[....] Starting enhanced syslogd: rsyslogd[ 13.665739] audit: type=1400 audit(1569554890.638:4): avc: denied { syslog } for pid=1919 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.3' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 35.624603] [ 35.626245] ====================================================== [ 35.632533] [ INFO: possible circular locking dependency detected ] [ 35.638912] 4.4.174+ #17 Not tainted [ 35.642593] ------------------------------------------------------- [ 35.648978] syz-executor594/2080 is trying to acquire lock: [ 35.654662] (_xmit_NETROM){+.-...}, at: [] sch_direct_xmit+0x238/0x700 [ 35.663439] [ 35.663439] but task is already holding lock: [ 35.669383] (&(&q->lock)->rlock){+.-...}, at: [] ipv6_frag_rcv+0x6cc/0x51e0 [ 35.678610] [ 35.678610] which lock already depends on the new lock. [ 35.678610] [ 35.686908] [ 35.686908] the existing dependency chain (in reverse order) is: [ 35.694529] -> #1 (&(&q->lock)->rlock){+.-...}: [ 35.699834] [] lock_acquire+0x15e/0x450 [ 35.706079] [] _raw_spin_lock_irqsave+0x50/0x70 [ 35.713012] [] depot_save_stack+0x20c/0x5f0 [ 35.719599] [] kasan_kmalloc.part.0+0xc6/0xf0 [ 35.726439] [] kasan_kmalloc+0xb7/0xd0 [ 35.732614] [] kasan_slab_alloc+0xf/0x20 [ 35.738941] [] kmem_cache_alloc+0xdc/0x2c0 [ 35.745497] [] inet_getpeer+0x1525/0x1ce0 [ 35.751914] [] ip4_frag_init+0x2a2/0x310 [ 35.758365] [] inet_frag_create+0x1ac/0x14e0 [ 35.765038] [] inet_frag_find+0x64d/0x880 [ 35.771466] [] ip_defrag+0x2fb/0x3b70 [ 35.777570] [] ip_check_defrag+0x3d6/0x5b0 [ 35.784069] [] packet_rcv_fanout+0x51e/0x5f0 [ 35.790740] [] dev_hard_start_xmit+0x654/0x11e0 [ 35.797699] [] sch_direct_xmit+0x2b6/0x700 [ 35.804199] [] __dev_queue_xmit+0xd24/0x1bb0 [ 35.810879] [] dev_queue_xmit+0x18/0x20 [ 35.817126] [] neigh_resolve_output+0x4a0/0x7a0 [ 35.824060] [] ip_finish_output2+0x6a2/0x1280 [ 35.830820] [] ip_do_fragment+0x187c/0x1f70 [ 35.837414] [] ip_fragment.constprop.0+0x14b/0x200 [ 35.844613] [] ip_finish_output+0x3b9/0xc60 [ 35.851206] [] ip_mc_output+0x251/0xae0 [ 35.857453] [] ip_local_out+0x9c/0x180 [ 35.863621] [] ip_send_skb+0x3e/0xc0 [ 35.869614] [] udp_send_skb+0x4fd/0xc70 [ 35.875935] [] udp_push_pending_frames+0x4e/0xe0 [ 35.882957] [] udp_sendpage+0x2ae/0x410 [ 35.889233] [] inet_sendpage+0x223/0x520 [ 35.895557] [] kernel_sendpage+0x95/0xf0 [ 35.901924] [] sock_sendpage+0x8b/0xc0 [ 35.908104] [] pipe_to_sendpage+0x28d/0x3d0 [ 35.914691] [] __splice_from_pipe+0x37e/0x7a0 [ 35.921452] [] splice_from_pipe+0x108/0x170 [ 35.928035] [] generic_splice_sendpage+0x3c/0x50 [ 35.935061] [] SyS_splice+0xd71/0x13a0 [ 35.941304] [] do_fast_syscall_32+0x32d/0xa90 [ 35.948065] [] sysenter_flags_fixed+0xd/0x1a [ 35.954741] -> #0 (_xmit_NETROM){+.-...}: [ 35.959620] [] __lock_acquire+0x37d6/0x4f50 [ 35.966209] [] lock_acquire+0x15e/0x450 [ 35.972514] [] _raw_spin_lock+0x38/0x50 [ 35.978771] [] sch_direct_xmit+0x238/0x700 [ 35.985301] [] __dev_queue_xmit+0xd24/0x1bb0 [ 35.991980] [] dev_queue_xmit+0x18/0x20 [ 35.998222] [] neigh_resolve_output+0x4a0/0x7a0 [ 36.005161] [] ip6_finish_output2+0x9c7/0x1dc0 [ 36.012038] [] ip6_finish_output+0x2f3/0x750 [ 36.018715] [] ip6_output+0x1b4/0x520 [ 36.024784] [] ndisc_send_skb+0x98d/0x1110 [ 36.031298] [] ndisc_send_ns+0x4bf/0x6b0 [ 36.037624] [] ndisc_solicit+0x2b2/0x440 [ 36.043953] [] neigh_probe+0xc8/0x100 [ 36.050020] [] __neigh_event_send+0x2ab/0xc50 [ 36.056780] [] neigh_resolve_output+0x5ec/0x7a0 [ 36.063725] [] ip6_finish_output2+0x9c7/0x1dc0 [ 36.070577] [] ip6_finish_output+0x2f3/0x750 [ 36.077260] [] ip6_output+0x1b4/0x520 [ 36.083341] [] ip6_local_out+0x9c/0x180 [ 36.089584] [] ip6_send_skb+0xa2/0x340 [ 36.095737] [] ip6_push_pending_frames+0xbb/0xe0 [ 36.102763] [] icmpv6_push_pending_frames+0x336/0x530 [ 36.110234] [] icmp6_send+0x1506/0x1b40 [ 36.116474] [] icmpv6_param_prob+0x29/0x40 [ 36.122976] [] ipv6_frag_rcv+0x3f06/0x51e0 [ 36.129477] [] ip6_input_finish+0x57d/0x14f0 [ 36.136174] [] ip6_input+0xf8/0x1f0 [ 36.142066] [] ip6_rcv_finish+0x14d/0x670 [ 36.148480] [] ipv6_rcv+0xfc1/0x1a20 [ 36.154475] [] __netif_receive_skb_core+0x1300/0x2950 [ 36.161945] [] __netif_receive_skb+0x58/0x1c0 [ 36.168858] [] process_backlog+0x200/0x630 [ 36.175364] [] net_rx_action+0x367/0xd30 [ 36.181705] [] __do_softirq+0x226/0xa3f [ 36.187967] [] do_softirq_own_stack+0x1c/0x30 [ 36.194738] [] do_softirq.part.0+0x54/0x60 [ 36.201242] [] do_softirq+0x18/0x20 [ 36.207250] [] netif_rx_ni+0xeb/0x3b0 [ 36.213315] [] tun_get_user+0xdbf/0x2640 [ 36.219643] [] tun_chr_write_iter+0xda/0x190 [ 36.226330] [] do_iter_readv_writev+0x141/0x1e0 [ 36.233269] [] compat_do_readv_writev+0x389/0x6e0 [ 36.240392] [] compat_writev+0xe1/0x150 [ 36.246633] [] compat_SyS_writev+0xdb/0x1c0 [ 36.253219] [] do_fast_syscall_32+0x32d/0xa90 [ 36.259981] [] sysenter_flags_fixed+0xd/0x1a [ 36.266745] [ 36.266745] other info that might help us debug this: [ 36.266745] [ 36.274871] Possible unsafe locking scenario: [ 36.274871] [ 36.280900] CPU0 CPU1 [ 36.285551] ---- ---- [ 36.290189] lock(&(&q->lock)->rlock); [ 36.294396] lock(_xmit_NETROM); [ 36.300683] lock(&(&q->lock)->rlock); [ 36.307393] lock(_xmit_NETROM); [ 36.311065] [ 36.311065] *** DEADLOCK *** [ 36.311065] [ 36.317109] 9 locks held by syz-executor594/2080: [ 36.321923] #0: (rcu_read_lock){......}, at: [] process_backlog+0x19c/0x630 [ 36.331358] #1: (rcu_read_lock){......}, at: [] ip6_input_finish+0x0/0x14f0 [ 36.340787] #2: (&(&q->lock)->rlock){+.-...}, at: [] ipv6_frag_rcv+0x6cc/0x51e0 [ 36.350554] #3: (slock-AF_INET6){+.....}, at: [] icmp6_send+0x7bd/0x1b40 [ 36.359710] #4: (rcu_read_lock){......}, at: [] icmp6_send+0xf44/0x1b40 [ 36.368782] #5: (rcu_read_lock_bh){......}, at: [] ip6_finish_output2+0x1e1/0x1dc0 [ 36.378812] #6: (rcu_read_lock){......}, at: [] ndisc_send_skb+0x779/0x1110 [ 36.388222] #7: (rcu_read_lock_bh){......}, at: [] ip6_finish_output2+0x1e1/0x1dc0 [ 36.398257] #8: (rcu_read_lock_bh){......}, at: [] __dev_queue_xmit+0x1d7/0x1bb0 [ 36.408149] [ 36.408149] stack backtrace: [ 36.412624] CPU: 1 PID: 2080 Comm: syz-executor594 Not tainted 4.4.174+ #17 [ 36.419696] 0000000000000000 f984084438f11272 ffff8801db7064e0 ffffffff81aad1a1 [ 36.427697] ffffffff84057a80 ffff8801d5e817c0 ffffffff83ad36c0 ffffffff83ad3d80 [ 36.435693] ffffffff83ad36c0 ffff8801db706530 ffffffff813abcda ffff8801db706610 [ 36.443694] Call Trace: [ 36.446249] [] dump_stack+0xc1/0x120 [ 36.452328] [] print_circular_bug.cold+0x2f7/0x44e [ 36.458881] [] __lock_acquire+0x37d6/0x4f50 [ 36.464827] [] ? check_usage+0x14e/0x5a0 [ 36.470525] [] ? trace_hardirqs_on+0x10/0x10 [ 36.476568] [] ? __lock_acquire+0x2c79/0x4f50 [ 36.482699] [] ? __dev_get_by_index+0x130/0x130 [ 36.488994] [] ? __skb_gso_segment+0x4c0/0x4c0 [ 36.495199] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 36.501927] [] lock_acquire+0x15e/0x450 [ 36.507524] [] ? sch_direct_xmit+0x238/0x700 [ 36.513555] [] _raw_spin_lock+0x38/0x50 [ 36.519152] [] ? sch_direct_xmit+0x238/0x700 [ 36.525295] [] sch_direct_xmit+0x238/0x700 [ 36.531155] [] ? dev_deactivate_queue.constprop.0+0x160/0x160 [ 36.538764] [] __dev_queue_xmit+0xd24/0x1bb0 [ 36.544796] [] ? __dev_queue_xmit+0x1d7/0x1bb0 [ 36.551000] [] ? trace_hardirqs_on+0x10/0x10 [ 36.557031] [] ? netdev_pick_tx+0x2f0/0x2f0 [ 36.563061] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 36.569787] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 36.576516] [] ? memcpy+0x46/0x50 [ 36.581594] [] dev_queue_xmit+0x18/0x20 [ 36.587192] [] neigh_resolve_output+0x4a0/0x7a0 [ 36.593507] [] ? ip6_finish_output2+0x9c7/0x1dc0 [ 36.599887] [] ip6_finish_output2+0x9c7/0x1dc0 [ 36.606094] [] ? ip6_finish_output2+0x1e1/0x1dc0 [ 36.612477] [] ? ip6_forward_finish+0x4a0/0x4a0 [ 36.618769] [] ? check_preemption_disabled+0x3c/0x200 [ 36.625595] [] ? check_preemption_disabled+0x3c/0x200 [ 36.632421] [] ? ip6_mtu+0x21f/0x340 [ 36.637760] [] ip6_finish_output+0x2f3/0x750 [ 36.643791] [] ip6_output+0x1b4/0x520 [ 36.649225] [] ? ip6_finish_output+0x750/0x750 [ 36.655430] [] ? nf_iterate+0x220/0x220 [ 36.661028] [] ? ip6_fragment+0x3210/0x3210 [ 36.666973] [] ndisc_send_skb+0x98d/0x1110 [ 36.672839] [] ? ndisc_send_skb+0x779/0x1110 [ 36.678869] [] ? ndisc_alloc_skb+0x330/0x330 [ 36.684899] [] ? compat_ipv6_setsockopt+0x1d0/0x1d0 [ 36.691539] [] ? memcpy+0x46/0x50 [ 36.696615] [] ? ndisc_fill_addr_option+0x19b/0x1f0 [ 36.703254] [] ndisc_send_ns+0x4bf/0x6b0 [ 36.709024] [] ? trace_hardirqs_on+0xd/0x10 [ 36.714968] [] ? ndisc_netdev_event+0x360/0x360 [ 36.721261] [] ? ipv6_chk_addr_and_flags+0x3a6/0x530 [ 36.727986] [] ? ipv6_chk_addr_and_flags+0x69/0x530 [ 36.734626] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 36.741533] [] ndisc_solicit+0x2b2/0x440 [ 36.747216] [] ? ndisc_send_ns+0x6b0/0x6b0 [ 36.753074] [] ? ndisc_send_ns+0x6b0/0x6b0 [ 36.758930] [] neigh_probe+0xc8/0x100 [ 36.764354] [] __neigh_event_send+0x2ab/0xc50 [ 36.770474] [] ? __local_bh_enable_ip+0x6a/0xe0 [ 36.776858] [] ? _raw_write_unlock_bh+0x31/0x40 [ 36.783164] [] neigh_resolve_output+0x5ec/0x7a0 [ 36.789487] [] ip6_finish_output2+0x9c7/0x1dc0 [ 36.795697] [] ? ip6_finish_output2+0x1e1/0x1dc0 [ 36.802094] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 36.808936] [] ? ip6_forward_finish+0x4a0/0x4a0 [ 36.815290] [] ? check_preemption_disabled+0x3c/0x200 [ 36.822107] [] ? check_preemption_disabled+0x3c/0x200 [ 36.829012] [] ? ip6_mtu+0x21f/0x340 [ 36.834385] [] ip6_finish_output+0x2f3/0x750 [ 36.840422] [] ip6_output+0x1b4/0x520 [ 36.845848] [] ? ip6_finish_output+0x750/0x750 [ 36.852055] [] ? ip6_fragment+0x3210/0x3210 [ 36.858002] [] ip6_local_out+0x9c/0x180 [ 36.863612] [] ip6_send_skb+0xa2/0x340 [ 36.869125] [] ip6_push_pending_frames+0xbb/0xe0 [ 36.875512] [] icmpv6_push_pending_frames+0x336/0x530 [ 36.882325] [] icmp6_send+0x1506/0x1b40 [ 36.887924] [] ? icmpv6_push_pending_frames+0x530/0x530 [ 36.894914] [] ? print_cfs_rq+0x348/0x1370 [ 36.900772] [] ? perf_trace_softirq+0x28a/0x3b0 [ 36.907064] [] ? ipv6_frag_rcv+0x6cc/0x51e0 [ 36.913030] [] icmpv6_param_prob+0x29/0x40 [ 36.918903] [] ipv6_frag_rcv+0x3f06/0x51e0 [ 36.924774] [] ? ipv6_frags_init_net+0x3e0/0x3e0 [ 36.931256] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 36.937982] [] ip6_input_finish+0x57d/0x14f0 [ 36.944025] [] ? ip6_rcv_finish+0x670/0x670 [ 36.949978] [] ip6_input+0xf8/0x1f0 [ 36.955394] [] ? ipv6_rcv+0x1a20/0x1a20 [ 36.961005] [] ? ip6_rcv_finish+0x670/0x670 [ 36.966962] [] ip6_rcv_finish+0x14d/0x670 [ 36.972741] [] ipv6_rcv+0xfc1/0x1a20 [ 36.978082] [] ? ipv6_rcv+0xfc/0x1a20 [ 36.983548] [] ? ip6_input_finish+0x14f0/0x14f0 [ 36.989844] [] ? ip6_make_skb+0x3f0/0x3f0 [ 36.995619] [] ? packet_rcv_fanout+0x173/0x5f0 [ 37.001825] [] ? ip6_input_finish+0x14f0/0x14f0 [ 37.008121] [] __netif_receive_skb_core+0x1300/0x2950 [ 37.014949] [] ? dev_loopback_xmit+0x430/0x430 [ 37.021153] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 37.027877] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 37.034606] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 37.041333] [] ? check_preemption_disabled+0x3c/0x200 [ 37.048148] [] __netif_receive_skb+0x58/0x1c0 [ 37.054268] [] process_backlog+0x200/0x630 [ 37.060215] [] ? process_backlog+0x19c/0x630 [ 37.066247] [] ? net_rx_action+0x1fb/0xd30 [ 37.072117] [] net_rx_action+0x367/0xd30 [ 37.077803] [] ? rcu_read_lock_sched_held+0x10b/0x130 [ 37.084619] [] ? net_rps_action_and_irq_enable.isra.0+0x170/0x170 [ 37.092478] [] __do_softirq+0x226/0xa3f [ 37.098078] [] do_softirq_own_stack+0x1c/0x30 [ 37.104194] [] do_softirq.part.0+0x54/0x60 [ 37.110791] [] do_softirq+0x18/0x20 [ 37.116052] [] netif_rx_ni+0xeb/0x3b0 [ 37.121482] [] tun_get_user+0xdbf/0x2640 [ 37.127166] [] ? tun_free_netdev+0xb0/0xb0 [ 37.133027] [] ? futex_wait+0x47d/0x600 [ 37.138626] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 37.145354] [] ? __tun_get+0x126/0x230 [ 37.150866] [] tun_chr_write_iter+0xda/0x190 [ 37.156900] [] do_iter_readv_writev+0x141/0x1e0 [ 37.163205] [] ? tun_sendmsg+0x140/0x140 [ 37.168888] [] ? vfs_iter_read+0x280/0x280 [ 37.174745] [] ? rw_verify_area+0x103/0x2f0 [ 37.180692] [] ? tun_sendmsg+0x140/0x140 [ 37.186375] [] compat_do_readv_writev+0x389/0x6e0 [ 37.192839] [] ? vfs_writev+0xb0/0xb0 [ 37.198262] [] ? check_preemption_disabled+0x3c/0x200 [ 37.205078] [] ? __fget+0x13b/0x370 [ 37.210333] [] ? __fget+0x162/0x370 [ 37.215588] [] ? __fget+0x47/0x370 [ 37.220751] [] compat_writev+0xe1/0x150 [ 37.226348] [] compat_SyS_writev+0xdb/0x1c0 [ 37.232299] [] ? compat_SyS_preadv+0x50/0x50 [ 37.238335] [] ? do_fast_syscall_32+0xd6/0xa90 [ 37.244541] [] ? compat_SyS_preadv+0x50/0x50 [ 37.250575] [] do_fast_syscall_32+0x32d/0xa90 [ 37.256707] [] sysenter_flags_fixed+0xd/0x1a