb+0x3c/0xc0 [ 26.378233] ip_push_pending_frames+0x64/0x80 [ 26.382699] icmp_push_reply+0x395/0x4f0 [ 26.386731] icmp_send+0x1148/0x19d0 [ 26.390417] ? icmp_route_lookup.constprop.24+0x1360/0x1360 [ 26.396098] ? check_noncircular+0x20/0x20 [ 26.400323] ? __lock_acquire+0x664/0x3e00 [ 26.404526] ? print_irqtrace_events+0x270/0x270 [ 26.409251] ? print_irqtrace_events+0x270/0x270 [ 26.413978] ? __is_insn_slot_addr+0x1fc/0x330 [ 26.418541] ? find_held_lock+0x35/0x1d0 [ 26.422573] ? lock_downgrade+0x980/0x980 [ 26.426692] ? lock_release+0xa40/0xa40 [ 26.430639] ip_options_compile+0xc21/0x1a50 [ 26.435026] ? ip_forward+0x1ce0/0x1ce0 [ 26.438985] ? ip_route_input_rcu+0x31b0/0x31b0 [ 26.443646] ip_rcv_finish+0x80f/0x1e30 [ 26.448929] ? inet_del_offload+0x40/0x40 [ 26.454446] ? ip_rcv+0xf22/0x1840 [ 26.458571] ? lock_downgrade+0x980/0x980 [ 26.462696] ? nf_nat_ipv4_in+0x1cd/0x270 [ 26.466817] ? iptable_nat_ipv4_fn+0x40/0x40 [ 26.471203] ? nf_hook_slow+0xd3/0x1a0 [ 26.475067] ip_rcv+0xc5a/0x1840 [ 26.478405] ? ip_local_deliver+0x6e0/0x6e0 [ 26.482703] ? inet_del_offload+0x40/0x40 [ 26.486821] ? ip_local_deliver+0x6e0/0x6e0 [ 26.491114] __netif_receive_skb_core+0x1a41/0x3460 [ 26.496101] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.501523] ? nf_ingress+0x9f0/0x9f0 [ 26.505296] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.510457] ? __skb_flow_get_ports+0x420/0x420 [ 26.515103] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.520263] ? check_noncircular+0x20/0x20 [ 26.524466] ? check_noncircular+0x20/0x20 [ 26.528671] ? lock_release+0xa40/0xa40 [ 26.532618] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 26.537692] ? print_irqtrace_events+0x270/0x270 [ 26.542418] ? lock_downgrade+0x980/0x980 [ 26.546554] ? pvclock_read_flags+0x160/0x160 [ 26.551030] ? mark_held_locks+0xaf/0x100 [ 26.555149] ? lock_acquire+0x1d5/0x580 [ 26.559092] ? lock_acquire+0x1d5/0x580 [ 26.563037] ? netif_receive_skb_internal+0xa2/0x670 [ 26.568371] ? ktime_get_with_offset+0x2c1/0x420 [ 26.573106] ? lock_release+0xa40/0xa40 [ 26.577051] ? do_gettimeofday+0x190/0x190 [ 26.581256] __netif_receive_skb+0x2c/0x1b0 [ 26.585548] ? __netif_receive_skb+0x2c/0x1b0 [ 26.590018] netif_receive_skb_internal+0x10b/0x670 [ 26.595011] ? dev_cpu_dead+0xb00/0xb00 [ 26.598961] ? net_rx_action+0x1910/0x1910 [ 26.603174] ? eth_type_trans+0x2b2/0x710 [ 26.607293] ? eth_gro_receive+0x820/0x820 [ 26.611510] napi_gro_frags+0x58a/0xaf0 [ 26.615458] ? napi_gro_receive+0x500/0x500 [ 26.619752] ? tun_get_user+0x2605/0x3710 [ 26.623868] tun_get_user+0x262e/0x3710 [ 26.627817] ? tun_build_skb.isra.48+0x17d0/0x17d0 [ 26.632717] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.637878] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.643043] ? check_noncircular+0x20/0x20 [ 26.647251] ? tun_get+0x1ab/0x2e0 [ 26.650761] ? lock_release+0xa40/0xa40 [ 26.654707] ? __lock_is_held+0xb6/0x140 [ 26.658751] ? tun_get+0x1d4/0x2e0 [ 26.662260] ? tun_chr_close+0x60/0x60 [ 26.666128] ? __check_object_size+0x25d/0x4f0 [ 26.670684] ? rcu_note_context_switch+0x710/0x710 [ 26.675583] tun_chr_write_iter+0xb9/0x160 [ 26.679787] do_iter_readv_writev+0x525/0x7f0 [ 26.684254] ? vfs_dedupe_file_range+0x8f0/0x8f0 [ 26.688983] ? rw_verify_area+0xe5/0x2b0 [ 26.693024] do_iter_write+0x154/0x540 [ 26.696882] ? dup_iter+0x260/0x260 [ 26.700481] vfs_writev+0x18a/0x340 [ 26.704082] ? __fget_light+0x297/0x380 [ 26.708029] ? vfs_iter_write+0xb0/0xb0 [ 26.711975] ? up_read+0x1a/0x40 [ 26.715314] ? __do_page_fault+0x3d6/0xc90 [ 26.719523] ? mm_fault_error+0x2c0/0x2c0 [ 26.723641] ? __fdget_pos+0x130/0x190 [ 26.727498] ? __fdget_raw+0x20/0x20 [ 26.731451] ? __do_page_fault+0xc90/0xc90 [ 26.737480] do_writev+0xfc/0x2a0 [ 26.741878] ? do_writev+0xfc/0x2a0 [ 26.745474] ? vfs_writev+0x340/0x340 [ 26.749247] ? entry_SYSCALL_64_fastpath+0x5/0x9a [ 26.754070] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 26.759066] SyS_writev+0x27/0x30 [ 26.762498] entry_SYSCALL_64_fastpath+0x23/0x9a [ 26.767223] RIP: 0033:0x444f50 [ 26.770384] RSP: 002b:00007ffc71764ad8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 26.778061] RAX: ffffffffffffffda RBX: 00000000004a6852 RCX: 0000000000444f50 [ 26.786957] RDX: 0000000000000001 RSI: 00007ffc71764b10 RDI: 0000000000000003 [ 26.794200] RBP: 00007ffc71764c08 R08: 0000000000000023 R09: 0000000000000000 [ 26.801450] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc71764c08 [ 26.808699] R13: 0000000000402520 R14: 0000000000000000 R15: 0000000000000000 [ 26.826627] syzkaller218108 (3657) used greatest stack depth: 11920 b