[....] Starting enhanced syslogd: rsyslogd[ 13.658404] audit: type=1400 audit(1571476913.572:4): avc: denied { syslog } for pid=1919 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.39' (ECDSA) to the list of known hosts. syzkaller login: [ 22.517932] [ 22.519588] ====================================================== [ 22.525914] [ INFO: possible circular locking dependency detected ] [ 22.532294] 4.4.174+ #17 Not tainted [ 22.535989] ------------------------------------------------------- [ 22.542385] syz-executor044/2068 is trying to acquire lock: [ 22.548071] (_xmit_NETROM){+.-...}, at: [] sch_direct_xmit+0x238/0x700 [ 22.556853] [ 22.556853] but task is already holding lock: [ 22.562811] (&(&q->lock)->rlock){+.-...}, at: [] ipv6_frag_rcv+0x6cc/0x51e0 [ 22.572027] [ 22.572027] which lock already depends on the new lock. [ 22.572027] [ 22.580323] [ 22.580323] the existing dependency chain (in reverse order) is: [ 22.587940] -> #1 (&(&q->lock)->rlock){+.-...}: [ 22.593250] [] lock_acquire+0x15e/0x450 [ 22.599491] [] _raw_spin_lock_irqsave+0x50/0x70 [ 22.606449] [] depot_save_stack+0x20c/0x5f0 [ 22.613045] [] kasan_kmalloc.part.0+0xc6/0xf0 [ 22.619815] [] kasan_kmalloc+0xb7/0xd0 [ 22.625967] [] kasan_slab_alloc+0xf/0x20 [ 22.632305] [] kmem_cache_alloc+0xdc/0x2c0 [ 22.638811] [] inet_getpeer+0x1525/0x1ce0 [ 22.645264] [] ip4_frag_init+0x2a2/0x310 [ 22.651594] [] inet_frag_create+0x1ac/0x14e0 [ 22.658269] [] inet_frag_find+0x64d/0x880 [ 22.664695] [] ip_defrag+0x2fb/0x3b70 [ 22.670771] [] ip_check_defrag+0x3d6/0x5b0 [ 22.677297] [] packet_rcv_fanout+0x51e/0x5f0 [ 22.683976] [] dev_hard_start_xmit+0x654/0x11e0 [ 22.690923] [] sch_direct_xmit+0x2b6/0x700 [ 22.697430] [] __dev_queue_xmit+0xd24/0x1bb0 [ 22.704104] [] dev_queue_xmit+0x18/0x20 [ 22.710357] [] neigh_resolve_output+0x4a0/0x7a0 [ 22.717299] [] ip_finish_output2+0x6a2/0x1280 [ 22.724061] [] ip_do_fragment+0x187c/0x1f70 [ 22.730646] [] ip_fragment.constprop.0+0x14b/0x200 [ 22.737841] [] ip_finish_output+0x3b9/0xc60 [ 22.744692] [] ip_mc_output+0x251/0xae0 [ 22.750932] [] ip_local_out+0x9c/0x180 [ 22.757085] [] ip_send_skb+0x3e/0xc0 [ 22.763093] [] udp_send_skb+0x4fd/0xc70 [ 22.769354] [] udp_push_pending_frames+0x4e/0xe0 [ 22.776377] [] udp_sendpage+0x2ae/0x410 [ 22.782617] [] inet_sendpage+0x223/0x520 [ 22.789012] [] kernel_sendpage+0x95/0xf0 [ 22.795363] [] sock_sendpage+0x8b/0xc0 [ 22.801529] [] pipe_to_sendpage+0x28d/0x3d0 [ 22.808130] [] __splice_from_pipe+0x37e/0x7a0 [ 22.814890] [] splice_from_pipe+0x108/0x170 [ 22.821474] [] generic_splice_sendpage+0x3c/0x50 [ 22.828497] [] SyS_splice+0xd71/0x13a0 [ 22.834663] [] do_fast_syscall_32+0x32d/0xa90 [ 22.841427] [] sysenter_flags_fixed+0xd/0x1a [ 22.848112] -> #0 (_xmit_NETROM){+.-...}: [ 22.852895] [] __lock_acquire+0x37d6/0x4f50 [ 22.859489] [] lock_acquire+0x15e/0x450 [ 22.865737] [] _raw_spin_lock+0x38/0x50 [ 22.871977] [] sch_direct_xmit+0x238/0x700 [ 22.878500] [] __dev_queue_xmit+0xd24/0x1bb0 [ 22.885173] [] dev_queue_xmit+0x18/0x20 [ 22.891422] [] neigh_resolve_output+0x4a0/0x7a0 [ 22.898355] [] ip6_finish_output2+0x9c7/0x1dc0 [ 22.905218] [] ip6_finish_output+0x2f3/0x750 [ 22.911901] [] ip6_output+0x1b4/0x520 [ 22.917969] [] ndisc_send_skb+0x98d/0x1110 [ 22.924483] [] ndisc_send_ns+0x4bf/0x6b0 [ 22.930809] [] ndisc_solicit+0x2b2/0x440 [ 22.937133] [] neigh_probe+0xc8/0x100 [ 22.943201] [] __neigh_event_send+0x2ab/0xc50 [ 22.949998] [] neigh_resolve_output+0x5ec/0x7a0 [ 22.956941] [] ip6_finish_output2+0x9c7/0x1dc0 [ 22.963822] [] ip6_finish_output+0x2f3/0x750 [ 22.970511] [] ip6_output+0x1b4/0x520 [ 22.976575] [] ip6_local_out+0x9c/0x180 [ 22.982819] [] ip6_send_skb+0xa2/0x340 [ 22.988973] [] ip6_push_pending_frames+0xbb/0xe0 [ 22.996002] [] icmpv6_push_pending_frames+0x336/0x530 [ 23.003458] [] icmp6_send+0x1506/0x1b40 [ 23.009696] [] icmpv6_param_prob+0x29/0x40 [ 23.016194] [] ipv6_frag_rcv+0x3ce5/0x51e0 [ 23.022707] [] ip6_input_finish+0x57d/0x14f0 [ 23.029392] [] ip6_input+0xf8/0x1f0 [ 23.035304] [] ip6_rcv_finish+0x14d/0x670 [ 23.041725] [] ipv6_rcv+0xfc1/0x1a20 [ 23.047718] [] __netif_receive_skb_core+0x1300/0x2950 [ 23.055172] [] __netif_receive_skb+0x58/0x1c0 [ 23.061934] [] process_backlog+0x200/0x630 [ 23.068445] [] net_rx_action+0x367/0xd30 [ 23.074773] [] __do_softirq+0x226/0xa3f [ 23.081012] [] do_softirq_own_stack+0x1c/0x30 [ 23.087771] [] do_softirq.part.0+0x54/0x60 [ 23.094272] [] do_softirq+0x18/0x20 [ 23.100174] [] netif_rx_ni+0xeb/0x3b0 [ 23.106248] [] tun_get_user+0xdbf/0x2640 [ 23.112573] [] tun_chr_write_iter+0xda/0x190 [ 23.119255] [] do_iter_readv_writev+0x141/0x1e0 [ 23.126200] [] compat_do_readv_writev+0x389/0x6e0 [ 23.133319] [] compat_writev+0xe1/0x150 [ 23.139559] [] compat_SyS_writev+0xdb/0x1c0 [ 23.146144] [] do_fast_syscall_32+0x32d/0xa90 [ 23.152905] [] sysenter_flags_fixed+0xd/0x1a [ 23.159597] [ 23.159597] other info that might help us debug this: [ 23.159597] [ 23.167712] Possible unsafe locking scenario: [ 23.167712] [ 23.174348] CPU0 CPU1 [ 23.178986] ---- ---- [ 23.183623] lock(&(&q->lock)->rlock); [ 23.187806] lock(_xmit_NETROM); [ 23.193993] lock(&(&q->lock)->rlock); [ 23.200695] lock(_xmit_NETROM); [ 23.204373] [ 23.204373] *** DEADLOCK *** [ 23.204373] [ 23.210417] 9 locks held by syz-executor044/2068: [ 23.215228] #0: (rcu_read_lock){......}, at: [] process_backlog+0x19c/0x630 [ 23.224666] #1: (rcu_read_lock){......}, at: [] ip6_input_finish+0x0/0x14f0 [ 23.234110] #2: (&(&q->lock)->rlock){+.-...}, at: [] ipv6_frag_rcv+0x6cc/0x51e0 [ 23.243885] #3: (slock-AF_INET6){+.....}, at: [] icmp6_send+0x7bd/0x1b40 [ 23.253070] #4: (rcu_read_lock){......}, at: [] icmp6_send+0xf44/0x1b40 [ 23.262158] #5: (rcu_read_lock_bh){......}, at: [] ip6_finish_output2+0x1e1/0x1dc0 [ 23.272198] #6: (rcu_read_lock){......}, at: [] ndisc_send_skb+0x779/0x1110 [ 23.281619] #7: (rcu_read_lock_bh){......}, at: [] ip6_finish_output2+0x1e1/0x1dc0 [ 23.291651] #8: (rcu_read_lock_bh){......}, at: [] __dev_queue_xmit+0x1d7/0x1bb0 [ 23.301502] [ 23.301502] stack backtrace: [ 23.305976] CPU: 0 PID: 2068 Comm: syz-executor044 Not tainted 4.4.174+ #17 [ 23.313049] 0000000000000000 78c9842e5228bdbc ffff8801db6064e0 ffffffff81aad1a1 [ 23.321053] ffffffff84057a80 ffff8800b767c740 ffffffff83ad3360 ffffffff83ad3a20 [ 23.329049] ffffffff83ad3360 ffff8801db606530 ffffffff813abcda ffff8801db606610 [ 23.337068] Call Trace: [ 23.339622] [] dump_stack+0xc1/0x120 [ 23.345696] [] print_circular_bug.cold+0x2f7/0x44e [ 23.352264] [] __lock_acquire+0x37d6/0x4f50 [ 23.358210] [] ? check_usage+0x14e/0x5a0 [ 23.363906] [] ? trace_hardirqs_on+0x10/0x10 [ 23.369956] [] ? __lock_acquire+0x2c79/0x4f50 [ 23.376083] [] ? __dev_get_by_index+0x130/0x130 [ 23.382385] [] ? __skb_gso_segment+0x4c0/0x4c0 [ 23.388596] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 23.395329] [] lock_acquire+0x15e/0x450 [ 23.400926] [] ? sch_direct_xmit+0x238/0x700 [ 23.406974] [] _raw_spin_lock+0x38/0x50 [ 23.412582] [] ? sch_direct_xmit+0x238/0x700 [ 23.418623] [] sch_direct_xmit+0x238/0x700 [ 23.424485] [] ? dev_deactivate_queue.constprop.0+0x160/0x160 [ 23.431996] [] __dev_queue_xmit+0xd24/0x1bb0 [ 23.438028] [] ? __dev_queue_xmit+0x1d7/0x1bb0 [ 23.444279] [] ? trace_hardirqs_on+0x10/0x10 [ 23.450314] [] ? netdev_pick_tx+0x2f0/0x2f0 [ 23.456263] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 23.462990] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 23.469721] [] ? memcpy+0x46/0x50 [ 23.474845] [] dev_queue_xmit+0x18/0x20 [ 23.480484] [] neigh_resolve_output+0x4a0/0x7a0 [ 23.486783] [] ? ip6_finish_output2+0x9c7/0x1dc0 [ 23.493171] [] ip6_finish_output2+0x9c7/0x1dc0 [ 23.499377] [] ? ip6_finish_output2+0x1e1/0x1dc0 [ 23.505758] [] ? ip6_forward_finish+0x4a0/0x4a0 [ 23.512053] [] ? check_preemption_disabled+0x3c/0x200 [ 23.518871] [] ? check_preemption_disabled+0x3c/0x200 [ 23.525699] [] ? ip6_mtu+0x21f/0x340 [ 23.531037] [] ip6_finish_output+0x2f3/0x750 [ 23.537072] [] ip6_output+0x1b4/0x520 [ 23.542498] [] ? ip6_finish_output+0x750/0x750 [ 23.548720] [] ? nf_iterate+0x220/0x220 [ 23.554326] [] ? ip6_fragment+0x3210/0x3210 [ 23.560274] [] ndisc_send_skb+0x98d/0x1110 [ 23.566141] [] ? ndisc_send_skb+0x779/0x1110 [ 23.572173] [] ? ndisc_alloc_skb+0x330/0x330 [ 23.578207] [] ? compat_ipv6_setsockopt+0x1d0/0x1d0 [ 23.584849] [] ? memcpy+0x46/0x50 [ 23.589928] [] ? ndisc_fill_addr_option+0x19b/0x1f0 [ 23.596569] [] ndisc_send_ns+0x4bf/0x6b0 [ 23.602253] [] ? trace_hardirqs_on+0xd/0x10 [ 23.608199] [] ? ndisc_netdev_event+0x360/0x360 [ 23.614513] [] ? ipv6_chk_addr_and_flags+0x3a6/0x530 [ 23.621242] [] ? ipv6_chk_addr_and_flags+0x69/0x530 [ 23.627884] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 23.634796] [] ndisc_solicit+0x2b2/0x440 [ 23.640480] [] ? ndisc_send_ns+0x6b0/0x6b0 [ 23.646338] [] ? ndisc_send_ns+0x6b0/0x6b0 [ 23.652196] [] neigh_probe+0xc8/0x100 [ 23.657630] [] __neigh_event_send+0x2ab/0xc50 [ 23.663749] [] ? __local_bh_enable_ip+0x6a/0xe0 [ 23.670055] [] ? _raw_write_unlock_bh+0x31/0x40 [ 23.676435] [] neigh_resolve_output+0x5ec/0x7a0 [ 23.682993] [] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 23.690243] [] ip6_finish_output2+0x9c7/0x1dc0 [ 23.696470] [] ? ip6_finish_output2+0x1e1/0x1dc0 [ 23.702869] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 23.709605] [] ? ip6_forward_finish+0x4a0/0x4a0 [ 23.715897] [] ? check_preemption_disabled+0x3c/0x200 [ 23.722718] [] ? check_preemption_disabled+0x3c/0x200 [ 23.729540] [] ? ip6_mtu+0x21f/0x340 [ 23.734878] [] ip6_finish_output+0x2f3/0x750 [ 23.740920] [] ip6_output+0x1b4/0x520 [ 23.746345] [] ? ip6_finish_output+0x750/0x750 [ 23.752551] [] ? ip6_fragment+0x3210/0x3210 [ 23.758496] [] ip6_local_out+0x9c/0x180 [ 23.764093] [] ip6_send_skb+0xa2/0x340 [ 23.769621] [] ip6_push_pending_frames+0xbb/0xe0 [ 23.776013] [] icmpv6_push_pending_frames+0x336/0x530 [ 23.783001] [] icmp6_send+0x1506/0x1b40 [ 23.788609] [] ? icmpv6_push_pending_frames+0x530/0x530 [ 23.795601] [] ? __lock_acquire+0x94f/0x4f50 [ 23.801634] [] ? perf_trace_softirq+0x28a/0x3b0 [ 23.807929] [] ? ipv6_frag_rcv+0x6cc/0x51e0 [ 23.813875] [] icmpv6_param_prob+0x29/0x40 [ 23.819735] [] ipv6_frag_rcv+0x3ce5/0x51e0 [ 23.825593] [] ? ipv6_frags_init_net+0x3e0/0x3e0 [ 23.831974] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 23.838701] [] ip6_input_finish+0x57d/0x14f0 [ 23.844732] [] ? ip6_rcv_finish+0x670/0x670 [ 23.850674] [] ip6_input+0xf8/0x1f0 [ 23.855924] [] ? ipv6_rcv+0x1a20/0x1a20 [ 23.861521] [] ? ip6_rcv_finish+0x670/0x670 [ 23.867465] [] ip6_rcv_finish+0x14d/0x670 [ 23.873321] [] ipv6_rcv+0xfc1/0x1a20 [ 23.878657] [] ? ipv6_rcv+0xfc/0x1a20 [ 23.884084] [] ? ip6_input_finish+0x14f0/0x14f0 [ 23.890376] [] ? ip6_make_skb+0x3f0/0x3f0 [ 23.896411] [] ? packet_rcv_fanout+0x173/0x5f0 [ 23.902613] [] ? ip6_input_finish+0x14f0/0x14f0 [ 23.908908] [] __netif_receive_skb_core+0x1300/0x2950 [ 23.915742] [] ? dev_loopback_xmit+0x430/0x430 [ 23.921948] [] ? _raw_spin_unlock_irqrestore+0x45/0x70 [ 23.928850] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 23.935591] [] ? check_preemption_disabled+0x3c/0x200 [ 23.942412] [] __netif_receive_skb+0x58/0x1c0 [ 23.948685] [] process_backlog+0x200/0x630 [ 23.954555] [] ? process_backlog+0x19c/0x630 [ 23.960587] [] ? net_rx_action+0x1fb/0xd30 [ 23.966454] [] net_rx_action+0x367/0xd30 [ 23.972140] [] ? run_timer_softirq+0xf6/0xb70 [ 23.978260] [] ? net_rps_action_and_irq_enable.isra.0+0x170/0x170 [ 23.986115] [] __do_softirq+0x226/0xa3f [ 23.991720] [] do_softirq_own_stack+0x1c/0x30 [ 23.997839] [] do_softirq.part.0+0x54/0x60 [ 24.004434] [] do_softirq+0x18/0x20 [ 24.009688] [] netif_rx_ni+0xeb/0x3b0 [ 24.015112] [] tun_get_user+0xdbf/0x2640 [ 24.020810] [] ? tun_free_netdev+0xb0/0xb0 [ 24.026671] [] ? futex_wait+0x47d/0x600 [ 24.032270] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 24.038996] [] ? __tun_get+0x126/0x230 [ 24.044519] [] tun_chr_write_iter+0xda/0x190 [ 24.050549] [] do_iter_readv_writev+0x141/0x1e0 [ 24.056843] [] ? tun_sendmsg+0x140/0x140 [ 24.062536] [] ? vfs_iter_read+0x280/0x280 [ 24.068395] [] ? rw_verify_area+0x103/0x2f0 [ 24.074341] [] ? tun_sendmsg+0x140/0x140 [ 24.080036] [] compat_do_readv_writev+0x389/0x6e0 [ 24.086502] [] ? vfs_writev+0xb0/0xb0 [ 24.091925] [] ? check_preemption_disabled+0x3c/0x200 [ 24.098739] [] ? __fget+0x13b/0x370 [ 24.104000] [] ? __fget+0x162/0x370 [ 24.109253] [] ? __fget+0x47/0x370 [ 24.114427] [] compat_writev+0xe1/0x150 [ 24.120024] [] compat_SyS_writev+0xdb/0x1c0 [ 24.125979] [] ? compat_SyS_preadv+0x50/0x50 [ 24.132013] [] ? do_fast_syscall_32+0xd6/0xa90 [ 24.138219] [] ? compat_SyS_preadv+0x50/0x50 [ 24.144252] [] do_fast_syscall_32+0x32d/0xa90 [ 24.150372] [] sysenter_flags_fixed+0xd/0x1a