[....] Starting enhanced syslogd: rsyslogd[   13.140192] audit: type=1400 audit(1513829921.450:5): avc:  denied  { syslog } for  pid=2993 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   17.373811] audit: type=1400 audit(1513829925.684:6): avc:  denied  { map } for  pid=3133 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added 'ci-upstream-mmots-kasan-gce-9,10.128.15.215' (ECDSA) to the list of known hosts.
2017/12/21 04:18:52 fuzzer started
[   23.948516] audit: type=1400 audit(1513829932.259:7): avc:  denied  { map } for  pid=3144 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2017/12/21 04:18:52 dialing manager at 10.128.0.26:42483
2017/12/21 04:18:55 kcov=true, comps=true
[   27.291629] audit: type=1400 audit(1513829935.602:8): avc:  denied  { map } for  pid=3144 comm="syz-fuzzer" path="/sys/kernel/debug/kcov" dev="debugfs" ino=119 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
2017/12/21 04:18:56 executing program 7:
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = add_key(&(0x7f0000ddf000-0x8)='big_key\x00', &(0x7f0000dac000)={0x73, 0x79, 0x7a, 0x1, 0x0}, &(0x7f00004a0000)="d1dc79ca317dc13c82f18bcf66d1ef4f6f4d9b133eb3253b41b0ca224a937f42fd389e70746f2ed1ab75765826ac38d711120fe353e6106456436c33e1a6b80b2a0a4083e7d184648b9d4b16c6bbb72ae3dc879252b0c4138767e0d142f793dce0fdd9a089f060c4871a9ac2f139043448cd28f0a7923990670a16edc8eb6b16fdfb7c17d494835a118e0f84b5ecb7d217a6", 0x92, 0xfffffffffffffffc)
add_key$keyring(&(0x7f0000001000-0x8)='keyring\x00', &(0x7f0000000000)={0x73, 0x79, 0x7a, 0x1, 0x0}, 0x0, 0x0, r0)
pivot_root(&(0x7f0000001000-0x8)='./file0\x00', &(0x7f0000000000)='./file0\x00')
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000001000-0x10)='/selinux/policy\x00', 0x0, 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r2 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/hash_stats\x00', 0x0, 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
renameat(r1, &(0x7f0000002000-0x8)='./file0\x00', r2, &(0x7f0000001000)='./file0\x00')
connect(r2, &(0x7f0000001000-0x10)=@in={0x2, 0x0, @remote={0xac, 0x14, 0x0, 0xbb}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10)
mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
getsockopt$llc_int(r2, 0x10c, 0x6, &(0x7f0000002000)=0x0, &(0x7f0000002000)=0x4)
keyctl$session_to_parent(0x12)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000001000)={0x9, 0x0, [{0x0, 0x1, 0x6, 0x4, 0x2, 0x7fffffff, 0x8a9, [0x0, 0x0, 0x0]}, {0x80000000, 0x7, 0x2, 0x20, 0xa7, 0x56, 0x80000001, [0x0, 0x0, 0x0]}, {0xc0000001, 0xae7, 0x6, 0x200, 0x800, 0xfffffffffffff000, 0x8000, [0x0, 0x0, 0x0]}, {0x2, 0x4, 0x3, 0x1, 0x100000000, 0x40, 0x7f, [0x0, 0x0, 0x0]}, {0x0, 0xffffffffffffffc1, 0x7, 0xfffffffffffffff7, 0xc116, 0x3f, 0x0, [0x0, 0x0, 0x0]}, {0x8000001d, 0x0, 0x4, 0x61dd, 0x9, 0x100000000, 0xa0000000, [0x0, 0x0, 0x0]}, {0x4, 0x7fffffff, 0x1, 0x4764, 0x101, 0x3, 0x8, [0x0, 0x0, 0x0]}, {0x40000001, 0x7fffffff, 0x1, 0x6, 0x5, 0xffff, 0xfc9, [0x0, 0x0, 0x0]}, {0xc0000007, 0x6aef, 0x2, 0x0, 0x9, 0xa720000, 0x2, [0x0, 0x0, 0x0]}]})
ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000000)={{0x3, 0x8}, {0x20, 0x1}, 0xf5, 0x2, 0x5, [0x0, 0x0, 0x0], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
poll(&(0x7f0000002000)=[], 0x0, 0x8)
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r1, 0x800442d4, &(0x7f0000003000-0x4)=0x8)
sync_file_range(r1, 0x1, 0x200, 0x1)
ioctl$sock_inet_SIOCSIFNETMASK(r1, 0x891c, &(0x7f0000002000)={@syzn={0x73, 0x79, 0x7a, 0x0, 0x0}, @ifru_addrs={0x2, 0x2, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}})
mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000003000)={<r3=>0x0, 0x0})
mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000004000)=@assoc_value={0x0, 0x0}, &(0x7f0000005000-0x4)=0x8)
mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r4 = getpid()
mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000006000-0xe8)={{{@in6=@empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @in6=@loopback={0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {{@in6=@remote={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0}, 0x0, 0x0}, 0x0, @in6=@empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, &(0x7f0000005000)=0xe8)
r6 = getgid()
mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
sendmsg$unix(r2, &(0x7f0000006000-0x38)={&(0x7f0000005000)=@abs={0x1, 0x0, 0x0}, 0x8, &(0x7f0000001000-0x40)=[{&(0x7f0000006000-0x54)="a419aafe184fc0739ea57f59ee18ac7fd78c943466cba2a407a9bd44038785a81bfb94452abb5a3d3f8f96062ce6b7704bb5ff3bbba9ff93ecd9e09c2b6dfdb3cbe23b7d790449ed72e1f4622ea077555d2e030c", 0x54}, {&(0x7f0000006000-0x57)="03ed4d457eb59e4acd7b0a2bc5bf2148066edc6d5fa18b69fd780483efa5de4571b83a5a6a3ce713e808a343a5dd42b2f4368fcc602c23848439177591d4173fbf630e251a978e09c8c844e23661fc2348759984c0e864", 0x57}, {&(0x7f0000003000-0xbd)="d0d3b4b3be60452ca49f57025251465c4560e9271ab2b8c265551dddb889b17ab89737a8b62570284696c5f98b21b8a7bdd4c408f7b721edff52caffe08ddfd51dd6ccec74321fcb1220792a1043912df2cf68e41c1fedabdc622f997a04e62f365b1b6afe7498e43d93507fc3fd5b2b9b626228412040da526c293df11237d84253629185cddd8519c5bd17a327ee1b287c3004f9af109075fc2a95de8f7440f226d798364bb2fd1e697f34a5dcfb98226bcb73733f3d5b9c276a97c6", 0xbd}, {&(0x7f0000002000)="58b6865b666aaf4854c451efa4322af08880db03c993610d145c7cc1b68ac54237e1c6f7", 0x24}], 0x4, &(0x7f0000001000)=[@rights={0x18, 0x1, 0x1, [r3]}, @cred={0x20, 0x1, 0x2, r4, r5, r6}], 0x38, 0x20000041}, 0x40)
2017/12/21 04:18:56 executing program 3:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
mremap(&(0x7f000023e000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f00005b9000/0x1000)=nil)
mremap(&(0x7f0000571000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000361000/0x1000)=nil)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
2017/12/21 04:18:56 executing program 4:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tun(&(0x7f0000f2b000-0xd)='/dev/net/tun\x00', 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000928000-0x28)={@common='gre0\x00', @ifru_settings={0x7de, 0x0, @te1=&(0x7f0000875000-0x10)={0x0, 0x0, 0x0, 0x0}}})
2017/12/21 04:18:56 executing program 5:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tun(&(0x7f0000df4000-0xd)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000173000)=0x1)
perf_event_open(&(0x7f0000b7a000)={0x2, 0x78, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000533000)={@common='bcsf0\x00', @ifru_mtu=0x40000005})
2017/12/21 04:18:56 executing program 0:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000005000)='/dev/sg#\x00', 0x0, 0x8002)
write(r0, &(0x7f0000aa2000-0x32)="b63db8070000000000000000000024d61dcc436aed5ed2bc7018cebc9b97ae21b14d872c678ce22c9b160096aa1fae2afc", 0x31)
readv(r0, &(0x7f0000536000)=[{&(0x7f0000a00000)=""/62, 0x3e}], 0x1)
2017/12/21 04:18:56 executing program 1:
memfd_create(&(0x7f0000043000-0x1)='\x00', 0x0)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x13, &(0x7f0000d06000)=0x1, 0x4)
sendto$inet(r0, &(0x7f0000d0e000-0x103)="", 0x0, 0x20000000, &(0x7f000033f000)={0x2, 0x0, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0xc, &(0x7f0000b62000-0x4)=0x4, 0x4)
2017/12/21 04:18:56 executing program 2:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f0000373000)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, 0x1c)
listen(r0, 0x3)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r1, &(0x7f000005b000-0x1c)={0xa, 0x2, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c)
sendmmsg(r1, &(0x7f0000295000-0x78)=[{{&(0x7f0000798000-0x1c)=@in6={0xa, 0x0, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c, &(0x7f0000aee000-0x20)=[{&(0x7f0000284000-0x1c)='m', 0x1}], 0x1, &(0x7f0000ac1000)=[], 0x0, 0x0}, 0x0}], 0x1, 0x0)
[   28.620993] audit: type=1400 audit(1513829936.931:9): avc:  denied  { map } for  pid=3144 comm="syz-fuzzer" path="/root/syzkaller-shm018978690" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
2017/12/21 04:18:57 executing program 6:
r0 = socket$inet(0x2, 0x4000000805, 0x0)
setsockopt$inet_mreqsrc(r0, 0x0, 0x2d, &(0x7f0000b29000-0xc)={@local={0xac, 0x14, 0x0, 0xaa}, @local={0xac, 0x14, 0x0, 0xaa}, @local={0xac, 0x14, 0x0, 0xaa}}, 0xc)
[   29.845012] audit: type=1400 audit(1513829938.155:10): avc:  denied  { sys_admin } for  pid=3188 comm="syz-executor7" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   30.002755] audit: type=1400 audit(1513829938.313:11): avc:  denied  { sys_chroot } for  pid=3364 comm="syz-executor7" capability=18  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
2017/12/21 04:18:58 executing program 3:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = syz_open_dev$tun(&(0x7f0000c7f000-0xd)='/dev/net/tun\x00', 0x0, 0x0)
connect$inet(r0, &(0x7f0000d07000-0x10)={0x2, 0x0, @empty=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10)
r2 = dup2(r0, r1)
write$tun(r2, &(0x7f0000fd9000)=@pi={0x0, 0x0, @ipv4={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback=0x7f000001, @loopback=0x7f000001, {[]}}, @igmp={0x0, 0x0, 0x0, @multicast1=0xe0000001, ""}}}, 0x20)
writev(r1, &(0x7f0000d9c000)=[{&(0x7f0000669000)="d1", 0x1}], 0x1)
ioctl$DRM_IOCTL_AGP_ALLOC(r2, 0xc0106434, &(0x7f00000ed000-0x10)={0x549, <r3=>0x0, 0x10001, 0x4})
ioctl$EVIOCGRAB(r2, 0x40044590, &(0x7f0000c63000)=0x3)
ioctl$DRM_IOCTL_SG_ALLOC(r2, 0xc0086438, &(0x7f000030d000-0x8)={0x10001, r3})
[   30.048574] audit: type=1400 audit(1513829938.358:12): avc:  denied  { net_admin } for  pid=3392 comm="syz-executor4" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
2017/12/21 04:18:58 executing program 0:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10)
sendto$inet(r0, &(0x7f0000583000-0x1)="e9", 0x1, 0x20000801, &(0x7f0000283000)={0x2, 0x3, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10)
ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000485000)=0x0)
2017/12/21 04:18:58 executing program 4:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10)
sendto$inet(r0, &(0x7f0000583000-0x1)="e9", 0x1, 0x20000801, &(0x7f0000283000)={0x2, 0x3, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10)
recvfrom$inet(r0, &(0x7f00002ef000)=""/4096, 0x1000, 0x1, &(0x7f0000028000-0x10)={0x2, 0x0, @empty=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10)
[   30.167105] 
[   30.168763] ============================================
[   30.174196] WARNING: possible recursive locking detected
[   30.179626] 4.15.0-rc2-mm1+ #39 Not tainted
[   30.183917] --------------------------------------------
[   30.189335] syz-executor5/3413 is trying to acquire lock:
[   30.194843]  (rtnl_mutex){+.+.}, at: [<00000000700d8d9a>] rtnl_lock+0x17/0x20
[   30.202105] 
[   30.202105] but task is already holding lock:
[   30.208042]  (rtnl_mutex){+.+.}, at: [<00000000700d8d9a>] rtnl_lock+0x17/0x20
[   30.215317] 
[   30.215317] other info that might help us debug this:
[   30.221958]  Possible unsafe locking scenario:
[   30.221958] 
[   30.227984]        CPU0
[   30.230533]        ----
[   30.233079]   lock(rtnl_mutex);
[   30.236328]   lock(rtnl_mutex);
[   30.239572] 
[   30.239572]  *** DEADLOCK ***
[   30.239572] 
[   30.245605]  May be due to missing lock nesting notation
[   30.245605] 
[   30.252511] 1 lock held by syz-executor5/3413:
[   30.257065]  #0:  (rtnl_mutex){+.+.}, at: [<00000000700d8d9a>] rtnl_lock+0x17/0x20
[   30.264754] 
[   30.264754] stack backtrace:
[   30.269220] CPU: 0 PID: 3413 Comm: syz-executor5 Not tainted 4.15.0-rc2-mm1+ #39
[   30.276723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.286045] Call Trace:
[   30.288605]  dump_stack+0x194/0x257
[   30.292201]  ? arch_local_irq_restore+0x53/0x53
[   30.296846]  __lock_acquire+0x11cf/0x47f0
[   30.300961]  ? __unwind_start+0x169/0x330
[   30.305080]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   30.310241]  ? save_stack_trace+0x1a/0x20
[   30.314354]  ? __lock_acquire+0x324e/0x47f0
[   30.318642]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   30.323803]  ? __read_once_size_nocheck.constprop.8+0x10/0x10
[   30.329655]  ? do_vfs_ioctl+0x1b1/0x1530
[   30.333694]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   30.338852]  ? unwind_next_frame.part.6+0x1a6/0xb40
[   30.343833]  ? unwind_dump+0x4d0/0x4d0
[   30.347686]  ? check_noncircular+0x20/0x20
[   30.351887]  ? check_noncircular+0x20/0x20
[   30.356095]  ? check_noncircular+0x20/0x20
[   30.360299]  ? __free_insn_slot+0x5c0/0x5c0
[   30.364597]  lock_acquire+0x1d5/0x580
[   30.368366]  ? rtnl_lock+0x17/0x20
[   30.371875]  ? lock_release+0xda0/0xda0
[   30.375816]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   30.381678]  ? rcu_note_context_switch+0x710/0x710
[   30.386582]  ? __might_sleep+0x95/0x190
[   30.390522]  ? rtnl_lock+0x17/0x20
[   30.394035]  __mutex_lock+0x16f/0x1a80
[   30.397889]  ? rtnl_lock+0x17/0x20
[   30.401397]  ? lock_release+0xda0/0xda0
[   30.405343]  ? rtnl_lock+0x17/0x20
[   30.408852]  ? is_bpf_text_address+0xa4/0x120
[   30.413316]  ? mutex_lock_io_nested+0x1900/0x1900
[   30.418129]  ? unwind_get_return_address+0x61/0xa0
[   30.423030]  ? trace_hardirqs_off+0xd/0x10
[   30.427246]  ? _raw_spin_unlock_irqrestore+0xa6/0xba
[   30.432317]  ? depot_save_stack+0x2ca/0x460
[   30.436609]  ? selinux_tun_dev_free_security+0x15/0x20
[   30.441853]  ? save_stack+0xa3/0xd0
[   30.445454]  ? save_stack+0x43/0xd0
[   30.449046]  ? kasan_slab_free+0x71/0xc0
[   30.453075]  ? kfree+0xca/0x250
[   30.456325]  ? selinux_tun_dev_free_security+0x15/0x20
[   30.461569]  ? security_tun_dev_free_security+0x48/0x80
[   30.466910]  ? tun_free_netdev+0x153/0x1f0
[   30.471114]  ? register_netdevice+0x97b/0x1010
[   30.475664]  ? __tun_chr_ioctl+0x1ca3/0x3f10
[   30.480037]  ? tun_chr_ioctl+0x2a/0x40
[   30.483901]  ? do_vfs_ioctl+0x1b1/0x1530
[   30.487935]  ? SyS_ioctl+0x8f/0xc0
[   30.491443]  ? entry_SYSCALL_64_fastpath+0x1f/0x96
[   30.496344]  ? find_held_lock+0x39/0x1d0
[   30.500372]  ? check_noncircular+0x20/0x20
[   30.504576]  ? print_usage_bug+0x3f0/0x3f0
[   30.508779]  ? lock_downgrade+0x980/0x980
[   30.512900]  ? tun_flow_flush+0x41/0xe0
[   30.516843]  ? mark_held_locks+0xb2/0x100
[   30.520970]  ? mark_held_locks+0xb2/0x100
[   30.525094]  ? kfree+0xe4/0x250
[   30.528341]  ? selinux_tun_dev_free_security+0x15/0x20
[   30.533592]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   30.538585]  ? trace_hardirqs_on+0xd/0x10
[   30.542703]  mutex_lock_nested+0x16/0x20
[   30.546733]  ? security_tun_dev_free_security+0x67/0x80
[   30.552073]  ? mutex_lock_nested+0x16/0x20
[   30.556286]  rtnl_lock+0x17/0x20
[   30.559626]  tun_free_netdev+0x158/0x1f0
[   30.563675]  ? tun_xdp+0x410/0x410
[   30.567186]  ? __lockdep_init_map+0xe4/0x650
[   30.571562]  ? tun_detach_all+0xb50/0xb50
[   30.575676]  ? tun_xdp+0x410/0x410
[   30.579193]  register_netdevice+0x97b/0x1010
[   30.583578]  ? netdev_change_features+0x100/0x100
[   30.588393]  ? round_jiffies_up+0xce/0x100
[   30.592598]  ? __round_jiffies_up_relative+0x150/0x150
[   30.598287]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   30.603195]  ? selinux_tun_dev_alloc_security+0x124/0x170
[   30.608710]  __tun_chr_ioctl+0x1ca3/0x3f10
[   30.612919]  ? tun_chr_read_iter+0x1e0/0x1e0
[   30.617297]  ? lock_downgrade+0x980/0x980
[   30.621417]  ? avc_ss_reset+0x110/0x110
[   30.625620]  ? lock_release+0xda0/0xda0
[   30.629562]  ? __lock_is_held+0xbc/0x140
[   30.633604]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   30.639459]  ? tun_chr_compat_ioctl+0x30/0x30
[   30.644424]  tun_chr_ioctl+0x2a/0x40
[   30.649583]  ? tun_chr_ioctl+0x2a/0x40
[   30.653613]  do_vfs_ioctl+0x1b1/0x1530
[   30.657470]  ? _cond_resched+0x14/0x30
[   30.661326]  ? ioctl_preallocate+0x2b0/0x2b0
[   30.665712]  ? selinux_capable+0x40/0x40
[   30.669743]  ? syscall_return_slowpath+0x2ad/0x550
[   30.674639]  ? security_file_ioctl+0x89/0xb0
[   30.679028]  SyS_ioctl+0x8f/0xc0
[   30.682366]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   30.687088] RIP: 0033:0x452a09
[   30.690242] RSP: 002b:00007f01f2495c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010
[   30.698174] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452a09
[   30.705417] RDX: 0000000020533000 RSI: 00000000400454ca RDI: 0000000000000013
[   30.712658] RBP: 00000000000003f2 R08: 0000000000000000 R09: 0000000000000000
[   30.719893] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f2f50
[   30.727129] R13: 00000000ffffffff R14: 00007f01f24966d4 R15: 0000000000000000