[....] Starting enhanced syslogd: rsyslogd[ 12.599807] audit: type=1400 audit(1515863991.816:5): avc: denied { syslog } for pid=3500 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.545809] audit: type=1400 audit(1515863998.762:6): avc: denied { map } for pid=3641 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.2' (ECDSA) to the list of known hosts. net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz0.router_solicitations = 0 [ 25.755492] audit: type=1400 audit(1515864004.972:7): avc: denied { map } for pid=3655 comm="syzkaller933393" path="/root/syzkaller933393991" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 26.140644] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument executing program [ 26.484294] [ 26.485936] ============================================ [ 26.491352] WARNING: possible recursive locking detected [ 26.496770] 4.15.0-rc7+ #187 Not tainted [ 26.500799] -------------------------------------------- [ 26.506215] syzkaller933393/3655 is trying to acquire lock: [ 26.511890] (_xmit_ETHER#2){+.-.}, at: [<00000000b0458497>] sch_direct_xmit+0x361/0x1140 [ 26.520186] [ 26.520186] but task is already holding lock: [ 26.526123] (_xmit_ETHER#2){+.-.}, at: [<00000000b0458497>] sch_direct_xmit+0x361/0x1140 [ 26.534449] [ 26.534449] other info that might help us debug this: [ 26.541091] Possible unsafe locking scenario: [ 26.541091] [ 26.547115] CPU0 [ 26.549665] ---- [ 26.552213] lock(_xmit_ETHER#2); [ 26.555722] lock(_xmit_ETHER#2); [ 26.559230] [ 26.559230] *** DEADLOCK *** [ 26.559230] [ 26.565260] May be due to missing lock nesting notation [ 26.565260] [ 26.572158] 8 locks held by syzkaller933393/3655: [ 26.576967] #0: (&tfile->napi_mutex){+.+.}, at: [<00000000dbfb1cd0>] tun_get_user+0xe6c/0x3940 [ 26.585868] #1: (rcu_read_lock){....}, at: [<000000005a6b6a38>] netif_receive_skb_internal+0xa2/0x670 [ 26.595395] #2: (k-slock-AF_INET){+...}, at: [<00000000e26b5ebe>] icmp_send+0x758/0x19b0 [ 26.603787] #3: (rcu_read_lock_bh){....}, at: [<00000000a632d416>] ip_finish_output2+0x2aa/0x14f0 [ 26.612947] #4: (rcu_read_lock_bh){....}, at: [<000000008495645d>] __dev_queue_xmit+0x2d8/0x2b50 [ 26.622023] #5: (_xmit_ETHER#2){+.-.}, at: [<00000000b0458497>] sch_direct_xmit+0x361/0x1140 [ 26.630754] #6: (rcu_read_lock_bh){....}, at: [<00000000a632d416>] ip_finish_output2+0x2aa/0x14f0 [ 26.639912] #7: (rcu_read_lock_bh){....}, at: [<000000008495645d>] __dev_queue_xmit+0x2d8/0x2b50 [ 26.648982] [ 26.648982] stack backtrace: [ 26.653451] CPU: 1 PID: 3655 Comm: syzkaller933393 Not tainted 4.15.0-rc7+ #187 [ 26.664251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.673576] Call Trace: [ 26.676138] dump_stack+0x194/0x257 [ 26.679740] ? arch_local_irq_restore+0x53/0x53 [ 26.684384] __lock_acquire+0xe8f/0x3e00 [ 26.688417] ? print_lockdep_cache.isra.31+0x109/0x109 [ 26.693673] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.698837] ? __kernel_text_address+0xd/0x40 [ 26.703302] ? unwind_get_return_address+0x61/0xa0 [ 26.708205] ? __save_stack_trace+0x7e/0xd0 [ 26.712509] ? print_lockdep_cache.isra.31+0x109/0x109 [ 26.717757] ? save_stack_trace+0x1a/0x20 [ 26.721877] ? save_trace+0xe0/0x2b0 [ 26.725565] ? __lock_acquire+0x36c0/0x3e00 [ 26.729858] ? skb_network_protocol+0xef/0x4b0 [ 26.734420] ? check_noncircular+0x20/0x20 [ 26.738625] ? netif_skb_features+0x5ff/0x9b0 [ 26.743092] ? dev_get_by_index_rcu+0x320/0x320 [ 26.747732] ? __skb_gso_segment+0x810/0x810 [ 26.752120] lock_acquire+0x1d5/0x580 [ 26.755894] ? lock_acquire+0x1d5/0x580 [ 26.759843] ? sch_direct_xmit+0x361/0x1140 [ 26.764139] ? validate_xmit_skb+0x50d/0xaf0 [ 26.768519] ? lock_release+0xa40/0xa40 [ 26.772462] ? netif_skb_features+0x9b0/0x9b0 [ 26.776930] ? pfifo_fast_dequeue+0x20e/0x870 [ 26.781400] _raw_spin_lock+0x2a/0x40 [ 26.785169] ? sch_direct_xmit+0x361/0x1140 [ 26.789460] sch_direct_xmit+0x361/0x1140 [ 26.793579] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 26.798566] ? pfifo_fast_reset+0x490/0x490 [ 26.802858] ? __lock_is_held+0xb6/0x140 [ 26.806891] __qdisc_run+0x57d/0x19c0 [ 26.810666] ? sch_direct_xmit+0x1140/0x1140 [ 26.815053] ? lock_release+0xa40/0xa40 [ 26.818998] ? __dev_queue_xmit+0x2d8/0x2b50 [ 26.823385] ? pfifo_fast_enqueue+0x2a0/0x420 [ 26.827851] __dev_queue_xmit+0xb62/0x2b50 [ 26.832059] ? netdev_pick_tx+0x300/0x300 [ 26.836180] ? find_held_lock+0x35/0x1d0 [ 26.840216] ? lock_downgrade+0x980/0x980 [ 26.844336] ? check_noncircular+0x20/0x20 [ 26.848543] ? __local_bh_enable_ip+0x121/0x230 [ 26.853184] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 26.858171] ? __neigh_create+0x1657/0x1d90 [ 26.862465] ? __local_bh_enable_ip+0x121/0x230 [ 26.867109] ? _raw_write_unlock_bh+0x30/0x40 [ 26.871580] ? __neigh_create+0xc06/0x1d90 [ 26.875790] ? print_irqtrace_events+0x270/0x270 [ 26.880529] ? ip_finish_output2+0x8c6/0x14f0 [ 26.884998] ? lock_downgrade+0x980/0x980 [ 26.889127] ? lock_release+0xa40/0xa40 [ 26.893074] ? mark_held_locks+0xaf/0x100 [ 26.897198] ? memcpy+0x45/0x50 [ 26.900453] dev_queue_xmit+0x17/0x20 [ 26.904227] ? dev_queue_xmit+0x17/0x20 [ 26.908174] neigh_resolve_output+0x5e2/0xa00 [ 26.912641] ? ether_setup+0x2d0/0x2d0 [ 26.916509] ? __neigh_event_send+0x1040/0x1040 [ 26.921150] ? ip_finish_output+0x864/0xd10 [ 26.925442] ? ip_mc_output+0x271/0x1350 [ 26.929482] ? ip_local_out+0x95/0x160 [ 26.933343] ip_finish_output2+0x8c6/0x14f0 [ 26.937639] ? ip_copy_metadata+0xac0/0xac0 [ 26.941932] ? check_noncircular+0x20/0x20 [ 26.946137] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 26.951140] ? ipt_do_table+0xd0a/0x1330 [ 26.955175] ? trace_hardirqs_on+0xd/0x10 [ 26.959295] ? __local_bh_enable_ip+0x121/0x230 [ 26.963944] ? ipt_do_table+0xd75/0x1330 [ 26.967981] ? ipv4_mtu+0x347/0x4c0 [ 26.971582] ? rt_cpu_seq_show+0x2c0/0x2c0 [ 26.975791] ? find_held_lock+0x35/0x1d0 [ 26.979830] ip_finish_output+0x864/0xd10 [ 26.983949] ? ip_finish_output+0x864/0xd10 [ 26.988243] ? ip_fragment.constprop.47+0x200/0x200 [ 26.993228] ? iptable_mangle_hook+0xaf/0x4a0 [ 26.997696] ? nf_hook_slow+0xd3/0x1a0 [ 27.001555] ip_mc_output+0x271/0x1350 [ 27.005417] ? ip_queue_xmit+0x18e0/0x18e0 [ 27.009633] ? lock_downgrade+0x980/0x980 [ 27.013763] ? nf_hook_slow+0xd3/0x1a0 [ 27.017621] ? __ip_local_out+0x494/0x7a0 [ 27.021738] ? ip_copy_addrs+0xe0/0xe0 [ 27.025598] ? skb_copy_ubufs+0x1910/0x1910 [ 27.029892] ? ip_fragment.constprop.47+0x200/0x200 [ 27.034881] ? __ip_select_ident+0x168/0x270 [ 27.039260] ? ip_idents_reserve+0x2a0/0x2a0 [ 27.043647] ip_local_out+0x95/0x160 [ 27.047334] iptunnel_xmit+0x556/0x810 [ 27.051194] ip_tunnel_xmit+0x1780/0x3650 [ 27.055315] ? ip_md_tunnel_xmit+0x14d0/0x14d0 [ 27.059871] ? lock_downgrade+0x980/0x980 [ 27.063993] ? pvclock_read_flags+0x160/0x160 [ 27.068466] ? mark_held_locks+0xaf/0x100 [ 27.072586] ? ktime_get_with_offset+0x188/0x420 [ 27.077319] ? kvm_clock_get_cycles+0x25/0x30 [ 27.081786] ? do_gettimeofday+0x190/0x190 [ 27.085993] __gre_xmit+0x546/0x8b0 [ 27.089595] erspan_xmit+0x7eb/0x2430 [ 27.093365] ? gretap_fb_dev_create+0x250/0x250 [ 27.098021] ? __lock_is_held+0xb6/0x140 [ 27.102061] dev_hard_start_xmit+0x24e/0xac0 [ 27.106451] ? validate_xmit_skb_list+0x120/0x120 [ 27.111264] ? __skb_gso_segment+0x810/0x810 [ 27.115643] ? lock_acquire+0x1d5/0x580 [ 27.119596] ? lock_acquire+0x1d5/0x580 [ 27.123539] ? sch_direct_xmit+0x361/0x1140 [ 27.127833] ? validate_xmit_skb+0x50d/0xaf0 [ 27.132214] ? lock_release+0xa40/0xa40 [ 27.136162] ? netif_skb_features+0x9b0/0x9b0 [ 27.140628] ? pfifo_fast_dequeue+0x20e/0x870 [ 27.145095] sch_direct_xmit+0x40d/0x1140 [ 27.149224] ? pfifo_fast_reset+0x490/0x490 [ 27.153520] ? __lock_is_held+0xb6/0x140 [ 27.157556] __qdisc_run+0x57d/0x19c0 [ 27.161331] ? sch_direct_xmit+0x1140/0x1140 [ 27.165710] ? lock_release+0xa40/0xa40 [ 27.169657] ? __dev_queue_xmit+0x2d8/0x2b50 [ 27.174042] ? pfifo_fast_enqueue+0x2a0/0x420 [ 27.178521] __dev_queue_xmit+0xb62/0x2b50 [ 27.182736] ? netdev_pick_tx+0x300/0x300 [ 27.186864] ? find_held_lock+0x35/0x1d0 [ 27.190899] ? lock_downgrade+0x980/0x980 [ 27.195025] ? check_noncircular+0x20/0x20 [ 27.199245] ? __local_bh_enable_ip+0x121/0x230 [ 27.203886] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 27.208886] ? __neigh_create+0x1657/0x1d90 [ 27.213189] ? __local_bh_enable_ip+0x121/0x230 [ 27.217839] ? _raw_write_unlock_bh+0x30/0x40 [ 27.222308] ? __neigh_create+0xc06/0x1d90 [ 27.226526] ? print_irqtrace_events+0x270/0x270 [ 27.231253] ? ip_finish_output2+0x8c6/0x14f0 [ 27.235719] ? lock_downgrade+0x980/0x980 [ 27.239837] ? lock_release+0xa40/0xa40 [ 27.243781] ? mark_held_locks+0xaf/0x100 [ 27.247912] ? memcpy+0x45/0x50 [ 27.251172] dev_queue_xmit+0x17/0x20 [ 27.254945] ? dev_queue_xmit+0x17/0x20 [ 27.258891] neigh_resolve_output+0x5e2/0xa00 [ 27.263356] ? ether_setup+0x2d0/0x2d0 [ 27.267214] ? __neigh_event_send+0x1040/0x1040 [ 27.271854] ? tun_get_user+0x2760/0x3940 [ 27.275971] ? tun_chr_write_iter+0xb9/0x160 [ 27.280352] ? do_iter_readv_writev+0x525/0x7f0 [ 27.284993] ip_finish_output2+0x8c6/0x14f0 [ 27.289290] ? mark_held_locks+0x10/0x100 [ 27.293409] ? ip_copy_metadata+0xac0/0xac0 [ 27.297702] ? check_noncircular+0x20/0x20 [ 27.301907] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 27.306896] ? ipt_do_table+0xd0a/0x1330 [ 27.310930] ? trace_hardirqs_on+0xd/0x10 [ 27.315054] ? __local_bh_enable_ip+0x121/0x230 [ 27.319695] ? ipt_do_table+0xd75/0x1330 [ 27.323747] ? ipv4_mtu+0x347/0x4c0 [ 27.327346] ? rt_cpu_seq_show+0x2c0/0x2c0 [ 27.332143] ? find_held_lock+0x35/0x1d0 [ 27.336185] ip_finish_output+0x864/0xd10 [ 27.340306] ? ip_finish_output+0x864/0xd10 [ 27.344601] ? ip_fragment.constprop.47+0x200/0x200 [ 27.349588] ? iptable_mangle_hook+0xaf/0x4a0 [ 27.354057] ? nf_hook_slow+0xd3/0x1a0 [ 27.357916] ip_mc_output+0x271/0x1350 [ 27.361775] ? ip_queue_xmit+0x18e0/0x18e0 [ 27.365995] ? lock_downgrade+0x980/0x980 [ 27.370120] ? nf_hook_slow+0xd3/0x1a0 [ 27.373977] ? __ip_local_out+0x494/0x7a0 [ 27.378100] ? ip_copy_addrs+0xe0/0xe0 [ 27.381959] ? dst_release+0x3a/0x90 [ 27.385645] ? __ip_make_skb+0xfd1/0x1850 [ 27.389774] ? ip_fragment.constprop.47+0x200/0x200 [ 27.394771] ip_local_out+0x95/0x160 [ 27.398458] ip_send_skb+0x3c/0xc0 [ 27.401976] ip_push_pending_frames+0x64/0x80 [ 27.406444] icmp_push_reply+0x395/0x4f0 [ 27.410478] icmp_send+0x1136/0x19b0 [ 27.414167] ? icmp_route_lookup.constprop.24+0x1360/0x1360 [ 27.419857] ? check_noncircular+0x20/0x20 [ 27.424064] ? __lock_acquire+0x664/0x3e00 [ 27.428275] ? __debug_object_init+0x235/0x1040 [ 27.432916] ? __is_insn_slot_addr+0x1fc/0x330 [ 27.437472] ? find_held_lock+0x35/0x1d0 [ 27.441506] ? lock_downgrade+0x980/0x980 [ 27.445625] ? lock_release+0xa40/0xa40 [ 27.449570] ip_options_compile+0xc21/0x1a50 [ 27.453950] ? ip_forward+0x1cd0/0x1cd0 [ 27.457899] ? ip_route_input_rcu+0x3180/0x3180 [ 27.462550] ip_rcv_finish+0x80f/0x1e30 [ 27.466508] ? inet_del_offload+0x40/0x40 [ 27.470635] ? ip_rcv+0xf22/0x1840 [ 27.474163] ? lock_downgrade+0x980/0x980 [ 27.478285] ? nf_nat_ipv4_in+0x1cd/0x270 [ 27.482402] ? iptable_nat_ipv4_fn+0x40/0x40 [ 27.486788] ? nf_hook_slow+0xd3/0x1a0 [ 27.490648] ip_rcv+0xc5a/0x1840 [ 27.493987] ? ip_local_deliver+0x6e0/0x6e0 [ 27.498294] ? inet_del_offload+0x40/0x40 [ 27.502413] ? ip_local_deliver+0x6e0/0x6e0 [ 27.506710] __netif_receive_skb_core+0x1a41/0x3460 [ 27.511700] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 27.516861] ? nf_ingress+0x9f0/0x9f0 [ 27.520644] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 27.525804] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 27.530963] ? check_noncircular+0x20/0x20 [ 27.535168] ? check_noncircular+0x20/0x20 [ 27.539375] ? lock_release+0xa40/0xa40 [ 27.543322] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 27.548398] ? print_irqtrace_events+0x270/0x270 [ 27.553126] ? lock_downgrade+0x980/0x980 [ 27.557248] ? pvclock_read_flags+0x160/0x160 [ 27.561712] ? mark_held_locks+0xaf/0x100 [ 27.565833] ? lock_acquire+0x1d5/0x580 [ 27.569779] ? lock_acquire+0x1d5/0x580 [ 27.573726] ? netif_receive_skb_internal+0xa2/0x670 [ 27.578803] ? ktime_get_with_offset+0x2c1/0x420 [ 27.583528] ? lock_release+0xa40/0xa40 [ 27.587473] ? do_gettimeofday+0x190/0x190 [ 27.591681] __netif_receive_skb+0x2c/0x1b0 [ 27.595982] ? __netif_receive_skb+0x2c/0x1b0 [ 27.600452] netif_receive_skb_internal+0x10b/0x670 [ 27.605449] ? dev_cpu_dead+0xb00/0xb00 [ 27.609404] ? net_rx_action+0x1910/0x1910 [ 27.613611] ? eth_type_trans+0x2b2/0x710 [ 27.617730] ? eth_gro_receive+0x820/0x820 [ 27.621948] napi_gro_frags+0x58a/0xaf0 [ 27.625894] ? napi_gro_receive+0x500/0x500 [ 27.630192] ? tun_get_user+0x2737/0x3940 [ 27.634313] tun_get_user+0x2760/0x3940 [ 27.638266] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 27.643437] ? do_huge_pmd_anonymous_page+0xb21/0x1b00 [ 27.648692] ? tun_build_skb.isra.49+0x1810/0x1810 [ 27.653596] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 27.658765] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 27.663926] ? avc_has_extended_perms+0x12c0/0x12c0 [ 27.668915] ? find_held_lock+0x35/0x1d0 [ 27.672948] ? tun_get+0x1ab/0x2e0 [ 27.676459] ? lock_release+0xa40/0xa40 [ 27.680410] ? __lock_is_held+0xb6/0x140 [ 27.684453] ? tun_get+0x1d4/0x2e0 [ 27.687966] ? tun_do_read+0x2600/0x2600 [ 27.691998] ? __check_object_size+0x25d/0x4f0 [ 27.696557] ? rcu_note_context_switch+0x710/0x710 [ 27.701480] tun_chr_write_iter+0xb9/0x160 [ 27.705706] do_iter_readv_writev+0x525/0x7f0 [ 27.710192] ? vfs_dedupe_file_range+0x8f0/0x8f0 [ 27.714924] ? rw_verify_area+0xe5/0x2b0 [ 27.718959] do_iter_write+0x154/0x540 [ 27.722828] ? dup_iter+0x260/0x260 [ 27.726429] vfs_writev+0x18a/0x340 [ 27.730031] ? __fget_light+0x297/0x380 [ 27.733987] ? vfs_iter_write+0xb0/0xb0 [ 27.737946] ? up_read+0x1a/0x40 [ 27.741287] ? __do_page_fault+0x3d6/0xc90 [ 27.745494] ? mm_fault_error+0x2c0/0x2c0 [ 27.749625] ? __fdget_pos+0x130/0x190 [ 27.753485] ? __fdget_raw+0x20/0x20 [ 27.757170] ? __do_page_fault+0xc90/0xc90 [ 27.761379] do_writev+0xfc/0x2a0 [ 27.764803] ? do_writev+0xfc/0x2a0 [ 27.768402] ? vfs_writev+0x340/0x340 [ 27.772176] ? entry_SYSCALL_64_fastpath+0x5/0x9a [ 27.776991] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 27.781982] SyS_writev+0x27/0x30 [ 27.785408] entry_SYSCALL_64_fastpath+0x23/0x9a [ 27.790136] RIP: 0033:0x444f50 [ 27.793297] RSP: 002b:00007ffe39ff41a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 27.800976] RAX: ffffffffffffffda RBX: 00000000004a6852 RCX: 0000000000444f50 [ 27.808239] RDX: 0000000000000001 RSI: 00007ffe39ff41e0 RDI: 0000000000000003 [ 27.815480] RBP: 00007ffe39ff42d8 R08: 0000000000000023 R09: 0000000000000000 [ 27.822723] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe39ff42d8 [ 27.829968] R13: 0000000000402520 R14: 0000000000000000 R15: 0000000000000000 [