[....] Starting enhanced syslogd: rsyslogd[ 13.095707] audit: type=1400 audit(1571476895.078:4): avc: denied { syslog } for pid=1915 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.160' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 25.473872] [ 25.475514] ====================================================== [ 25.481805] [ INFO: possible circular locking dependency detected ] [ 25.488184] 4.4.174+ #4 Not tainted [ 25.491823] ------------------------------------------------------- [ 25.498310] syz-executor284/2071 is trying to acquire lock: [ 25.503993] (_xmit_NETROM){+.-...}, at: [] sch_direct_xmit+0x238/0x700 [ 25.512775] [ 25.512775] but task is already holding lock: [ 25.518719] (&(&q->lock)->rlock){+.-...}, at: [] ipv6_frag_rcv+0x6cc/0x51e0 [ 25.527935] [ 25.527935] which lock already depends on the new lock. [ 25.527935] [ 25.536225] [ 25.536225] the existing dependency chain (in reverse order) is: [ 25.543819] -> #1 (&(&q->lock)->rlock){+.-...}: [ 25.549179] [] lock_acquire+0x15e/0x450 [ 25.555461] [] _raw_spin_lock_irqsave+0x50/0x70 [ 25.562398] [] depot_save_stack+0x20c/0x5f0 [ 25.571005] [] kasan_kmalloc.part.0+0xc6/0xf0 [ 25.577769] [] kasan_kmalloc+0xb7/0xd0 [ 25.583957] [] kasan_slab_alloc+0xf/0x20 [ 25.590286] [] kmem_cache_alloc+0xdc/0x2c0 [ 25.596785] [] inet_getpeer+0x1525/0x1ce0 [ 25.603204] [] ip4_frag_init+0x2a2/0x310 [ 25.609535] [] inet_frag_create+0x1ac/0x14e0 [ 25.616213] [] inet_frag_find+0x64d/0x880 [ 25.622632] [] ip_defrag+0x2fb/0x3b70 [ 25.628703] [] ip_check_defrag+0x3d6/0x5b0 [ 25.635207] [] packet_rcv_fanout+0x51e/0x5f0 [ 25.641895] [] dev_hard_start_xmit+0x654/0x11e0 [ 25.648832] [] sch_direct_xmit+0x2b6/0x700 [ 25.655343] [] __dev_queue_xmit+0xd24/0x1bb0 [ 25.662018] [] dev_queue_xmit+0x18/0x20 [ 25.668258] [] neigh_resolve_output+0x4a0/0x7a0 [ 25.675202] [] ip_finish_output2+0x6a2/0x1280 [ 25.681976] [] ip_do_fragment+0x187c/0x1f70 [ 25.688564] [] ip_fragment.constprop.0+0x14b/0x200 [ 25.695757] [] ip_finish_output+0x3b9/0xc60 [ 25.702345] [] ip_mc_output+0x251/0xae0 [ 25.708587] [] ip_local_out+0x9c/0x180 [ 25.714742] [] ip_send_skb+0x3e/0xc0 [ 25.720721] [] udp_send_skb+0x4fd/0xc70 [ 25.726965] [] udp_push_pending_frames+0x4e/0xe0 [ 25.733990] [] udp_sendpage+0x2ae/0x410 [ 25.740228] [] inet_sendpage+0x223/0x520 [ 25.746558] [] kernel_sendpage+0x95/0xf0 [ 25.752882] [] sock_sendpage+0x8b/0xc0 [ 25.759034] [] pipe_to_sendpage+0x28d/0x3d0 [ 25.765622] [] __splice_from_pipe+0x37e/0x7a0 [ 25.772394] [] splice_from_pipe+0x108/0x170 [ 25.778979] [] generic_splice_sendpage+0x3c/0x50 [ 25.785999] [] SyS_splice+0xd71/0x13a0 [ 25.792150] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 25.799357] -> #0 (_xmit_NETROM){+.-...}: [ 25.804165] [] __lock_acquire+0x37d6/0x4f50 [ 25.810767] [] lock_acquire+0x15e/0x450 [ 25.817009] [] _raw_spin_lock+0x38/0x50 [ 25.823252] [] sch_direct_xmit+0x238/0x700 [ 25.829756] [] __dev_queue_xmit+0xd24/0x1bb0 [ 25.836429] [] dev_queue_xmit+0x18/0x20 [ 25.842670] [] neigh_resolve_output+0x4a0/0x7a0 [ 25.849618] [] ip6_finish_output2+0x9c7/0x1dc0 [ 25.856470] [] ip6_finish_output+0x2f3/0x750 [ 25.863148] [] ip6_output+0x1b4/0x520 [ 25.869228] [] ndisc_send_skb+0x98d/0x1110 [ 25.875743] [] ndisc_send_ns+0x4bf/0x6b0 [ 25.882156] [] ndisc_solicit+0x2b2/0x440 [ 25.888497] [] neigh_probe+0xc8/0x100 [ 25.894578] [] __neigh_event_send+0x2ab/0xc50 [ 25.901337] [] neigh_resolve_output+0x5ec/0x7a0 [ 25.908271] [] ip6_finish_output2+0x9c7/0x1dc0 [ 25.915160] [] ip6_finish_output+0x2f3/0x750 [ 25.921839] [] ip6_output+0x1b4/0x520 [ 25.927920] [] ip6_local_out+0x9c/0x180 [ 25.934161] [] ip6_send_skb+0xa2/0x340 [ 25.940318] [] ip6_push_pending_frames+0xbb/0xe0 [ 25.947347] [] icmpv6_push_pending_frames+0x336/0x530 [ 25.954805] [] icmp6_send+0x1506/0x1b40 [ 25.961049] [] icmpv6_param_prob+0x29/0x40 [ 25.967558] [] ipv6_frag_rcv+0x3ce5/0x51e0 [ 25.974062] [] ip6_input_finish+0x57d/0x14f0 [ 25.980738] [] ip6_input+0xf8/0x1f0 [ 25.986645] [] ip6_rcv_finish+0x14d/0x670 [ 25.993062] [] ipv6_rcv+0xfc1/0x1a20 [ 25.999042] [] __netif_receive_skb_core+0x1300/0x2950 [ 26.006504] [] __netif_receive_skb+0x58/0x1c0 [ 26.013266] [] process_backlog+0x200/0x630 [ 26.019772] [] net_rx_action+0x367/0xd30 [ 26.026099] [] __do_softirq+0x226/0xa3f [ 26.032340] [] do_softirq_own_stack+0x1c/0x30 [ 26.039104] [] do_softirq.part.0+0x54/0x60 [ 26.045618] [] do_softirq+0x18/0x20 [ 26.051511] [] netif_rx_ni+0xeb/0x3b0 [ 26.057577] [] tun_get_user+0xdbf/0x2640 [ 26.063913] [] tun_chr_write_iter+0xda/0x190 [ 26.070591] [] do_iter_readv_writev+0x141/0x1e0 [ 26.077541] [] do_readv_writev+0x387/0x6e0 [ 26.084047] [] vfs_writev+0x7d/0xb0 [ 26.089969] [] SyS_writev+0xdc/0x260 [ 26.095949] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 26.103149] [ 26.103149] other info that might help us debug this: [ 26.103149] [ 26.111279] Possible unsafe locking scenario: [ 26.111279] [ 26.117309] CPU0 CPU1 [ 26.121949] ---- ---- [ 26.126604] lock(&(&q->lock)->rlock); [ 26.130795] lock(_xmit_NETROM); [ 26.136989] lock(&(&q->lock)->rlock); [ 26.143718] lock(_xmit_NETROM); [ 26.147388] [ 26.147388] *** DEADLOCK *** [ 26.147388] [ 26.153425] 9 locks held by syz-executor284/2071: [ 26.158240] #0: (rcu_read_lock){......}, at: [] process_backlog+0x19c/0x630 [ 26.167676] #1: (rcu_read_lock){......}, at: [] ip6_input_finish+0x0/0x14f0 [ 26.177117] #2: (&(&q->lock)->rlock){+.-...}, at: [] ipv6_frag_rcv+0x6cc/0x51e0 [ 26.186900] #3: (slock-AF_INET6){+.....}, at: [] icmp6_send+0x7bd/0x1b40 [ 26.196078] #4: (rcu_read_lock){......}, at: [] icmp6_send+0xf44/0x1b40 [ 26.205175] #5: (rcu_read_lock_bh){......}, at: [] ip6_finish_output2+0x1e1/0x1dc0 [ 26.215312] #6: (rcu_read_lock){......}, at: [] ndisc_send_skb+0x779/0x1110 [ 26.224747] #7: (rcu_read_lock_bh){......}, at: [] ip6_finish_output2+0x1e1/0x1dc0 [ 26.234771] #8: (rcu_read_lock_bh){......}, at: [] __dev_queue_xmit+0x1d7/0x1bb0 [ 26.244641] [ 26.244641] stack backtrace: [ 26.249114] CPU: 0 PID: 2071 Comm: syz-executor284 Not tainted 4.4.174+ #4 [ 26.256110] 0000000000000000 8a54b8c3490d0250 ffff8801db6064e0 ffffffff81aad1a1 [ 26.264108] ffffffff84057a80 ffff8800b6e68000 ffffffff83ad2af0 ffffffff83ad31b0 [ 26.272106] ffffffff83ad2af0 ffff8801db606530 ffffffff813abcda ffff8801db606610 [ 26.280123] Call Trace: [ 26.282679] [] dump_stack+0xc1/0x120 [ 26.288756] [] print_circular_bug.cold+0x2f7/0x44e [ 26.295310] [] __lock_acquire+0x37d6/0x4f50 [ 26.301253] [] ? check_usage+0x14e/0x5a0 [ 26.306943] [] ? trace_hardirqs_on+0x10/0x10 [ 26.313004] [] ? __lock_acquire+0x2c79/0x4f50 [ 26.319136] [] ? __dev_get_by_index+0x130/0x130 [ 26.325434] [] ? __skb_gso_segment+0x4c0/0x4c0 [ 26.331647] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.338389] [] lock_acquire+0x15e/0x450 [ 26.343990] [] ? sch_direct_xmit+0x238/0x700 [ 26.350025] [] _raw_spin_lock+0x38/0x50 [ 26.355623] [] ? sch_direct_xmit+0x238/0x700 [ 26.361656] [] sch_direct_xmit+0x238/0x700 [ 26.367518] [] ? dev_deactivate_queue.constprop.0+0x160/0x160 [ 26.375027] [] __dev_queue_xmit+0xd24/0x1bb0 [ 26.381057] [] ? __dev_queue_xmit+0x1d7/0x1bb0 [ 26.387262] [] ? trace_hardirqs_on+0x10/0x10 [ 26.393294] [] ? netdev_pick_tx+0x2f0/0x2f0 [ 26.399238] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.405966] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.412693] [] ? memcpy+0x46/0x50 [ 26.417769] [] dev_queue_xmit+0x18/0x20 [ 26.423371] [] neigh_resolve_output+0x4a0/0x7a0 [ 26.429664] [] ? ip6_finish_output2+0x9c7/0x1dc0 [ 26.436054] [] ip6_finish_output2+0x9c7/0x1dc0 [ 26.442261] [] ? ip6_finish_output2+0x1e1/0x1dc0 [ 26.448662] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.455390] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.462119] [] ? ip6_forward_finish+0x4a0/0x4a0 [ 26.468431] [] ? check_preemption_disabled+0x3c/0x200 [ 26.475252] [] ? check_preemption_disabled+0x3c/0x200 [ 26.482066] [] ? ip6_mtu+0x21f/0x340 [ 26.487436] [] ip6_finish_output+0x2f3/0x750 [ 26.493470] [] ip6_output+0x1b4/0x520 [ 26.498906] [] ? ip6_finish_output+0x750/0x750 [ 26.505111] [] ? nf_iterate+0x220/0x220 [ 26.510709] [] ? ip6_fragment+0x3210/0x3210 [ 26.516653] [] ndisc_send_skb+0x98d/0x1110 [ 26.522510] [] ? ndisc_send_skb+0x779/0x1110 [ 26.528541] [] ? ndisc_alloc_skb+0x330/0x330 [ 26.534573] [] ? compat_ipv6_setsockopt+0x1d0/0x1d0 [ 26.541213] [] ? memcpy+0x46/0x50 [ 26.546290] [] ? ndisc_fill_addr_option+0x19b/0x1f0 [ 26.552944] [] ndisc_send_ns+0x4bf/0x6b0 [ 26.558629] [] ? trace_hardirqs_on+0xd/0x10 [ 26.564573] [] ? ndisc_netdev_event+0x360/0x360 [ 26.570864] [] ? ipv6_chk_addr_and_flags+0x3a6/0x530 [ 26.577591] [] ? ipv6_chk_addr_and_flags+0x69/0x530 [ 26.584231] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 26.591131] [] ndisc_solicit+0x2b2/0x440 [ 26.596815] [] ? ndisc_send_ns+0x6b0/0x6b0 [ 26.602672] [] ? ndisc_send_ns+0x6b0/0x6b0 [ 26.608531] [] neigh_probe+0xc8/0x100 [ 26.613970] [] __neigh_event_send+0x2ab/0xc50 [ 26.620088] [] ? __local_bh_enable_ip+0x6a/0xe0 [ 26.626383] [] ? _raw_write_unlock_bh+0x31/0x40 [ 26.632675] [] neigh_resolve_output+0x5ec/0x7a0 [ 26.638968] [] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 26.646233] [] ip6_finish_output2+0x9c7/0x1dc0 [ 26.652440] [] ? ip6_finish_output2+0x1e1/0x1dc0 [ 26.658829] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.665558] [] ? ip6_forward_finish+0x4a0/0x4a0 [ 26.671940] [] ? check_preemption_disabled+0x3c/0x200 [ 26.678765] [] ? check_preemption_disabled+0x3c/0x200 [ 26.685592] [] ? ip6_mtu+0x21f/0x340 [ 26.690930] [] ip6_finish_output+0x2f3/0x750 [ 26.696975] [] ip6_output+0x1b4/0x520 [ 26.702402] [] ? ip6_finish_output+0x750/0x750 [ 26.708620] [] ? ip6_fragment+0x3210/0x3210 [ 26.714579] [] ip6_local_out+0x9c/0x180 [ 26.720177] [] ip6_send_skb+0xa2/0x340 [ 26.725688] [] ip6_push_pending_frames+0xbb/0xe0 [ 26.732068] [] icmpv6_push_pending_frames+0x336/0x530 [ 26.738879] [] icmp6_send+0x1506/0x1b40 [ 26.744477] [] ? icmpv6_push_pending_frames+0x530/0x530 [ 26.751467] [] ? __lock_acquire+0x94f/0x4f50 [ 26.757500] [] ? perf_trace_softirq+0x28a/0x3b0 [ 26.763794] [] ? ipv6_frag_rcv+0x6cc/0x51e0 [ 26.769739] [] icmpv6_param_prob+0x29/0x40 [ 26.775598] [] ipv6_frag_rcv+0x3ce5/0x51e0 [ 26.781457] [] ? ipv6_frags_init_net+0x3e0/0x3e0 [ 26.787836] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.794562] [] ip6_input_finish+0x57d/0x14f0 [ 26.800615] [] ? ip6_rcv_finish+0x670/0x670 [ 26.806561] [] ip6_input+0xf8/0x1f0 [ 26.811811] [] ? ipv6_rcv+0x1a20/0x1a20 [ 26.817422] [] ? ip6_rcv_finish+0x670/0x670 [ 26.823366] [] ip6_rcv_finish+0x14d/0x670 [ 26.829139] [] ipv6_rcv+0xfc1/0x1a20 [ 26.834475] [] ? ipv6_rcv+0xfc/0x1a20 [ 26.839900] [] ? ip6_input_finish+0x14f0/0x14f0 [ 26.846191] [] ? ip6_make_skb+0x3f0/0x3f0 [ 26.851982] [] ? packet_rcv_fanout+0x173/0x5f0 [ 26.858185] [] ? ip6_input_finish+0x14f0/0x14f0 [ 26.864491] [] __netif_receive_skb_core+0x1300/0x2950 [ 26.871319] [] ? dev_loopback_xmit+0x430/0x430 [ 26.877525] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.884251] [] ? check_preemption_disabled+0x3c/0x200 [ 26.891065] [] __netif_receive_skb+0x58/0x1c0 [ 26.897185] [] process_backlog+0x200/0x630 [ 26.903044] [] ? process_backlog+0x19c/0x630 [ 26.909078] [] ? net_rx_action+0x1fb/0xd30 [ 26.914938] [] net_rx_action+0x367/0xd30 [ 26.920659] [] ? net_rps_action_and_irq_enable.isra.0+0x170/0x170 [ 26.928515] [] __do_softirq+0x226/0xa3f [ 26.934114] [] do_softirq_own_stack+0x1c/0x30 [ 26.940231] [] do_softirq.part.0+0x54/0x60 [ 26.946846] [] do_softirq+0x18/0x20 [ 26.952097] [] netif_rx_ni+0xeb/0x3b0 [ 26.957522] [] tun_get_user+0xdbf/0x2640 [ 26.963209] [] ? tun_free_netdev+0xb0/0xb0 [ 26.969066] [] ? futex_wait+0x47d/0x600 [ 26.974665] [] ? try_to_wake_up+0x701/0x1110 [ 26.980711] [] ? irq_cpu_online+0x1a0/0x230 [ 26.986659] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.993384] [] ? __tun_get+0x126/0x230 [ 26.998895] [] tun_chr_write_iter+0xda/0x190 [ 27.004941] [] do_iter_readv_writev+0x141/0x1e0 [ 27.011233] [] ? tun_sendmsg+0x140/0x140 [ 27.016918] [] ? vfs_iter_read+0x280/0x280 [ 27.022777] [] ? rw_verify_area+0x103/0x2f0 [ 27.028739] [] ? tun_sendmsg+0x140/0x140 [ 27.034426] [] do_readv_writev+0x387/0x6e0 [ 27.040285] [] ? vfs_write+0x4e0/0x4e0 [ 27.045798] [] ? exit_robust_list+0x220/0x220 [ 27.051917] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 27.058653] [] ? check_preemption_disabled+0x3c/0x200 [ 27.065479] [] ? check_preemption_disabled+0x3c/0x200 [ 27.072296] [] ? __fget+0x13b/0x370 [ 27.077551] [] ? __fget+0x162/0x370 [ 27.082826] [] ? __fget+0x47/0x370 [ 27.087989] [] vfs_writev+0x7d/0xb0 [ 27.093250] [] SyS_writev+0xdc/0x260 [ 27.098587] [] ? SyS_readv+0x260/0x260 [ 27.104103] [] ? lockdep_sys_exit_thunk+0x12/0x14 [ 27.110579] [] entry_SYSCALL_64_fastpath+0x1e/0x9a