[....] Starting enhanced syslogd: rsyslogd[ 13.395751] audit: type=1400 audit(1516402824.470:5): avc: denied { syslog } for pid=3511 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.324262] audit: type=1400 audit(1516402829.398:6): avc: denied { map } for pid=3651 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.36' (ECDSA) to the list of known hosts. net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz0.router_solicitations = 0 [ 24.566463] audit: type=1400 audit(1516402835.641:7): avc: denied { map } for pid=3665 comm="syzkaller873571" path="/root/syzkaller873571204" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 24.845981] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument executing program [ 25.183517] [ 25.185176] ============================================ [ 25.190594] WARNING: possible recursive locking detected [ 25.196016] 4.15.0-rc8+ #179 Not tainted [ 25.200046] -------------------------------------------- [ 25.205465] syzkaller873571/3665 is trying to acquire lock: [ 25.211143] (&vq->mutex){+.+.}, at: [<00000000341088cb>] vhost_chr_write_iter+0x278/0x1580 [ 25.219622] [ 25.219622] but task is already holding lock: [ 25.225565] (&vq->mutex){+.+.}, at: [<00000000341088cb>] vhost_chr_write_iter+0x278/0x1580 [ 25.234040] [ 25.234040] other info that might help us debug this: [ 25.240680] Possible unsafe locking scenario: [ 25.240680] [ 25.246713] CPU0 [ 25.249277] ---- [ 25.251829] lock(&vq->mutex); [ 25.255079] lock(&vq->mutex); [ 25.258331] [ 25.258331] *** DEADLOCK *** [ 25.258331] [ 25.264357] May be due to missing lock nesting notation [ 25.264357] [ 25.271269] 1 lock held by syzkaller873571/3665: [ 25.275990] #0: (&vq->mutex){+.+.}, at: [<00000000341088cb>] vhost_chr_write_iter+0x278/0x1580 [ 25.284898] [ 25.284898] stack backtrace: [ 25.289367] CPU: 1 PID: 3665 Comm: syzkaller873571 Not tainted 4.15.0-rc8+ #179 [ 25.297045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.306375] Call Trace: [ 25.308938] dump_stack+0x194/0x257 [ 25.312537] ? arch_local_irq_restore+0x53/0x53 [ 25.317192] __lock_acquire+0xe8f/0x3e00 [ 25.321237] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.326400] ? __lock_acquire+0x664/0x3e00 [ 25.330609] ? is_bpf_text_address+0x7b/0x120 [ 25.335082] ? lock_pin_lock+0x360/0x360 [ 25.339112] ? print_irqtrace_events+0x270/0x270 [ 25.343856] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.349015] ? print_irqtrace_events+0x270/0x270 [ 25.353750] ? print_irqtrace_events+0x270/0x270 [ 25.358475] ? lock_release+0xa40/0xa40 [ 25.362422] ? __lock_acquire+0x664/0x3e00 [ 25.366626] ? __lock_acquire+0x664/0x3e00 [ 25.370833] ? __lock_acquire+0x664/0x3e00 [ 25.375044] ? check_noncircular+0x20/0x20 [ 25.379260] ? check_noncircular+0x20/0x20 [ 25.383465] ? find_held_lock+0x35/0x1d0 [ 25.387497] ? __lock_acquire+0x664/0x3e00 [ 25.391702] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.396881] lock_acquire+0x1d5/0x580 [ 25.400654] ? lock_acquire+0x1d5/0x580 [ 25.404618] ? vhost_chr_write_iter+0x278/0x1580 [ 25.409348] ? lock_release+0xa40/0xa40 [ 25.413310] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 25.419167] ? rcu_note_context_switch+0x710/0x710 [ 25.424068] ? __might_sleep+0x95/0x190 [ 25.428119] ? vhost_chr_write_iter+0x278/0x1580 [ 25.432854] __mutex_lock+0x16f/0x1a80 [ 25.436713] ? vhost_chr_write_iter+0x278/0x1580 [ 25.441452] ? vhost_chr_write_iter+0x278/0x1580 [ 25.446176] ? check_noncircular+0x20/0x20 [ 25.450380] ? mutex_lock_io_nested+0x1900/0x1900 [ 25.455197] ? get_mem_cgroup_from_mm+0x49b/0x710 [ 25.460012] ? __lru_cache_add+0x2a4/0x410 [ 25.464219] ? find_held_lock+0x35/0x1d0 [ 25.468254] ? __might_fault+0x110/0x1d0 [ 25.472288] ? lock_downgrade+0x980/0x980 [ 25.476407] ? lock_release+0xa40/0xa40 [ 25.480375] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 25.486229] ? check_noncircular+0x20/0x20 [ 25.490434] ? lru_cache_add+0x1c7/0x3a0 [ 25.494477] ? get_mem_cgroup_from_mm+0x710/0x710 [ 25.499300] ? lru_cache_add_file+0x20/0x20 [ 25.503592] ? __might_sleep+0x95/0x190 [ 25.507538] ? kasan_check_write+0x14/0x20 [ 25.511937] ? copyin+0x91/0xb0 [ 25.515274] ? _copy_from_iter+0x367/0xf30 [ 25.519478] ? find_held_lock+0x35/0x1d0 [ 25.523512] ? copy_page_to_iter+0xe10/0xe10 [ 25.527889] ? lock_downgrade+0x980/0x980 [ 25.532011] mutex_lock_nested+0x16/0x20 [ 25.536042] ? mutex_lock_nested+0x16/0x20 [ 25.540249] vhost_chr_write_iter+0x278/0x1580 [ 25.544810] ? do_raw_spin_trylock+0x190/0x190 [ 25.549363] ? vhost_new_umem_range+0x740/0x740 [ 25.554089] ? _raw_spin_unlock+0x22/0x30 [ 25.558211] ? __handle_mm_fault+0x80e/0x3ce0 [ 25.562688] ? find_held_lock+0x35/0x1d0 [ 25.566720] vhost_net_chr_write_iter+0x59/0x70 [ 25.571371] __vfs_write+0x684/0x970 [ 25.575055] ? kernel_read+0x120/0x120 [ 25.578924] ? _cond_resched+0x14/0x30 [ 25.582783] ? avc_policy_seqno+0x9/0x20 [ 25.586814] ? selinux_file_permission+0x82/0x460 [ 25.591627] ? rw_verify_area+0xe5/0x2b0 [ 25.595659] ? __fdget_raw+0x20/0x20 [ 25.599354] vfs_write+0x189/0x510 [ 25.602865] SyS_write+0xef/0x220 [ 25.606289] ? __do_page_fault+0x3d6/0xc90 [ 25.610493] ? SyS_read+0x220/0x220 [ 25.614100] ? do_fast_syscall_32+0x156/0xf9d [ 25.618569] ? SyS_read+0x220/0x220 [ 25.622169] do_fast_syscall_32+0x3ee/0xf9d [ 25.626463] ? do_int80_syscall_32+0x9d0/0x9d0 [ 25.631020] ? kasan_check_read+0x11/0x20 [ 25.635142] ? syscall_return_slowpath+0x550/0x550 [ 25.640590] ? SyS_rt_sigaction+0x94/0x1b0 [ 25.644796] ? SyS_sigprocmask+0x4b0/0x4b0 [ 25.649001] ? SyS_read+0x184/0x220 [ 25.652599] ? retint_user+0x18/0x18 [ 25.656297] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.661116] entry_SYSENTER_compat+0x54/0x63 [ 25.665496] RIP: 0023:0xf7f35c79 [ 25.668830] RSP: 002b:00000000ffcacf2c EFLAGS: 00000286 ORIG_RAX: 0000000000000004 [ 25.676510] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020e42000 [ 25.683752] RDX: 000000