[....] Starting enhanced syslogd: rsyslogd[ 14.497874] audit: type=1400 audit(1515863316.870:5): avc: denied { syslog } for pid=3545 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 17.638565] audit: type=1400 audit(1515863320.011:6): avc: denied { map } for pid=3685 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.32' (ECDSA) to the list of known hosts. net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz0.router_solicitations = 0 [ 24.061437] audit: type=1400 audit(1515863326.434:7): avc: denied { map } for pid=3701 comm="syzkaller554623" path="/root/syzkaller554623663" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 24.530697] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument executing program [ 24.953641] [ 24.955313] ============================================ [ 24.960737] WARNING: possible recursive locking detected [ 24.966164] 4.15.0-rc7+ #187 Not tainted [ 24.970212] -------------------------------------------- [ 24.975648] syzkaller554623/3701 is trying to acquire lock: [ 24.981330] (_xmit_ETHER#2){+.-.}, at: [<000000002ed00198>] sch_direct_xmit+0x361/0x1140 [ 24.989628] [ 24.989628] but task is already holding lock: [ 24.995568] (_xmit_ETHER#2){+.-.}, at: [<000000002ed00198>] sch_direct_xmit+0x361/0x1140 [ 25.003864] [ 25.003864] other info that might help us debug this: [ 25.010501] Possible unsafe locking scenario: [ 25.010501] [ 25.016528] CPU0 [ 25.019086] ---- [ 25.021644] lock(_xmit_ETHER#2); [ 25.025161] lock(_xmit_ETHER#2); [ 25.028676] [ 25.028676] *** DEADLOCK *** [ 25.028676] [ 25.034706] May be due to missing lock nesting notation [ 25.034706] [ 25.041607] 8 locks held by syzkaller554623/3701: [ 25.046448] #0: (&tfile->napi_mutex){+.+.}, at: [<0000000006e081cb>] tun_get_user+0xe6c/0x3940 [ 25.055355] #1: (rcu_read_lock){....}, at: [<0000000049ffedca>] netif_receive_skb_internal+0xa2/0x670 [ 25.064873] #2: (k-slock-AF_INET){+...}, at: [<000000001ad88698>] icmp_send+0x758/0x19b0 [ 25.073269] #3: (rcu_read_lock_bh){....}, at: [<00000000e077a35b>] ip_finish_output2+0x2aa/0x14f0 [ 25.082434] #4: (rcu_read_lock_bh){....}, at: [<00000000826f73dd>] __dev_queue_xmit+0x2d8/0x2b50 [ 25.091510] #5: (_xmit_ETHER#2){+.-.}, at: [<000000002ed00198>] sch_direct_xmit+0x361/0x1140 [ 25.100244] #6: (rcu_read_lock_bh){....}, at: [<00000000e077a35b>] ip_finish_output2+0x2aa/0x14f0 [ 25.109409] #7: (rcu_read_lock_bh){....}, at: [<00000000826f73dd>] __dev_queue_xmit+0x2d8/0x2b50 [ 25.118499] [ 25.118499] stack backtrace: [ 25.122967] CPU: 1 PID: 3701 Comm: syzkaller554623 Not tainted 4.15.0-rc7+ #187 [ 25.130382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.139711] Call Trace: [ 25.142281] dump_stack+0x194/0x257 [ 25.145897] ? arch_local_irq_restore+0x53/0x53 [ 25.150544] __lock_acquire+0xe8f/0x3e00 [ 25.154578] ? print_lockdep_cache.isra.31+0x109/0x109 [ 25.159834] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.165007] ? __kernel_text_address+0xd/0x40 [ 25.169484] ? unwind_get_return_address+0x61/0xa0 [ 25.174387] ? __save_stack_trace+0x7e/0xd0 [ 25.178688] ? print_lockdep_cache.isra.31+0x109/0x109 [ 25.183952] ? save_stack_trace+0x1a/0x20 [ 25.188077] ? save_trace+0xe0/0x2b0 [ 25.191775] ? __lock_acquire+0x36c0/0x3e00 [ 25.196080] ? skb_network_protocol+0xef/0x4b0 [ 25.200639] ? check_noncircular+0x20/0x20 [ 25.204848] ? netif_skb_features+0x5ff/0x9b0 [ 25.209317] ? dev_get_by_index_rcu+0x320/0x320 [ 25.213961] ? __skb_gso_segment+0x810/0x810 [ 25.218347] lock_acquire+0x1d5/0x580 [ 25.222121] ? lock_acquire+0x1d5/0x580 [ 25.226074] ? sch_direct_xmit+0x361/0x1140 [ 25.230370] ? validate_xmit_skb+0x50d/0xaf0 [ 25.234752] ? lock_release+0xa40/0xa40 [ 25.238700] ? netif_skb_features+0x9b0/0x9b0 [ 25.243167] ? pfifo_fast_dequeue+0x20e/0x870 [ 25.247639] _raw_spin_lock+0x2a/0x40 [ 25.251413] ? sch_direct_xmit+0x361/0x1140 [ 25.255705] sch_direct_xmit+0x361/0x1140 [ 25.259827] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 25.264817] ? pfifo_fast_reset+0x490/0x490 [ 25.269110] ? __lock_is_held+0xb6/0x140 [ 25.273147] __qdisc_run+0x57d/0x19c0 [ 25.276921] ? sch_direct_xmit+0x1140/0x1140 [ 25.281305] ? lock_release+0xa40/0xa40 [ 25.285257] ? __dev_queue_xmit+0x2d8/0x2b50 [ 25.289643] ? pfifo_fast_enqueue+0x2a0/0x420 [ 25.294126] __dev_queue_xmit+0xb62/0x2b50 [ 25.298336] ? netdev_pick_tx+0x300/0x300 [ 25.302458] ? find_held_lock+0x35/0x1d0 [ 25.306498] ? lock_downgrade+0x980/0x980 [ 25.310622] ? check_noncircular+0x20/0x20 [ 25.314831] ? __local_bh_enable_ip+0x121/0x230 [ 25.319470] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 25.324475] ? __neigh_create+0x1657/0x1d90 [ 25.328771] ? __local_bh_enable_ip+0x121/0x230 [ 25.333427] ? _raw_write_unlock_bh+0x30/0x40 [ 25.337897] ? __neigh_create+0xc06/0x1d90 [ 25.342111] ? print_irqtrace_events+0x270/0x270 [ 25.346843] ? ip_finish_output2+0x8c6/0x14f0 [ 25.351311] ? lock_downgrade+0x980/0x980 [ 25.355436] ? lock_release+0xa40/0xa40 [ 25.359381] ? mark_held_locks+0xaf/0x100 [ 25.363506] ? memcpy+0x45/0x50 [ 25.366768] dev_queue_xmit+0x17/0x20 [ 25.370545] ? dev_queue_xmit+0x17/0x20 [ 25.374500] neigh_resolve_output+0x5e2/0xa00 [ 25.378973] ? ether_setup+0x2d0/0x2d0 [ 25.382843] ? __neigh_event_send+0x1040/0x1040 [ 25.387487] ? ip_finish_output+0x864/0xd10 [ 25.391779] ? ip_mc_output+0x271/0x1350 [ 25.395815] ? ip_local_out+0x95/0x160 [ 25.399679] ip_finish_output2+0x8c6/0x14f0 [ 25.403978] ? mark_held_locks+0x10/0x100 [ 25.408100] ? ip_copy_metadata+0xac0/0xac0 [ 25.412397] ? check_noncircular+0x20/0x20 [ 25.416606] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 25.421595] ? ipt_do_table+0xd0a/0x1330 [ 25.425629] ? trace_hardirqs_on+0xd/0x10 [ 25.429775] ? __local_bh_enable_ip+0x121/0x230 [ 25.434419] ? ipt_do_table+0xd75/0x1330 [ 25.438459] ? ipv4_mtu+0x347/0x4c0 [ 25.442059] ? rt_cpu_seq_show+0x2c0/0x2c0 [ 25.446285] ? find_held_lock+0x35/0x1d0 [ 25.450325] ip_finish_output+0x864/0xd10 [ 25.454445] ? ip_finish_output+0x864/0xd10 [ 25.458746] ? ip_fragment.constprop.47+0x200/0x200 [ 25.463742] ? iptable_mangle_hook+0xaf/0x4a0 [ 25.468684] ? nf_hook_slow+0xd3/0x1a0 [ 25.472552] ip_mc_output+0x271/0x1350 [ 25.476422] ? ip_queue_xmit+0x18e0/0x18e0 [ 25.480635] ? lock_downgrade+0x980/0x980 [ 25.484769] ? nf_hook_slow+0xd3/0x1a0 [ 25.488628] ? __ip_local_out+0x494/0x7a0 [ 25.492748] ? ip_copy_addrs+0xe0/0xe0 [ 25.496615] ? skb_copy_ubufs+0x1910/0x1910 [ 25.500914] ? ip_fragment.constprop.47+0x200/0x200 [ 25.505907] ? __ip_select_ident+0x168/0x270 [ 25.510292] ? ip_idents_reserve+0x2a0/0x2a0 [ 25.514675] ip_local_out+0x95/0x160 [ 25.518374] iptunnel_xmit+0x556/0x810 [ 25.522242] ip_tunnel_xmit+0x1780/0x3650 [ 25.526366] ? ip_md_tunnel_xmit+0x14d0/0x14d0 [ 25.530926] ? lock_downgrade+0x980/0x980 [ 25.535079] ? pvclock_read_flags+0x160/0x160 [ 25.539552] ? mark_held_locks+0xaf/0x100 [ 25.543675] ? ktime_get_with_offset+0x188/0x420 [ 25.548412] ? kvm_clock_get_cycles+0x25/0x30 [ 25.552886] ? do_gettimeofday+0x190/0x190 [ 25.557097] __gre_xmit+0x546/0x8b0 [ 25.560697] erspan_xmit+0x7eb/0x2430 [ 25.564473] ? gretap_fb_dev_create+0x250/0x250 [ 25.569117] ? __lock_is_held+0xb6/0x140 [ 25.573158] dev_hard_start_xmit+0x24e/0xac0 [ 25.577545] ? validate_xmit_skb_list+0x120/0x120 [ 25.582361] ? __skb_gso_segment+0x810/0x810 [ 25.586739] ? lock_acquire+0x1d5/0x580 [ 25.590698] ? lock_acquire+0x1d5/0x580 [ 25.594650] ? sch_direct_xmit+0x361/0x1140 [ 25.598947] ? validate_xmit_skb+0x50d/0xaf0 [ 25.603333] ? lock_release+0xa40/0xa40 [ 25.607282] ? netif_skb_features+0x9b0/0x9b0 [ 25.611758] ? pfifo_fast_dequeue+0x20e/0x870 [ 25.616228] sch_direct_xmit+0x40d/0x1140 [ 25.620363] ? pfifo_fast_reset+0x490/0x490 [ 25.624665] ? __lock_is_held+0xb6/0x140 [ 25.628702] __qdisc_run+0x57d/0x19c0 [ 25.632480] ? sch_direct_xmit+0x1140/0x1140 [ 25.636859] ? lock_release+0xa40/0xa40 [ 25.640809] ? __dev_queue_xmit+0x2d8/0x2b50 [ 25.645203] ? pfifo_fast_enqueue+0x2a0/0x420 [ 25.649675] __dev_queue_xmit+0xb62/0x2b50 [ 25.653890] ? netdev_pick_tx+0x300/0x300 [ 25.658029] ? check_noncircular+0x20/0x20 [ 25.662245] ? __local_bh_enable_ip+0x121/0x230 [ 25.666887] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 25.671878] ? __neigh_create+0x1657/0x1d90 [ 25.676171] ? __local_bh_enable_ip+0x121/0x230 [ 25.680825] ? _raw_write_unlock_bh+0x30/0x40 [ 25.685296] ? __neigh_create+0xc06/0x1d90 [ 25.689508] ? print_irqtrace_events+0x270/0x270 [ 25.694240] ? ip_finish_output2+0x8c6/0x14f0 [ 25.698709] ? lock_downgrade+0x980/0x980 [ 25.702831] ? lock_release+0xa40/0xa40 [ 25.706776] ? mark_held_locks+0xaf/0x100 [ 25.710902] ? memcpy+0x45/0x50 [ 25.714160] dev_queue_xmit+0x17/0x20 [ 25.717940] ? dev_queue_xmit+0x17/0x20 [ 25.721888] neigh_resolve_output+0x5e2/0xa00 [ 25.726355] ? ether_setup+0x2d0/0x2d0 [ 25.730912] ? __neigh_event_send+0x1040/0x1040 [ 25.735554] ? tun_get_user+0x2760/0x3940 [ 25.739675] ? tun_chr_write_iter+0xb9/0x160 [ 25.744061] ? do_iter_readv_writev+0x525/0x7f0 [ 25.748708] ip_finish_output2+0x8c6/0x14f0 [ 25.753005] ? mark_held_locks+0x10/0x100 [ 25.757134] ? ip_copy_metadata+0xac0/0xac0 [ 25.761431] ? check_noncircular+0x20/0x20 [ 25.765640] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 25.770631] ? ipt_do_table+0xd0a/0x1330 [ 25.774665] ? trace_hardirqs_on+0xd/0x10 [ 25.778789] ? __local_bh_enable_ip+0x121/0x230 [ 25.783444] ? ipt_do_table+0xd75/0x1330 [ 25.787488] ? ipv4_mtu+0x347/0x4c0 [ 25.791087] ? rt_cpu_seq_show+0x2c0/0x2c0 [ 25.795296] ? find_held_lock+0x35/0x1d0 [ 25.799333] ip_finish_output+0x864/0xd10 [ 25.803456] ? ip_finish_output+0x864/0xd10 [ 25.807749] ? ip_fragment.constprop.47+0x200/0x200 [ 25.812740] ? iptable_mangle_hook+0xaf/0x4a0 [ 25.817226] ? nf_hook_slow+0xd3/0x1a0 [ 25.821090] ip_mc_output+0x271/0x1350 [ 25.824948] ? ip_queue_xmit+0x18e0/0x18e0 [ 25.829159] ? lock_downgrade+0x980/0x980 [ 25.833284] ? nf_hook_slow+0xd3/0x1a0 [ 25.837146] ? __ip_local_out+0x494/0x7a0 [ 25.841268] ? ip_copy_addrs+0xe0/0xe0 [ 25.845132] ? dst_release+0x3a/0x90 [ 25.848818] ? __ip_make_skb+0xfd1/0x1850 [ 25.852937] ? ip_fragment.constprop.47+0x200/0x200 [ 25.857926] ip_local_out+0x95/0x160 [ 25.861613] ip_send_skb+0x3c/0xc0 [ 25.865128] ip_push_pending_frames+0x64/0x80 [ 25.869598] icmp_push_reply+0x395/0x4f0 [ 25.873633] icmp_send+0x1136/0x19b0 [ 25.877325] ? icmp_route_lookup.constprop.24+0x1360/0x1360 [ 25.883013] ? check_noncircular+0x20/0x20 [ 25.887231] ? __lock_acquire+0x664/0x3e00 [ 25.891444] ? __debug_object_init+0x235/0x1040 [ 25.896085] ? __is_insn_slot_addr+0x1fc/0x330 [ 25.900645] ? find_held_lock+0x35/0x1d0 [ 25.904680] ? lock_downgrade+0x980/0x980 [ 25.908802] ? lock_release+0xa40/0xa40 [ 25.912752] ip_options_compile+0xc21/0x1a50 [ 25.917136] ? ip_forward+0x1cd0/0x1cd0 [ 25.921085] ? ip_route_input_rcu+0x3180/0x3180 [ 25.925729] ip_rcv_finish+0x80f/0x1e30 [ 25.929677] ? inet_del_offload+0x40/0x40 [ 25.933820] ? ip_rcv+0xf22/0x1840 [ 25.937334] ? lock_downgrade+0x980/0x980 [ 25.941456] ? nf_nat_ipv4_in+0x1cd/0x270 [ 25.945577] ? iptable_nat_ipv4_fn+0x40/0x40 [ 25.949963] ? nf_hook_slow+0xd3/0x1a0 [ 25.953824] ip_rcv+0xc5a/0x1840 [ 25.957163] ? ip_local_deliver+0x6e0/0x6e0 [ 25.961464] ? inet_del_offload+0x40/0x40 [ 25.965584] ? ip_local_deliver+0x6e0/0x6e0 [ 25.969882] __netif_receive_skb_core+0x1a41/0x3460 [ 25.974873] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.980044] ? nf_ingress+0x9f0/0x9f0 [ 25.983823] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.989006] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.994173] ? check_noncircular+0x20/0x20 [ 25.998380] ? check_noncircular+0x20/0x20 [ 26.002590] ? lock_release+0xa40/0xa40 [ 26.006543] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 26.011624] ? print_irqtrace_events+0x270/0x270 [ 26.016352] ? lock_downgrade+0x980/0x980 [ 26.020477] ? pvclock_read_flags+0x160/0x160 [ 26.024946] ? mark_held_locks+0xaf/0x100 [ 26.029068] ? lock_acquire+0x1d5/0x580 [ 26.033015] ? lock_acquire+0x1d5/0x580 [ 26.036973] ? netif_receive_skb_internal+0xa2/0x670 [ 26.042054] ? ktime_get_with_offset+0x2c1/0x420 [ 26.046784] ? lock_release+0xa40/0xa40 [ 26.050735] ? do_gettimeofday+0x190/0x190 [ 26.054950] __netif_receive_skb+0x2c/0x1b0 [ 26.059245] ? __netif_receive_skb+0x2c/0x1b0 [ 26.063717] netif_receive_skb_internal+0x10b/0x670 [ 26.068726] ? dev_cpu_dead+0xb00/0xb00 [ 26.072677] ? net_rx_action+0x1910/0x1910 [ 26.076883] ? eth_type_trans+0x2b2/0x710 [ 26.081001] ? eth_gro_receive+0x820/0x820 [ 26.085219] napi_gro_frags+0x58a/0xaf0 [ 26.089173] ? napi_gro_receive+0x500/0x500 [ 26.093475] ? tun_get_user+0x2737/0x3940 [ 26.097595] tun_get_user+0x2760/0x3940 [ 26.101545] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.106710] ? do_huge_pmd_anonymous_page+0xb21/0x1b00 [ 26.111967] ? tun_build_skb.isra.49+0x1810/0x1810 [ 26.116876] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.122044] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.127210] ? avc_has_extended_perms+0x12c0/0x12c0 [ 26.132204] ? find_held_lock+0x35/0x1d0 [ 26.136239] ? tun_get+0x1ab/0x2e0 [ 26.139752] ? lock_release+0xa40/0xa40 [ 26.143705] ? __lock_is_held+0xb6/0x140 [ 26.147742] ? tun_get+0x1d4/0x2e0 [ 26.151257] ? tun_do_read+0x2600/0x2600 [ 26.155292] ? __check_object_size+0x25d/0x4f0 [ 26.159852] ? rcu_note_context_switch+0x710/0x710 [ 26.164760] tun_chr_write_iter+0xb9/0x160 [ 26.168973] do_iter_readv_writev+0x525/0x7f0 [ 26.173443] ? vfs_dedupe_file_range+0x8f0/0x8f0 [ 26.178172] ? rw_verify_area+0xe5/0x2b0 [ 26.182205] do_iter_write+0x154/0x540 [ 26.186081] ? dup_iter+0x260/0x260 [ 26.189685] vfs_writev+0x18a/0x340 [ 26.193292] ? __fget_light+0x297/0x380 [ 26.197238] ? vfs_iter_write+0xb0/0xb0 [ 26.201187] ? up_read+0x1a/0x40 [ 26.204529] ? __do_page_fault+0x3d6/0xc90 [ 26.208742] ? mm_fault_error+0x2c0/0x2c0 [ 26.212881] ? __fdget_pos+0x130/0x190 [ 26.216748] ? __fdget_raw+0x20/0x20 [ 26.220438] ? __do_page_fault+0xc90/0xc90 [ 26.224649] do_writev+0xfc/0x2a0 [ 26.228078] ? do_writev+0xfc/0x2a0 [ 26.231678] ? vfs_writev+0x340/0x340 [ 26.235459] ? entry_SYSCALL_64_fastpath+0x5/0x9a [ 26.240290] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 26.245283] SyS_writev+0x27/0x30 [ 26.248889] entry_SYSCALL_64_fastpath+0x23/0x9a [ 26.253617] RIP: 0033:0x444f50 [ 26.256784] RSP: 002b:00007ffe95ccaea8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 26.264469] RAX: ffffffffffffffda RBX: 00000000004a6852 RCX: 0000000000444f50 [ 26.271709] RDX: 0000000000000001 RSI: 00007ffe95ccaee0 RDI: 0000000000000003 [ 26.278966] RBP: 00007ffe95ccafd8 R08: 0000000000000023 R09: 0000000000000000 [ 26.286213] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe95ccafd8 [ 26.293458] R13: 0000000000402520 R14: 0000000000000000 R15: 0000000000000000 [