[....] Starting enhanced syslogd: rsyslogd[   13.238835] audit: type=1400 audit(1515862338.759:5): avc:  denied  { syslog } for  pid=3516 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   20.344169] audit: type=1400 audit(1515862345.864:6): avc:  denied  { map } for  pid=3657 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.15.193' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
[   26.585921] audit: type=1400 audit(1515862352.106:7): avc:  denied  { map } for  pid=3671 comm="syzkaller489823" path="/root/syzkaller489823328" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   26.969727] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
[   27.319756] 
[   27.321405] ============================================
[   27.326818] WARNING: possible recursive locking detected
[   27.332232] 4.15.0-rc7-mm1+ #56 Not tainted
[   27.336515] --------------------------------------------
[   27.341927] syzkaller489823/3671 is trying to acquire lock:
[   27.347601]  (_xmit_ETHER#2){+.-.}, at: [<00000000c0725a75>] sch_direct_xmit+0x361/0x1140
[   27.355894] 
[   27.355894] but task is already holding lock:
[   27.361835]  (_xmit_ETHER#2){+.-.}, at: [<00000000c0725a75>] sch_direct_xmit+0x361/0x1140
[   27.370124] 
[   27.370124] other info that might help us debug this:
[   27.376753]  Possible unsafe locking scenario:
[   27.376753] 
[   27.382779]        CPU0
[   27.385327]        ----
[   27.387875]   lock(_xmit_ETHER#2);
[   27.391387]   lock(_xmit_ETHER#2);
[   27.394899] 
[   27.394899]  *** DEADLOCK ***
[   27.394899] 
[   27.400920]  May be due to missing lock nesting notation
[   27.400920] 
[   27.407817] 8 locks held by syzkaller489823/3671:
[   27.412622]  #0:  (&tfile->napi_mutex){+.+.}, at: [<00000000c4a946f8>] tun_get_user+0xe6c/0x3940
[   27.421520]  #1:  (rcu_read_lock){....}, at: [<000000001208f841>] netif_receive_skb_internal+0xa2/0x670
[   27.431026]  #2:  (k-slock-AF_INET){+...}, at: [<000000006c14c6ab>] icmp_send+0x758/0x19b0
[   27.439402]  #3:  (rcu_read_lock_bh){....}, at: [<00000000cd2def1d>] ip_finish_output2+0x2aa/0x14f0
[   27.448644]  #4:  (rcu_read_lock_bh){....}, at: [<00000000d0beccd7>] __dev_queue_xmit+0x2d8/0x2b50
[   27.457714]  #5:  (_xmit_ETHER#2){+.-.}, at: [<00000000c0725a75>] sch_direct_xmit+0x361/0x1140
[   27.466438]  #6:  (rcu_read_lock_bh){....}, at: [<00000000cd2def1d>] ip_finish_output2+0x2aa/0x14f0
[   27.475592]  #7:  (rcu_read_lock_bh){....}, at: [<00000000d0beccd7>] __dev_queue_xmit+0x2d8/0x2b50
[   27.484680] 
[   27.484680] stack backtrace:
[   27.489149] CPU: 0 PID: 3671 Comm: syzkaller489823 Not tainted 4.15.0-rc7-mm1+ #56
[   27.496820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.506148] Call Trace:
[   27.508708]  dump_stack+0x194/0x257
[   27.512305]  ? arch_local_irq_restore+0x53/0x53
[   27.516952]  __lock_acquire+0xe8f/0x3e00
[   27.520982]  ? print_lockdep_cache.isra.31+0x109/0x109
[   27.526239]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.531406]  ? __kernel_text_address+0xd/0x40
[   27.535869]  ? unwind_get_return_address+0x61/0xa0
[   27.540771]  ? __save_stack_trace+0x7e/0xd0
[   27.545060]  ? print_lockdep_cache.isra.31+0x109/0x109
[   27.550309]  ? save_stack_trace+0x1a/0x20
[   27.554428]  ? save_trace+0xe0/0x2b0
[   27.558112]  ? __lock_acquire+0x36c0/0x3e00
[   27.562401]  ? skb_network_protocol+0xef/0x4b0
[   27.566951]  ? check_noncircular+0x20/0x20
[   27.571160]  ? netif_skb_features+0x5ff/0x9b0
[   27.575627]  ? dev_get_by_index_rcu+0x320/0x320
[   27.580266]  ? __skb_gso_segment+0x810/0x810
[   27.584643]  lock_acquire+0x1d5/0x580
[   27.588409]  ? lock_acquire+0x1d5/0x580
[   27.592348]  ? sch_direct_xmit+0x361/0x1140
[   27.596643]  ? validate_xmit_skb+0x50d/0xaf0
[   27.601023]  ? lock_release+0xa40/0xa40
[   27.604964]  ? netif_skb_features+0x9b0/0x9b0
[   27.609426]  ? pfifo_fast_dequeue+0x20e/0x870
[   27.613896]  _raw_spin_lock+0x2a/0x40
[   27.617665]  ? sch_direct_xmit+0x361/0x1140
[   27.621952]  sch_direct_xmit+0x361/0x1140
[   27.626072]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   27.631056]  ? pfifo_fast_reset+0x490/0x490
[   27.635345]  ? __lock_is_held+0xb6/0x140
[   27.639376]  __qdisc_run+0x57d/0x19c0
[   27.643146]  ? sch_direct_xmit+0x1140/0x1140
[   27.647522]  ? lock_release+0xa40/0xa40
[   27.651468]  ? __dev_queue_xmit+0x2d8/0x2b50
[   27.655846]  ? pfifo_fast_enqueue+0x2a0/0x420
[   27.660315]  __dev_queue_xmit+0xb62/0x2b50
[   27.664518]  ? netdev_pick_tx+0x300/0x300
[   27.668646]  ? find_held_lock+0x35/0x1d0
[   27.672683]  ? lock_downgrade+0x980/0x980
[   27.676804]  ? check_noncircular+0x20/0x20
[   27.681019]  ? __local_bh_enable_ip+0x121/0x230
[   27.685681]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   27.690671]  ? __neigh_create+0x1657/0x1d90
[   27.694970]  ? __local_bh_enable_ip+0x121/0x230
[   27.699616]  ? _raw_write_unlock_bh+0x30/0x40
[   27.704079]  ? __neigh_create+0xc06/0x1d90
[   27.708282]  ? print_irqtrace_events+0x270/0x270
[   27.713009]  ? ip_finish_output2+0x8c6/0x14f0
[   27.717478]  ? lock_downgrade+0x980/0x980
[   27.721597]  ? lock_release+0xa40/0xa40
[   27.725541]  ? mark_held_locks+0xaf/0x100
[   27.729672]  ? memcpy+0x45/0x50
[   27.732927]  dev_queue_xmit+0x17/0x20
[   27.736694]  ? dev_queue_xmit+0x17/0x20
[   27.740635]  neigh_resolve_output+0x5e2/0xa00
[   27.745109]  ? ether_setup+0x2d0/0x2d0
[   27.748970]  ? __neigh_event_send+0x1040/0x1040
[   27.753618]  ? ip_finish_output+0x864/0xd10
[   27.757905]  ? ip_mc_output+0x271/0x1350
[   27.761933]  ip_finish_output2+0x8c6/0x14f0
[   27.766230]  ? ip_copy_metadata+0xac0/0xac0
[   27.770521]  ? check_noncircular+0x20/0x20
[   27.774722]  ? ipt_do_table+0xdd3/0x13b0
[   27.778766]  ? ipv4_mtu+0x347/0x4c0
[   27.782365]  ? rt_cpu_seq_show+0x2c0/0x2c0
[   27.786575]  ? find_held_lock+0x35/0x1d0
[   27.790617]  ip_finish_output+0x864/0xd10
[   27.794756]  ? ip_finish_output+0x864/0xd10
[   27.799048]  ? ip_fragment.constprop.47+0x200/0x200
[   27.804035]  ? iptable_mangle_hook+0xaf/0x4a0
[   27.808501]  ? nf_hook_slow+0xd3/0x1a0
[   27.812366]  ip_mc_output+0x271/0x1350
[   27.816221]  ? ip_queue_xmit+0x18e0/0x18e0
[   27.820422]  ? lock_downgrade+0x980/0x980
[   27.824540]  ? nf_hook_slow+0xd3/0x1a0
[   27.828396]  ? __ip_local_out+0x494/0x7a0
[   27.832515]  ? ip_copy_addrs+0xe0/0xe0
[   27.836370]  ? skb_copy_ubufs+0x1910/0x1910
[   27.840669]  ? ip_fragment.constprop.47+0x200/0x200
[   27.845663]  ? __ip_select_ident+0x168/0x270
[   27.850042]  ? ip_idents_reserve+0x2a0/0x2a0
[   27.854425]  ip_local_out+0x95/0x160
[   27.858108]  iptunnel_xmit+0x556/0x810
[   27.861962]  ip_tunnel_xmit+0x1780/0x3650
[   27.866080]  ? ip_md_tunnel_xmit+0x14d0/0x14d0
[   27.870635]  ? lock_downgrade+0x980/0x980
[   27.874752]  ? pvclock_read_flags+0x160/0x160
[   27.879215]  ? mark_held_locks+0xaf/0x100
[   27.883332]  ? ktime_get_with_offset+0x188/0x420
[   27.888057]  ? kvm_clock_get_cycles+0x25/0x30
[   27.892519]  ? do_gettimeofday+0x190/0x190
[   27.897782]  __gre_xmit+0x546/0x8b0
[   27.901380]  erspan_xmit+0x7eb/0x2430
[   27.905156]  ? gretap_fb_dev_create+0x250/0x250
[   27.909798]  ? __lock_is_held+0xb6/0x140
[   27.913834]  dev_hard_start_xmit+0x24e/0xac0
[   27.918220]  ? validate_xmit_skb_list+0x120/0x120
[   27.923029]  ? __skb_gso_segment+0x810/0x810
[   27.927405]  ? lock_acquire+0x1d5/0x580
[   27.931345]  ? lock_acquire+0x1d5/0x580
[   27.935292]  ? sch_direct_xmit+0x361/0x1140
[   27.939583]  ? validate_xmit_skb+0x50d/0xaf0
[   27.943966]  ? lock_release+0xa40/0xa40
[   27.947909]  ? netif_skb_features+0x9b0/0x9b0
[   27.952376]  ? pfifo_fast_dequeue+0x20e/0x870
[   27.956842]  sch_direct_xmit+0x40d/0x1140
[   27.960959]  ? pfifo_fast_reset+0x490/0x490
[   27.965259]  ? __lock_is_held+0xb6/0x140
[   27.969297]  __qdisc_run+0x57d/0x19c0
[   27.973068]  ? sch_direct_xmit+0x1140/0x1140
[   27.977445]  ? lock_release+0xa40/0xa40
[   27.981392]  ? __dev_queue_xmit+0x2d8/0x2b50
[   27.985772]  ? pfifo_fast_enqueue+0x2a0/0x420
[   27.990248]  __dev_queue_xmit+0xb62/0x2b50
[   27.994451]  ? netdev_pick_tx+0x300/0x300
[   27.998570]  ? find_held_lock+0x35/0x1d0
[   28.002606]  ? lock_downgrade+0x980/0x980
[   28.006726]  ? check_noncircular+0x20/0x20
[   28.010930]  ? __local_bh_enable_ip+0x121/0x230
[   28.015568]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   28.020554]  ? __neigh_create+0x1657/0x1d90
[   28.024843]  ? __local_bh_enable_ip+0x121/0x230
[   28.029511]  ? _raw_write_unlock_bh+0x30/0x40
[   28.033977]  ? __neigh_create+0xc06/0x1d90
[   28.038181]  ? print_irqtrace_events+0x270/0x270
[   28.042907]  ? ip_finish_output2+0x8c6/0x14f0
[   28.047378]  ? lock_downgrade+0x980/0x980
[   28.051495]  ? lock_release+0xa40/0xa40
[   28.055439]  ? mark_held_locks+0xaf/0x100
[   28.059556]  ? memcpy+0x45/0x50
[   28.062805]  dev_queue_xmit+0x17/0x20
[   28.066575]  ? dev_queue_xmit+0x17/0x20
[   28.070527]  neigh_resolve_output+0x5e2/0xa00
[   28.074988]  ? ether_setup+0x2d0/0x2d0
[   28.078843]  ? __neigh_event_send+0x1040/0x1040
[   28.083489]  ? tun_get_user+0x2760/0x3940
[   28.087604]  ? tun_chr_write_iter+0xb9/0x160
[   28.091980]  ip_finish_output2+0x8c6/0x14f0
[   28.096271]  ? ip_copy_metadata+0xac0/0xac0
[   28.100570]  ? check_noncircular+0x20/0x20
[   28.104777]  ? ipt_do_table+0xdd3/0x13b0
[   28.108810]  ? ipv4_mtu+0x347/0x4c0
[   28.112403]  ? rt_cpu_seq_show+0x2c0/0x2c0
[   28.116612]  ? find_held_lock+0x35/0x1d0
[   28.120660]  ip_finish_output+0x864/0xd10
[   28.124774]  ? ip_finish_output+0x864/0xd10
[   28.129066]  ? ip_fragment.constprop.47+0x200/0x200
[   28.134050]  ? iptable_mangle_hook+0xaf/0x4a0
[   28.138515]  ? nf_hook_slow+0xd3/0x1a0
[   28.142369]  ip_mc_output+0x271/0x1350
[   28.146226]  ? ip_queue_xmit+0x18e0/0x18e0
[   28.150435]  ? lock_downgrade+0x980/0x980
[   28.154562]  ? nf_hook_slow+0xd3/0x1a0
[   28.158422]  ? __ip_local_out+0x494/0x7a0
[   28.162535]  ? ip_copy_addrs+0xe0/0xe0
[   28.166387]  ? dst_release+0x3a/0x90
[   28.170067]  ? __ip_make_skb+0xfd1/0x1850
[   28.174180]  ? ip_fragment.constprop.47+0x200/0x200
[   28.179164]  ip_local_out+0x95/0x160
[   28.182849]  ip_send_skb+0x3c/0xc0
[   28.186354]  ip_push_pending_frames+0x64/0x80
[   28.190821]  icmp_push_reply+0x395/0x4f0
[   28.194855]  icmp_send+0x1136/0x19b0
[   28.198539]  ? icmp_route_lookup.constprop.24+0x1360/0x1360
[   28.204216]  ? check_noncircular+0x20/0x20
[   28.208418]  ? __lock_acquire+0x664/0x3e00
[   28.212623]  ? __debug_object_init+0x235/0x1040
[   28.217260]  ? __is_insn_slot_addr+0x1fc/0x330
[   28.221812]  ? find_held_lock+0x35/0x1d0
[   28.225842]  ? lock_downgrade+0x980/0x980
[   28.229963]  ? lock_release+0xa40/0xa40
[   28.233908]  ip_options_compile+0xc21/0x1a50
[   28.238284]  ? ip_forward+0x1cd0/0x1cd0
[   28.242226]  ? ip_route_input_rcu+0x3180/0x3180
[   28.246863]  ip_rcv_finish+0x80f/0x1e30
[   28.250805]  ? inet_del_offload+0x40/0x40
[   28.254925]  ? ip_rcv+0xf22/0x1840
[   28.258433]  ? lock_downgrade+0x980/0x980
[   28.262554]  ? nf_nat_ipv4_in+0x1cd/0x270
[   28.266669]  ? iptable_nat_ipv4_fn+0x40/0x40
[   28.271048]  ? nf_hook_slow+0xd3/0x1a0
[   28.274905]  ip_rcv+0xc5a/0x1840
[   28.278238]  ? ip_local_deliver+0x6e0/0x6e0
[   28.282531]  ? inet_del_offload+0x40/0x40
[   28.286656]  ? ip_local_deliver+0x6e0/0x6e0
[   28.290949]  __netif_receive_skb_core+0x1a41/0x3460
[   28.295938]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   28.301097]  ? nf_ingress+0x9f0/0x9f0
[   28.304870]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   28.310034]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   28.315200]  ? check_noncircular+0x20/0x20
[   28.319401]  ? check_noncircular+0x20/0x20
[   28.323607]  ? lock_downgrade+0x980/0x980
[   28.327727]  ? lock_release+0xa40/0xa40
[   28.331678]  ? mark_held_locks+0xaf/0x100
[   28.335798]  ? print_irqtrace_events+0x270/0x270
[   28.340523]  ? lock_downgrade+0x980/0x980
[   28.344656]  ? pvclock_read_flags+0x160/0x160
[   28.349118]  ? mark_held_locks+0xaf/0x100
[   28.353233]  ? lock_acquire+0x1d5/0x580
[   28.357174]  ? lock_acquire+0x1d5/0x580
[   28.361115]  ? netif_receive_skb_internal+0xa2/0x670
[   28.366189]  ? ktime_get_with_offset+0x2c1/0x420
[   28.370914]  ? lock_release+0xa40/0xa40
[   28.374853]  ? do_gettimeofday+0x190/0x190
[   28.379061]  __netif_receive_skb+0x2c/0x1b0
[   28.383351]  ? __netif_receive_skb+0x2c/0x1b0
[   28.387820]  netif_receive_skb_internal+0x10b/0x670
[   28.392803]  ? dev_cpu_dead+0xb00/0xb00
[   28.396747]  ? net_rx_action+0x1910/0x1910
[   28.400949]  ? eth_type_trans+0x2b2/0x710
[   28.405063]  ? eth_gro_receive+0x820/0x820
[   28.409267]  napi_gro_frags+0x58a/0xaf0
[   28.413217]  ? napi_gro_receive+0x500/0x500
[   28.417512]  ? tun_get_user+0x2737/0x3940
[   28.421626]  tun_get_user+0x2760/0x3940
[   28.425567]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   28.430734]  ? do_huge_pmd_anonymous_page+0xb1e/0x1b00
[   28.435981]  ? tun_build_skb.isra.49+0x1810/0x1810
[   28.440878]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   28.446037]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   28.451196]  ? avc_has_extended_perms+0x12c0/0x12c0
[   28.456187]  ? find_held_lock+0x35/0x1d0
[   28.460217]  ? tun_get+0x1ab/0x2e0
[   28.463731]  ? lock_release+0xa40/0xa40
[   28.467672]  ? __lock_is_held+0xb6/0x140
[   28.471701]  ? tun_get+0x1d4/0x2e0
[   28.475209]  ? tun_do_read+0x2600/0x2600
[   28.479244]  ? __check_object_size+0x8b/0x530
[   28.483715]  ? rcu_note_context_switch+0x710/0x710
[   28.488615]  tun_chr_write_iter+0xb9/0x160
[   28.492825]  do_iter_readv_writev+0x525/0x7f0
[   28.497287]  ? vfs_dedupe_file_range+0x8f0/0x8f0
[   28.502016]  ? rw_verify_area+0xe5/0x2b0
[   28.506055]  do_iter_write+0x154/0x540
[   28.509910]  ? dup_iter+0x260/0x260
[   28.513507]  vfs_writev+0x18a/0x340
[   28.517105]  ? __fget_light+0x297/0x380
[   28.521053]  ? vfs_iter_write+0xb0/0xb0
[   28.524998]  ? up_read+0x1a/0x40
[   28.528333]  ? __do_page_fault+0x3d6/0xc90
[   28.532537]  ? mm_fault_error+0x2c0/0x2c0
[   28.536655]  ? __fdget_pos+0x130/0x190
[   28.540517]  ? __fdget_raw+0x20/0x20
[   28.544199]  ? __do_page_fault+0xc90/0xc90
[   28.548402]  do_writev+0xfc/0x2a0
[   28.551821]  ? do_writev+0xfc/0x2a0
[   28.555412]  ? vfs_writev+0x340/0x340
[   28.559180]  ? entry_SYSCALL_64_fastpath+0x5/0xa0
[   28.563992]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   28.568983]  SyS_writev+0x27/0x30
[   28.572406]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   28.577128] RIP: 0033:0x444f50
[   28.580318] RSP: 002b:00007ffe8b00ec08 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   28.587991] RAX: ffffffffffffffda RBX: 00000000004a6852 RCX: 0000000000444f50
[   28.595236] RDX: 0000000000000001 RSI: 00007ffe8b00ec40 RDI: 0000000000000003
[   28.602484] RBP: 00007ffe8b00ed38 R08: 000000000000001f R09: 0000000000000000
[   28.609749] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe8b00ed38
[   28.616994] R13: 0000000000402520 R14: 0000000000000000 R15: 0000000000000000
[