[....] Starting enhanced syslogd: rsyslogd[   12.578884] audit: type=1400 audit(1515863529.643:5): avc:  denied  { syslog } for  pid=3510 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.832925] audit: type=1400 audit(1515863535.897:6): avc:  denied  { map } for  pid=3650 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.45' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
[   25.023258] audit: type=1400 audit(1515863542.088:7): avc:  denied  { map } for  pid=3664 comm="syzkaller921568" path="/root/syzkaller921568801" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   25.399326] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
[   25.736847] 
[   25.738488] ============================================
[   25.743909] WARNING: possible recursive locking detected
[   25.749340] 4.15.0-rc7-mm1+ #56 Not tainted
[   25.753629] --------------------------------------------
[   25.759057] syzkaller921568/3664 is trying to acquire lock:
[   25.764735]  (_xmit_ETHER#2){+.-.}, at: [<0000000025eb6ad5>] sch_direct_xmit+0x361/0x1140
[   25.773038] 
[   25.773038] but task is already holding lock:
[   25.778985]  (_xmit_ETHER#2){+.-.}, at: [<0000000025eb6ad5>] sch_direct_xmit+0x361/0x1140
[   25.787294] 
[   25.787294] other info that might help us debug this:
[   25.793939]  Possible unsafe locking scenario:
[   25.793939] 
[   25.799980]        CPU0
[   25.802545]        ----
[   25.805097]   lock(_xmit_ETHER#2);
[   25.808609]   lock(_xmit_ETHER#2);
[   25.812120] 
[   25.812120]  *** DEADLOCK ***
[   25.812120] 
[   25.818149]  May be due to missing lock nesting notation
[   25.818149] 
[   25.825050] 8 locks held by syzkaller921568/3664:
[   25.829881]  #0:  (&tfile->napi_mutex){+.+.}, at: [<0000000064f286fe>] tun_get_user+0xe6c/0x3940
[   25.838792]  #1:  (rcu_read_lock){....}, at: [<00000000b1853424>] netif_receive_skb_internal+0xa2/0x670
[   25.848307]  #2:  (k-slock-AF_INET){+...}, at: [<00000000a094db50>] icmp_send+0x758/0x19b0
[   25.856692]  #3:  (rcu_read_lock_bh){....}, at: [<0000000084f58223>] ip_finish_output2+0x2aa/0x14f0
[   25.865852]  #4:  (rcu_read_lock_bh){....}, at: [<000000007b1d1d53>] __dev_queue_xmit+0x2d8/0x2b50
[   25.874930]  #5:  (_xmit_ETHER#2){+.-.}, at: [<0000000025eb6ad5>] sch_direct_xmit+0x361/0x1140
[   25.883662]  #6:  (rcu_read_lock_bh){....}, at: [<0000000084f58223>] ip_finish_output2+0x2aa/0x14f0
[   25.892824]  #7:  (rcu_read_lock_bh){....}, at: [<000000007b1d1d53>] __dev_queue_xmit+0x2d8/0x2b50
[   25.901904] 
[   25.901904] stack backtrace:
[   25.906380] CPU: 0 PID: 3664 Comm: syzkaller921568 Not tainted 4.15.0-rc7-mm1+ #56
[   25.914057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.923474] Call Trace:
[   25.926043]  dump_stack+0x194/0x257
[   25.929649]  ? arch_local_irq_restore+0x53/0x53
[   25.934291]  __lock_acquire+0xe8f/0x3e00
[   25.938415]  ? print_lockdep_cache.isra.31+0x109/0x109
[   25.943664]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   25.948828]  ? __kernel_text_address+0xd/0x40
[   25.953294]  ? unwind_get_return_address+0x61/0xa0
[   25.958198]  ? __save_stack_trace+0x7e/0xd0
[   25.962501]  ? print_lockdep_cache.isra.31+0x109/0x109
[   25.967752]  ? save_stack_trace+0x1a/0x20
[   25.971868]  ? save_trace+0xe0/0x2b0
[   25.975550]  ? __lock_acquire+0x36c0/0x3e00
[   25.979845]  ? skb_network_protocol+0xef/0x4b0
[   25.984406]  ? check_noncircular+0x20/0x20
[   25.988611]  ? netif_skb_features+0x5ff/0x9b0
[   25.993076]  ? dev_get_by_index_rcu+0x320/0x320
[   25.997715]  ? __skb_gso_segment+0x810/0x810
[   26.002096]  lock_acquire+0x1d5/0x580
[   26.005875]  ? lock_acquire+0x1d5/0x580
[   26.009821]  ? sch_direct_xmit+0x361/0x1140
[   26.014112]  ? validate_xmit_skb+0x50d/0xaf0
[   26.018491]  ? lock_release+0xa40/0xa40
[   26.022434]  ? netif_skb_features+0x9b0/0x9b0
[   26.026908]  ? pfifo_fast_dequeue+0x20e/0x870
[   26.031383]  _raw_spin_lock+0x2a/0x40
[   26.035153]  ? sch_direct_xmit+0x361/0x1140
[   26.039443]  sch_direct_xmit+0x361/0x1140
[   26.043563]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   26.048548]  ? pfifo_fast_reset+0x490/0x490
[   26.052841]  ? __lock_is_held+0xb6/0x140
[   26.056874]  __qdisc_run+0x57d/0x19c0
[   26.060646]  ? sch_direct_xmit+0x1140/0x1140
[   26.065032]  ? lock_release+0xa40/0xa40
[   26.068982]  ? __dev_queue_xmit+0x2d8/0x2b50
[   26.073371]  ? pfifo_fast_enqueue+0x2a0/0x420
[   26.077843]  __dev_queue_xmit+0xb62/0x2b50
[   26.082054]  ? netdev_pick_tx+0x300/0x300
[   26.086179]  ? check_noncircular+0x20/0x20
[   26.090386]  ? __local_bh_enable_ip+0x121/0x230
[   26.095029]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   26.100021]  ? __neigh_create+0x1657/0x1d90
[   26.104323]  ? __local_bh_enable_ip+0x121/0x230
[   26.108968]  ? _raw_write_unlock_bh+0x30/0x40
[   26.113461]  ? __neigh_create+0xc06/0x1d90
[   26.117669]  ? print_irqtrace_events+0x270/0x270
[   26.122414]  ? ip_finish_output2+0x8c6/0x14f0
[   26.126891]  ? lock_downgrade+0x980/0x980
[   26.131023]  ? lock_release+0xa40/0xa40
[   26.134970]  ? mark_held_locks+0xaf/0x100
[   26.139092]  ? memcpy+0x45/0x50
[   26.142343]  dev_queue_xmit+0x17/0x20
[   26.146123]  ? dev_queue_xmit+0x17/0x20
[   26.150071]  neigh_resolve_output+0x5e2/0xa00
[   26.154535]  ? ether_setup+0x2d0/0x2d0
[   26.158396]  ? __neigh_event_send+0x1040/0x1040
[   26.163039]  ? ip_finish_output+0x864/0xd10
[   26.167333]  ? ip_mc_output+0x271/0x1350
[   26.171363]  ip_finish_output2+0x8c6/0x14f0
[   26.175658]  ? ip_copy_metadata+0xac0/0xac0
[   26.179951]  ? check_noncircular+0x20/0x20
[   26.184156]  ? ipt_do_table+0xdd3/0x13b0
[   26.188190]  ? ipv4_mtu+0x347/0x4c0
[   26.191787]  ? rt_cpu_seq_show+0x2c0/0x2c0
[   26.196007]  ? find_held_lock+0x35/0x1d0
[   26.200044]  ip_finish_output+0x864/0xd10
[   26.204161]  ? ip_finish_output+0x864/0xd10
[   26.208452]  ? ip_fragment.constprop.47+0x200/0x200
[   26.213438]  ? iptable_mangle_hook+0xaf/0x4a0
[   26.217905]  ? nf_hook_slow+0xd3/0x1a0
[   26.221767]  ip_mc_output+0x271/0x1350
[   26.225625]  ? ip_queue_xmit+0x18e0/0x18e0
[   26.229837]  ? lock_downgrade+0x980/0x980
[   26.233960]  ? nf_hook_slow+0xd3/0x1a0
[   26.237817]  ? __ip_local_out+0x494/0x7a0
[   26.241934]  ? ip_copy_addrs+0xe0/0xe0
[   26.245793]  ? skb_copy_ubufs+0x1910/0x1910
[   26.250086]  ? ip_fragment.constprop.47+0x200/0x200
[   26.255071]  ? __ip_select_ident+0x168/0x270
[   26.259450]  ? ip_idents_reserve+0x2a0/0x2a0
[   26.263827]  ip_local_out+0x95/0x160
[   26.267511]  iptunnel_xmit+0x556/0x810
[   26.271369]  ip_tunnel_xmit+0x1780/0x3650
[   26.275497]  ? ip_md_tunnel_xmit+0x14d0/0x14d0
[   26.280048]  ? lock_downgrade+0x980/0x980
[   26.284183]  ? pvclock_read_flags+0x160/0x160
[   26.288658]  ? mark_held_locks+0xaf/0x100
[   26.292782]  ? ktime_get_with_offset+0x188/0x420
[   26.297509]  ? kvm_clock_get_cycles+0x25/0x30
[   26.301976]  ? do_gettimeofday+0x190/0x190
[   26.306199]  __gre_xmit+0x546/0x8b0
[   26.309796]  erspan_xmit+0x7eb/0x2430
[   26.313568]  ? gretap_fb_dev_create+0x250/0x250
[   26.318206]  ? __lock_is_held+0xb6/0x140
[   26.322244]  dev_hard_start_xmit+0x24e/0xac0
[   26.326623]  ? validate_xmit_skb_list+0x120/0x120
[   26.331435]  ? __skb_gso_segment+0x810/0x810
[   26.335816]  ? lock_acquire+0x1d5/0x580
[   26.339759]  ? lock_acquire+0x1d5/0x580
[   26.343705]  ? sch_direct_xmit+0x361/0x1140
[   26.348004]  ? validate_xmit_skb+0x50d/0xaf0
[   26.352398]  ? lock_release+0xa40/0xa40
[   26.356350]  ? netif_skb_features+0x9b0/0x9b0
[   26.360828]  ? pfifo_fast_dequeue+0x20e/0x870
[   26.365299]  sch_direct_xmit+0x40d/0x1140
[   26.369420]  ? pfifo_fast_reset+0x490/0x490
[   26.373711]  ? __lock_is_held+0xb6/0x140
[   26.377743]  __qdisc_run+0x57d/0x19c0
[   26.381525]  ? sch_direct_xmit+0x1140/0x1140
[   26.385908]  ? lock_release+0xa40/0xa40
[   26.389853]  ? __dev_queue_xmit+0x2d8/0x2b50
[   26.394233]  ? pfifo_fast_enqueue+0x2a0/0x420
[   26.398701]  __dev_queue_xmit+0xb62/0x2b50
[   26.402920]  ? netdev_pick_tx+0x300/0x300
[   26.407047]  ? find_held_lock+0x35/0x1d0
[   26.411165]  ? lock_downgrade+0x980/0x980
[   26.415284]  ? check_noncircular+0x20/0x20
[   26.419490]  ? __local_bh_enable_ip+0x121/0x230
[   26.424129]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   26.429120]  ? __neigh_create+0x1657/0x1d90
[   26.433412]  ? __local_bh_enable_ip+0x121/0x230
[   26.438055]  ? _raw_write_unlock_bh+0x30/0x40
[   26.442525]  ? __neigh_create+0xc06/0x1d90
[   26.446735]  ? print_irqtrace_events+0x270/0x270
[   26.451461]  ? ip_finish_output2+0x8c6/0x14f0
[   26.455925]  ? lock_downgrade+0x980/0x980
[   26.460049]  ? lock_release+0xa40/0xa40
[   26.463994]  ? mark_held_locks+0xaf/0x100
[   26.468116]  ? memcpy+0x45/0x50
[   26.471365]  dev_queue_xmit+0x17/0x20
[   26.475139]  ? dev_queue_xmit+0x17/0x20
[   26.479090]  neigh_resolve_output+0x5e2/0xa00
[   26.483558]  ? ether_setup+0x2d0/0x2d0
[   26.487418]  ? __neigh_event_send+0x1040/0x1040
[   26.492060]  ? tun_get_user+0x2760/0x3940
[   26.496187]  ? tun_chr_write_iter+0xb9/0x160
[   26.500569]  ip_finish_output2+0x8c6/0x14f0
[   26.504870]  ? __local_bh_enable_ip+0x121/0x230
[   26.509516]  ? ip_copy_metadata+0xac0/0xac0
[   26.513808]  ? check_noncircular+0x20/0x20
[   26.518016]  ? ipt_do_table+0xdd3/0x13b0
[   26.522052]  ? ipv4_mtu+0x347/0x4c0
[   26.525656]  ? rt_cpu_seq_show+0x2c0/0x2c0
[   26.529858]  ? find_held_lock+0x35/0x1d0
[   26.533893]  ip_finish_output+0x864/0xd10
[   26.538013]  ? ip_finish_output+0x864/0xd10
[   26.542307]  ? ip_fragment.constprop.47+0x200/0x200
[   26.547290]  ? iptable_mangle_hook+0xaf/0x4a0
[   26.551757]  ? nf_hook_slow+0xd3/0x1a0
[   26.555613]  ip_mc_output+0x271/0x1350
[   26.559476]  ? ip_queue_xmit+0x18e0/0x18e0
[   26.563681]  ? lock_downgrade+0x980/0x980
[   26.567810]  ? nf_hook_slow+0xd3/0x1a0
[   26.571669]  ? __ip_local_out+0x494/0x7a0
[   26.575798]  ? ip_copy_addrs+0xe0/0xe0
[   26.579662]  ? dst_release+0x3a/0x90
[   26.583351]  ? __ip_make_skb+0xfd1/0x1850
[   26.587469]  ? ip_fragment.constprop.47+0x200/0x200
[   26.592455]  ip_local_out+0x95/0x160
[   26.596142]  ip_send_skb+0x3c/0xc0
[   26.599651]  ip_push_pending_frames+0x64/0x80
[   26.604120]  icmp_push_reply+0x395/0x4f0
[   26.608151]  icmp_send+0x1136/0x19b0
[   26.611838]  ? icmp_route_lookup.constprop.24+0x1360/0x1360
[   26.617525]  ? check_noncircular+0x20/0x20
[   26.621736]  ? __lock_acquire+0x664/0x3e00
[   26.625941]  ? __debug_object_init+0x235/0x1040
[   26.630579]  ? __is_insn_slot_addr+0x1fc/0x330
[   26.635133]  ? find_held_lock+0x35/0x1d0
[   26.639172]  ? lock_downgrade+0x980/0x980
[   26.643291]  ? lock_release+0xa40/0xa40
[   26.647234]  ip_options_compile+0xc21/0x1a50
[   26.651614]  ? ip_forward+0x1cd0/0x1cd0
[   26.655559]  ? ip_route_input_rcu+0x3180/0x3180
[   26.660201]  ip_rcv_finish+0x80f/0x1e30
[   26.664146]  ? inet_del_offload+0x40/0x40
[   26.668266]  ? ip_rcv+0xf22/0x1840
[   26.671776]  ? lock_downgrade+0x980/0x980
[   26.675895]  ? nf_nat_ipv4_in+0x1cd/0x270
[   26.680018]  ? iptable_nat_ipv4_fn+0x40/0x40
[   26.684400]  ? nf_hook_slow+0xd3/0x1a0
[   26.688256]  ip_rcv+0xc5a/0x1840
[   26.691593]  ? ip_local_deliver+0x6e0/0x6e0
[   26.695885]  ? inet_del_offload+0x40/0x40
[   26.700002]  ? ip_local_deliver+0x6e0/0x6e0
[   26.704309]  __netif_receive_skb_core+0x1a41/0x3460
[   26.709295]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.714457]  ? nf_ingress+0x9f0/0x9f0
[   26.718235]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.723393]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.728561]  ? check_noncircular+0x20/0x20
[   26.732764]  ? check_noncircular+0x20/0x20
[   26.736971]  ? lock_downgrade+0x980/0x980
[   26.741089]  ? lock_release+0xa40/0xa40
[   26.745036]  ? mark_held_locks+0xaf/0x100
[   26.749165]  ? print_irqtrace_events+0x270/0x270
[   26.753893]  ? lock_downgrade+0x980/0x980
[   26.758017]  ? pvclock_read_flags+0x160/0x160
[   26.762487]  ? mark_held_locks+0xaf/0x100
[   26.766611]  ? lock_acquire+0x1d5/0x580
[   26.770557]  ? lock_acquire+0x1d5/0x580
[   26.774502]  ? netif_receive_skb_internal+0xa2/0x670
[   26.779578]  ? ktime_get_with_offset+0x2c1/0x420
[   26.784304]  ? lock_release+0xa40/0xa40
[   26.788252]  ? do_gettimeofday+0x190/0x190
[   26.792457]  __netif_receive_skb+0x2c/0x1b0
[   26.796748]  ? __netif_receive_skb+0x2c/0x1b0
[   26.801214]  netif_receive_skb_internal+0x10b/0x670
[   26.806203]  ? dev_cpu_dead+0xb00/0xb00
[   26.810161]  ? net_rx_action+0x1910/0x1910
[   26.814365]  ? eth_type_trans+0x2b2/0x710
[   26.818480]  ? eth_gro_receive+0x820/0x820
[   26.822686]  napi_gro_frags+0x58a/0xaf0
[   26.826630]  ? napi_gro_receive+0x500/0x500
[   26.830924]  ? tun_get_user+0x2737/0x3940
[   26.835044]  tun_get_user+0x2760/0x3940
[   26.838988]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.844151]  ? do_huge_pmd_anonymous_page+0xb1e/0x1b00
[   26.849409]  ? tun_build_skb.isra.49+0x1810/0x1810
[   26.854310]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.859468]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.864626]  ? trace_hardirqs_on+0xd/0x10
[   26.868745]  ? find_held_lock+0x35/0x1d0
[   26.872777]  ? tun_get+0x1ab/0x2e0
[   26.876288]  ? lock_release+0xa40/0xa40
[   26.880233]  ? __lock_is_held+0xb6/0x140
[   26.884265]  ? tun_get+0x1d4/0x2e0
[   26.887777]  ? tun_do_read+0x2600/0x2600
[   26.891826]  ? __check_object_size+0x8b/0x530
[   26.896293]  ? rcu_note_context_switch+0x710/0x710
[   26.901194]  tun_chr_write_iter+0xb9/0x160
[   26.905408]  do_iter_readv_writev+0x525/0x7f0
[   26.909884]  ? vfs_dedupe_file_range+0x8f0/0x8f0
[   26.914614]  ? rw_verify_area+0xe5/0x2b0
[   26.918666]  do_iter_write+0x154/0x540
[   26.922526]  ? dup_iter+0x260/0x260
[   26.926124]  vfs_writev+0x18a/0x340
[   26.929727]  ? __fget_light+0x297/0x380
[   26.933678]  ? vfs_iter_write+0xb0/0xb0
[   26.937621]  ? up_read+0x1a/0x40
[   26.940967]  ? __do_page_fault+0x3d6/0xc90
[   26.945175]  ? mm_fault_error+0x2c0/0x2c0
[   26.949296]  ? __fdget_pos+0x130/0x190
[   26.953162]  ? __fdget_raw+0x20/0x20
[   26.956845]  ? __do_page_fault+0xc90/0xc90
[   26.961051]  do_writev+0xfc/0x2a0
[   26.964471]  ? do_writev+0xfc/0x2a0
[   26.968074]  ? vfs_writev+0x340/0x340
[   26.971847]  ? entry_SYSCALL_64_fastpath+0x5/0xa0
[   26.976659]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   26.981645]  SyS_writev+0x27/0x30
[   26.985077]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   26.989804] RIP: 0033:0x444f50
[   26.992970] RSP: 002b:00007ffe672f4308 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   27.000654] RAX: ffffffffffffffda RBX: 00000000004a6852 RCX: 0000000000444f50
[   27.007894] RDX: 0000000000000001 RSI: 00007ffe672f4340 RDI: 0000000000000003
[   27.015140] RBP: 00007ffe672f4438 R08: 000000000000001f R09: 0000000000000000
[   27.022382] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe672f4438
[   27.029625] R13: 0000000000402520 R14: 0000000000000000 R15: 0000000000000000
[