[....] Starting enhanced syslogd: rsyslogd[ 13.692190] audit: type=1400 audit(1571648710.586:4): avc: denied { syslog } for pid=1920 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.42' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 25.193406] [ 25.195091] ====================================================== [ 25.201386] [ INFO: possible circular locking dependency detected ] [ 25.207767] 4.4.174+ #4 Not tainted [ 25.211380] ------------------------------------------------------- [ 25.217757] syz-executor928/2075 is trying to acquire lock: [ 25.223439] (_xmit_NETROM){+.-...}, at: [] sch_direct_xmit+0x238/0x700 [ 25.232244] [ 25.232244] but task is already holding lock: [ 25.238212] (&(&q->lock)->rlock){+.-...}, at: [] ipv6_frag_rcv+0x6cc/0x51e0 [ 25.247488] [ 25.247488] which lock already depends on the new lock. [ 25.247488] [ 25.255779] [ 25.255779] the existing dependency chain (in reverse order) is: [ 25.263372] -> #1 (&(&q->lock)->rlock){+.-...}: [ 25.268694] [] lock_acquire+0x15e/0x450 [ 25.274949] [] _raw_spin_lock_irqsave+0x50/0x70 [ 25.281905] [] depot_save_stack+0x20c/0x5f0 [ 25.288496] [] kasan_kmalloc.part.0+0xc6/0xf0 [ 25.295288] [] kasan_kmalloc+0xb7/0xd0 [ 25.301463] [] kasan_slab_alloc+0xf/0x20 [ 25.307810] [] kmem_cache_alloc+0xdc/0x2c0 [ 25.314342] [] inet_getpeer+0x1525/0x1ce0 [ 25.325023] [] ip4_frag_init+0x2a2/0x310 [ 25.331366] [] inet_frag_create+0x1ac/0x14e0 [ 25.338060] [] inet_frag_find+0x64d/0x880 [ 25.344577] [] ip_defrag+0x2fb/0x3b70 [ 25.350657] [] ip_check_defrag+0x3d6/0x5b0 [ 25.357175] [] packet_rcv_fanout+0x51e/0x5f0 [ 25.363874] [] dev_hard_start_xmit+0x654/0x11e0 [ 25.370818] [] sch_direct_xmit+0x2b6/0x700 [ 25.377336] [] __dev_queue_xmit+0xd24/0x1bb0 [ 25.384015] [] dev_queue_xmit+0x18/0x20 [ 25.390264] [] neigh_resolve_output+0x4a0/0x7a0 [ 25.397213] [] ip_finish_output2+0x6a2/0x1280 [ 25.403976] [] ip_do_fragment+0x187c/0x1f70 [ 25.410564] [] ip_fragment.constprop.0+0x14b/0x200 [ 25.417772] [] ip_finish_output+0x3b9/0xc60 [ 25.424363] [] ip_mc_output+0x251/0xae0 [ 25.430605] [] ip_local_out+0x9c/0x180 [ 25.436761] [] ip_send_skb+0x3e/0xc0 [ 25.442744] [] udp_send_skb+0x4fd/0xc70 [ 25.448990] [] udp_push_pending_frames+0x4e/0xe0 [ 25.456016] [] udp_sendpage+0x2ae/0x410 [ 25.462259] [] inet_sendpage+0x223/0x520 [ 25.468616] [] kernel_sendpage+0x95/0xf0 [ 25.475053] [] sock_sendpage+0x8b/0xc0 [ 25.481234] [] pipe_to_sendpage+0x28d/0x3d0 [ 25.487843] [] __splice_from_pipe+0x37e/0x7a0 [ 25.494640] [] splice_from_pipe+0x108/0x170 [ 25.501263] [] generic_splice_sendpage+0x3c/0x50 [ 25.508305] [] SyS_splice+0xd71/0x13a0 [ 25.514494] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 25.521700] -> #0 (_xmit_NETROM){+.-...}: [ 25.526504] [] __lock_acquire+0x37d6/0x4f50 [ 25.533100] [] lock_acquire+0x15e/0x450 [ 25.539357] [] _raw_spin_lock+0x38/0x50 [ 25.545600] [] sch_direct_xmit+0x238/0x700 [ 25.552135] [] __dev_queue_xmit+0xd24/0x1bb0 [ 25.558914] [] dev_queue_xmit+0x18/0x20 [ 25.565164] [] neigh_resolve_output+0x4a0/0x7a0 [ 25.572123] [] ip6_finish_output2+0x9c7/0x1dc0 [ 25.579102] [] ip6_finish_output+0x2f3/0x750 [ 25.585799] [] ip6_output+0x1b4/0x520 [ 25.591883] [] ndisc_send_skb+0x98d/0x1110 [ 25.598414] [] ndisc_send_ns+0x4bf/0x6b0 [ 25.604753] [] ndisc_solicit+0x2b2/0x440 [ 25.611082] [] neigh_probe+0xc8/0x100 [ 25.617222] [] __neigh_event_send+0x2ab/0xc50 [ 25.623993] [] neigh_resolve_output+0x5ec/0x7a0 [ 25.631007] [] ip6_finish_output2+0x9c7/0x1dc0 [ 25.637886] [] ip6_finish_output+0x2f3/0x750 [ 25.644564] [] ip6_output+0x1b4/0x520 [ 25.650635] [] ip6_local_out+0x9c/0x180 [ 25.656895] [] ip6_send_skb+0xa2/0x340 [ 25.663061] [] ip6_push_pending_frames+0xbb/0xe0 [ 25.670083] [] icmpv6_push_pending_frames+0x336/0x530 [ 25.677576] [] icmp6_send+0x1506/0x1b40 [ 25.683830] [] icmpv6_param_prob+0x29/0x40 [ 25.690337] [] ipv6_frag_rcv+0x3ce5/0x51e0 [ 25.696851] [] ip6_input_finish+0x57d/0x14f0 [ 25.703540] [] ip6_input+0xf8/0x1f0 [ 25.709506] [] ip6_rcv_finish+0x14d/0x670 [ 25.715938] [] ipv6_rcv+0xfc1/0x1a20 [ 25.721949] [] __netif_receive_skb_core+0x1300/0x2950 [ 25.729412] [] __netif_receive_skb+0x58/0x1c0 [ 25.736279] [] process_backlog+0x200/0x630 [ 25.742820] [] net_rx_action+0x367/0xd30 [ 25.749192] [] __do_softirq+0x226/0xa3f [ 25.755461] [] do_softirq_own_stack+0x1c/0x30 [ 25.762251] [] do_softirq.part.0+0x54/0x60 [ 25.768779] [] do_softirq+0x18/0x20 [ 25.774959] [] netif_rx_ni+0xeb/0x3b0 [ 25.781058] [] tun_get_user+0xdbf/0x2640 [ 25.787406] [] tun_chr_write_iter+0xda/0x190 [ 25.794100] [] do_iter_readv_writev+0x141/0x1e0 [ 25.801046] [] do_readv_writev+0x387/0x6e0 [ 25.807552] [] vfs_writev+0x7d/0xb0 [ 25.813447] [] SyS_writev+0xdc/0x260 [ 25.819431] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 25.826651] [ 25.826651] other info that might help us debug this: [ 25.826651] [ 25.834773] Possible unsafe locking scenario: [ 25.834773] [ 25.840818] CPU0 CPU1 [ 25.845459] ---- ---- [ 25.850098] lock(&(&q->lock)->rlock); [ 25.854307] lock(_xmit_NETROM); [ 25.860510] lock(&(&q->lock)->rlock); [ 25.867242] lock(_xmit_NETROM); [ 25.870975] [ 25.870975] *** DEADLOCK *** [ 25.870975] [ 25.877096] 9 locks held by syz-executor928/2075: [ 25.881912] #0: (rcu_read_lock){......}, at: [] process_backlog+0x19c/0x630 [ 25.891390] #1: (rcu_read_lock){......}, at: [] ip6_input_finish+0x0/0x14f0 [ 25.900854] #2: (&(&q->lock)->rlock){+.-...}, at: [] ipv6_frag_rcv+0x6cc/0x51e0 [ 25.910654] #3: (slock-AF_INET6){+.....}, at: [] icmp6_send+0x7bd/0x1b40 [ 25.919836] #4: (rcu_read_lock){......}, at: [] icmp6_send+0xf44/0x1b40 [ 25.928992] #5: (rcu_read_lock_bh){......}, at: [] ip6_finish_output2+0x1e1/0x1dc0 [ 25.939405] #6: (rcu_read_lock){......}, at: [] ndisc_send_skb+0x779/0x1110 [ 25.948864] #7: (rcu_read_lock_bh){......}, at: [] ip6_finish_output2+0x1e1/0x1dc0 [ 25.959521] #8: (rcu_read_lock_bh){......}, at: [] __dev_queue_xmit+0x1d7/0x1bb0 [ 25.969403] [ 25.969403] stack backtrace: [ 25.973878] CPU: 0 PID: 2075 Comm: syz-executor928 Not tainted 4.4.174+ #4 [ 25.980867] 0000000000000000 ac5918a0180d1a7e ffff8801db6064e0 ffffffff81aad1a1 [ 25.988943] ffffffff84057a80 ffff8801d4f4af80 ffffffff83ad2e50 ffffffff83ad3510 [ 25.996963] ffffffff83ad2e50 ffff8801db606530 ffffffff813abcda ffff8801db606610 [ 26.004991] Call Trace: [ 26.007561] [] dump_stack+0xc1/0x120 [ 26.013657] [] print_circular_bug.cold+0x2f7/0x44e [ 26.020214] [] __lock_acquire+0x37d6/0x4f50 [ 26.026246] [] ? check_usage+0x14e/0x5a0 [ 26.032025] [] ? trace_hardirqs_on+0x10/0x10 [ 26.038060] [] ? __lock_acquire+0x2c79/0x4f50 [ 26.044182] [] ? __dev_get_by_index+0x130/0x130 [ 26.050485] [] ? __skb_gso_segment+0x4c0/0x4c0 [ 26.056695] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.063434] [] lock_acquire+0x15e/0x450 [ 26.070122] [] ? sch_direct_xmit+0x238/0x700 [ 26.076250] [] _raw_spin_lock+0x38/0x50 [ 26.081959] [] ? sch_direct_xmit+0x238/0x700 [ 26.087992] [] sch_direct_xmit+0x238/0x700 [ 26.093866] [] ? dev_deactivate_queue.constprop.0+0x160/0x160 [ 26.101376] [] __dev_queue_xmit+0xd24/0x1bb0 [ 26.107411] [] ? __dev_queue_xmit+0x1d7/0x1bb0 [ 26.113618] [] ? trace_hardirqs_on+0x10/0x10 [ 26.119664] [] ? netdev_pick_tx+0x2f0/0x2f0 [ 26.125624] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.132525] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.139254] [] ? memcpy+0x46/0x50 [ 26.144333] [] dev_queue_xmit+0x18/0x20 [ 26.149954] [] neigh_resolve_output+0x4a0/0x7a0 [ 26.156248] [] ? ip6_finish_output2+0x9c7/0x1dc0 [ 26.162760] [] ip6_finish_output2+0x9c7/0x1dc0 [ 26.168986] [] ? ip6_finish_output2+0x1e1/0x1dc0 [ 26.175385] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.182117] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.188849] [] ? ip6_forward_finish+0x4a0/0x4a0 [ 26.195148] [] ? check_preemption_disabled+0x3c/0x200 [ 26.201967] [] ? check_preemption_disabled+0x3c/0x200 [ 26.208794] [] ? ip6_mtu+0x21f/0x340 [ 26.214136] [] ip6_finish_output+0x2f3/0x750 [ 26.220170] [] ip6_output+0x1b4/0x520 [ 26.225597] [] ? ip6_finish_output+0x750/0x750 [ 26.231803] [] ? nf_iterate+0x220/0x220 [ 26.237413] [] ? ip6_fragment+0x3210/0x3210 [ 26.243359] [] ndisc_send_skb+0x98d/0x1110 [ 26.249218] [] ? ndisc_send_skb+0x779/0x1110 [ 26.255254] [] ? ndisc_alloc_skb+0x330/0x330 [ 26.261288] [] ? compat_ipv6_setsockopt+0x1d0/0x1d0 [ 26.267942] [] ? memcpy+0x46/0x50 [ 26.273039] [] ? ndisc_fill_addr_option+0x19b/0x1f0 [ 26.279678] [] ndisc_send_ns+0x4bf/0x6b0 [ 26.285380] [] ? trace_hardirqs_on+0xd/0x10 [ 26.291330] [] ? ndisc_netdev_event+0x360/0x360 [ 26.297625] [] ? ipv6_chk_addr_and_flags+0x3a6/0x530 [ 26.304353] [] ? ipv6_chk_addr_and_flags+0x69/0x530 [ 26.311005] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 26.317920] [] ndisc_solicit+0x2b2/0x440 [ 26.323607] [] ? ndisc_send_ns+0x6b0/0x6b0 [ 26.329468] [] ? ndisc_send_ns+0x6b0/0x6b0 [ 26.335330] [] neigh_probe+0xc8/0x100 [ 26.340765] [] __neigh_event_send+0x2ab/0xc50 [ 26.346888] [] ? __local_bh_enable_ip+0x6a/0xe0 [ 26.353178] [] ? _raw_write_unlock_bh+0x31/0x40 [ 26.360698] [] neigh_resolve_output+0x5ec/0x7a0 [ 26.366993] [] ip6_finish_output2+0x9c7/0x1dc0 [ 26.373217] [] ? ip6_finish_output2+0x1e1/0x1dc0 [ 26.379615] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.386343] [] ? ip6_forward_finish+0x4a0/0x4a0 [ 26.392741] [] ? check_preemption_disabled+0x3c/0x200 [ 26.399566] [] ? check_preemption_disabled+0x3c/0x200 [ 26.406508] [] ? ip6_mtu+0x21f/0x340 [ 26.411849] [] ip6_finish_output+0x2f3/0x750 [ 26.417900] [] ip6_output+0x1b4/0x520 [ 26.423341] [] ? ip6_finish_output+0x750/0x750 [ 26.429548] [] ? ip6_fragment+0x3210/0x3210 [ 26.435513] [] ip6_local_out+0x9c/0x180 [ 26.441177] [] ip6_send_skb+0xa2/0x340 [ 26.446697] [] ip6_push_pending_frames+0xbb/0xe0 [ 26.453084] [] icmpv6_push_pending_frames+0x336/0x530 [ 26.459900] [] icmp6_send+0x1506/0x1b40 [ 26.465518] [] ? icmpv6_push_pending_frames+0x530/0x530 [ 26.472512] [] ? __lock_acquire+0x94f/0x4f50 [ 26.478553] [] ? perf_trace_softirq+0x28a/0x3b0 [ 26.484853] [] ? ipv6_frag_rcv+0x6cc/0x51e0 [ 26.490804] [] icmpv6_param_prob+0x29/0x40 [ 26.496667] [] ipv6_frag_rcv+0x3ce5/0x51e0 [ 26.502531] [] ? ipv6_frags_init_net+0x3e0/0x3e0 [ 26.508952] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.515684] [] ip6_input_finish+0x57d/0x14f0 [ 26.521716] [] ? ip6_rcv_finish+0x670/0x670 [ 26.527662] [] ip6_input+0xf8/0x1f0 [ 26.532916] [] ? ipv6_rcv+0x1a20/0x1a20 [ 26.538644] [] ? ip6_rcv_finish+0x670/0x670 [ 26.544686] [] ip6_rcv_finish+0x14d/0x670 [ 26.550465] [] ipv6_rcv+0xfc1/0x1a20 [ 26.555814] [] ? ipv6_rcv+0xfc/0x1a20 [ 26.561288] [] ? ip6_input_finish+0x14f0/0x14f0 [ 26.567818] [] ? ip6_make_skb+0x3f0/0x3f0 [ 26.573606] [] ? packet_rcv_fanout+0x173/0x5f0 [ 26.579867] [] ? ip6_input_finish+0x14f0/0x14f0 [ 26.586219] [] __netif_receive_skb_core+0x1300/0x2950 [ 26.593040] [] ? dev_loopback_xmit+0x430/0x430 [ 26.599372] [] ? _raw_spin_unlock_irqrestore+0x45/0x70 [ 26.606280] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.613019] [] ? check_preemption_disabled+0x3c/0x200 [ 26.619836] [] __netif_receive_skb+0x58/0x1c0 [ 26.625962] [] process_backlog+0x200/0x630 [ 26.631921] [] ? process_backlog+0x19c/0x630 [ 26.637959] [] ? net_rx_action+0x1fb/0xd30 [ 26.643817] [] net_rx_action+0x367/0xd30 [ 26.649670] [] ? run_timer_softirq+0xf6/0xb70 [ 26.655808] [] ? net_rps_action_and_irq_enable.isra.0+0x170/0x170 [ 26.663765] [] __do_softirq+0x226/0xa3f [ 26.669369] [] do_softirq_own_stack+0x1c/0x30 [ 26.675492] [] do_softirq.part.0+0x54/0x60 [ 26.682099] [] do_softirq+0x18/0x20 [ 26.687352] [] netif_rx_ni+0xeb/0x3b0 [ 26.692797] [] tun_get_user+0xdbf/0x2640 [ 26.698495] [] ? tun_free_netdev+0xb0/0xb0 [ 26.704367] [] ? futex_wait+0x47d/0x600 [ 26.709967] [] ? try_to_wake_up+0x701/0x1110 [ 26.716000] [] ? irq_cpu_online+0x1a0/0x230 [ 26.722034] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.728761] [] ? __tun_get+0x126/0x230 [ 26.734273] [] tun_chr_write_iter+0xda/0x190 [ 26.740310] [] do_iter_readv_writev+0x141/0x1e0 [ 26.746647] [] ? tun_sendmsg+0x140/0x140 [ 26.752345] [] ? vfs_iter_read+0x280/0x280 [ 26.758213] [] ? rw_verify_area+0x103/0x2f0 [ 26.764166] [] ? tun_sendmsg+0x140/0x140 [ 26.769957] [] do_readv_writev+0x387/0x6e0 [ 26.775830] [] ? vfs_write+0x4e0/0x4e0 [ 26.781346] [] ? exit_robust_list+0x220/0x220 [ 26.787479] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.794293] [] ? check_preemption_disabled+0x3c/0x200 [ 26.801106] [] ? check_preemption_disabled+0x3c/0x200 [ 26.807934] [] ? __fget+0x13b/0x370 [ 26.813360] [] ? __fget+0x162/0x370 [ 26.818614] [] ? __fget+0x47/0x370 [ 26.823879] [] vfs_writev+0x7d/0xb0 [ 26.829148] [] SyS_writev+0xdc/0x260 [ 26.834487] [] ? SyS_readv+0x260/0x260 [ 26.840001] [] ? lockdep_sys_exit_thunk+0x12/0x14 [ 26.846479] [] entry_SYSCALL_64_fastpath+0x1e/0x9a