[....] Starting enhanced syslogd: rsyslogd[   12.627369] audit: type=1400 audit(1515863824.909:5): avc:  denied  { syslog } for  pid=3500 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   19.669639] audit: type=1400 audit(1515863831.951:6): avc:  denied  { map } for  pid=3641 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.15.210' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
[   33.685202] audit: type=1400 audit(1515863845.967:7): avc:  denied  { map } for  pid=3658 comm="syzkaller691714" path="/root/syzkaller691714095" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   33.940546] ip (3725) used greatest stack depth: 16672 bytes left
[   33.973433] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
[   34.318799] 
[   34.320437] ============================================
[   34.325865] WARNING: possible recursive locking detected
[   34.331287] 4.15.0-rc7+ #170 Not tainted
[   34.335323] --------------------------------------------
[   34.340743] syzkaller691714/3658 is trying to acquire lock:
[   34.346516]  (_xmit_ETHER#2){+.-.}, at: [<00000000a1f20440>] sch_direct_xmit+0x280/0x6d0
[   34.354727] 
[   34.354727] but task is already holding lock:
[   34.360667]  (_xmit_ETHER#2){+.-.}, at: [<00000000a1f20440>] sch_direct_xmit+0x280/0x6d0
[   34.368877] 
[   34.368877] other info that might help us debug this:
[   34.375517]  Possible unsafe locking scenario:
[   34.375517] 
[   34.381541]        CPU0
[   34.384096]        ----
[   34.386645]   lock(_xmit_ETHER#2);
[   34.390157]   lock(_xmit_ETHER#2);
[   34.393668] 
[   34.393668]  *** DEADLOCK ***
[   34.393668] 
[   34.399692]  May be due to missing lock nesting notation
[   34.399692] 
[   34.406595] 10 locks held by syzkaller691714/3658:
[   34.411496]  #0:  (&tfile->napi_mutex){+.+.}, at: [<000000007ec760ed>] tun_get_user+0xe5a/0x3710
[   34.420397]  #1:  (rcu_read_lock){....}, at: [<00000000f84844cf>] netif_receive_skb_internal+0xa2/0x670
[   34.429991]  #2:  (k-slock-AF_INET){+...}, at: [<000000005313ee64>] icmp_send+0x75e/0x19d0
[   34.438370]  #3:  (rcu_read_lock_bh){....}, at: [<000000001b45b501>] ip_finish_output2+0x2b6/0x1500
[   34.447532]  #4:  (rcu_read_lock_bh){....}, at: [<000000008bd0edf9>] __dev_queue_xmit+0x294/0x2920
[   34.456602]  #5:  (dev->qdisc_running_key ?: &qdisc_running_key){+...}, at: [<000000004886c7c7>] dev_queue_xmit+0x17/0x20
[   34.467668]  #6:  (_xmit_ETHER#2){+.-.}, at: [<00000000a1f20440>] sch_direct_xmit+0x280/0x6d0
[   34.476319]  #7:  (rcu_read_lock_bh){....}, at: [<000000001b45b501>] ip_finish_output2+0x2b6/0x1500
[   34.485487]  #8:  (rcu_read_lock_bh){....}, at: [<000000008bd0edf9>] __dev_queue_xmit+0x294/0x2920
[   34.494558]  #9:  (dev->qdisc_running_key ?: &qdisc_running_key){+...}, at: [<000000004886c7c7>] dev_queue_xmit+0x17/0x20
[   34.505623] 
[   34.505623] stack backtrace:
[   34.510089] CPU: 1 PID: 3658 Comm: syzkaller691714 Not tainted 4.15.0-rc7+ #170
[   34.517504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.526827] Call Trace:
[   34.529395]  dump_stack+0x194/0x257
[   34.532992]  ? arch_local_irq_restore+0x53/0x53
[   34.537633]  __lock_acquire+0xe8f/0x3e00
[   34.541664]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   34.546826]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   34.551993]  ? __lock_acquire+0x664/0x3e00
[   34.556200]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   34.561358]  ? check_noncircular+0x20/0x20
[   34.565563]  ? trace_hardirqs_off+0x10/0x10
[   34.569854]  ? bpf_prog_kallsyms_find+0xbd/0x440
[   34.574580]  ? modules_open+0xa0/0xa0
[   34.578352]  ? trace_raw_output_xdp_redirect_map_err+0x440/0x440
[   34.584468]  ? check_noncircular+0x20/0x20
[   34.588671]  ? is_bpf_text_address+0x7b/0x120
[   34.593139]  ? lock_downgrade+0x980/0x980
[   34.597259]  ? skb_network_protocol+0xef/0x4b0
[   34.601808]  ? reacquire_held_locks+0x1f9/0x3e0
[   34.606449]  ? reacquire_held_locks+0x1f9/0x3e0
[   34.611090]  ? netif_skb_features+0x5ff/0x9b0
[   34.615553]  ? dev_get_by_index_rcu+0x320/0x320
[   34.620198]  lock_acquire+0x1d5/0x580
[   34.623967]  ? lock_acquire+0x1d5/0x580
[   34.627910]  ? sch_direct_xmit+0x280/0x6d0
[   34.632113]  ? lock_release+0xa40/0xa40
[   34.636063]  ? netif_skb_features+0x9b0/0x9b0
[   34.640527]  ? do_raw_spin_trylock+0x190/0x190
[   34.645078]  ? lock_acquire+0x1d5/0x580
[   34.649024]  ? __dev_queue_xmit+0xb37/0x2920
[   34.653413]  _raw_spin_lock+0x2a/0x40
[   34.657185]  ? sch_direct_xmit+0x280/0x6d0
[   34.661388]  sch_direct_xmit+0x280/0x6d0
[   34.665420]  ? dev_deactivate_queue.constprop.30+0x260/0x260
[   34.671188]  __dev_queue_xmit+0x1ce2/0x2920
[   34.675575]  ? netdev_pick_tx+0x300/0x300
[   34.679696]  ? find_held_lock+0x35/0x1d0
[   34.683728]  ? lock_downgrade+0x980/0x980
[   34.687845]  ? check_noncircular+0x20/0x20
[   34.692064]  ? __local_bh_enable_ip+0x121/0x230
[   34.696703]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   34.701688]  ? __neigh_create+0x1657/0x1d90
[   34.705977]  ? __local_bh_enable_ip+0x121/0x230
[   34.710619]  ? _raw_write_unlock_bh+0x30/0x40
[   34.715091]  ? __neigh_create+0xc06/0x1d90
[   34.719295]  ? print_irqtrace_events+0x270/0x270
[   34.724034]  ? ip_finish_output2+0x8d2/0x1500
[   34.728497]  ? lock_downgrade+0x980/0x980
[   34.732611]  ? lock_release+0xa40/0xa40
[   34.736554]  ? mark_held_locks+0xaf/0x100
[   34.740675]  ? memcpy+0x45/0x50
[   34.743923]  dev_queue_xmit+0x17/0x20
[   34.747696]  ? dev_queue_xmit+0x17/0x20
[   34.751637]  neigh_resolve_output+0x5e2/0xa00
[   34.756101]  ? ether_setup+0x2d0/0x2d0
[   34.759957]  ? __neigh_event_send+0x1050/0x1050
[   34.764603]  ? ip_finish_output+0x864/0xd10
[   34.768892]  ? ip_local_out+0x95/0x160
[   34.772753]  ? ip_send_skb+0x3c/0xc0
[   34.776435]  ? ip_push_pending_frames+0x64/0x80
[   34.781074]  ip_finish_output2+0x8d2/0x1500
[   34.785366]  ? ip_copy_metadata+0xac0/0xac0
[   34.789654]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   34.794639]  ? ipt_do_table+0xd0a/0x1330
[   34.798667]  ? trace_hardirqs_on+0xd/0x10
[   34.802782]  ? __local_bh_enable_ip+0x121/0x230
[   34.807423]  ? ipt_do_table+0xd75/0x1330
[   34.811459]  ? ipv4_mtu+0x34d/0x4c0
[   34.815056]  ? find_held_lock+0x35/0x1d0
[   34.819089]  ip_finish_output+0x864/0xd10
[   34.823205]  ? ip_finish_output+0x864/0xd10
[   34.827495]  ? ip_fragment.constprop.47+0x200/0x200
[   34.832478]  ? iptable_mangle_hook+0xa9/0x560
[   34.836945]  ? nf_hook_slow+0xd3/0x1a0
[   34.840803]  ip_mc_output+0x277/0x1360
[   34.844662]  ? ip_queue_xmit+0x18e0/0x18e0
[   34.848865]  ? lock_downgrade+0x980/0x980
[   34.852983]  ? nf_hook_slow+0xd3/0x1a0
[   34.856842]  ? __ip_local_out+0x494/0x7a0
[   34.860960]  ? ip_copy_addrs+0xe0/0xe0
[   34.864822]  ? skb_copy_ubufs+0x1910/0x1910
[   34.869115]  ? ip_fragment.constprop.47+0x200/0x200
[   34.874097]  ? __ip_select_ident+0x168/0x270
[   34.878471]  ? ip_idents_reserve+0x2a0/0x2a0
[   34.882848]  ip_local_out+0x95/0x160
[   34.886530]  iptunnel_xmit+0x556/0x810
[   34.890387]  ip_tunnel_xmit+0x1780/0x3650
[   34.894515]  ? skb_headers_offset_update+0x170/0x290
[   34.899596]  ? ip_md_tunnel_xmit+0x14e0/0x14e0
[   34.904148]  ? save_stack_trace+0x1a/0x20
[   34.908265]  ? skb_copy_ubufs+0x1910/0x1910
[   34.912576]  ? iptunnel_handle_offloads+0x3a3/0x710
[   34.917569]  __gre_xmit+0x546/0x8b0
[   34.921164]  erspan_xmit+0x409/0x13b0
[   34.924936]  ? prepare_fb_xmit+0x9a0/0x9a0
[   34.929139]  ? __lock_is_held+0xb6/0x140
[   34.933174]  dev_hard_start_xmit+0x24e/0xac0
[   34.937553]  ? validate_xmit_skb_list+0x120/0x120
[   34.942365]  ? netif_skb_features+0x5ff/0x9b0
[   34.946838]  ? lock_acquire+0x1d5/0x580
[   34.950779]  ? lock_acquire+0x1d5/0x580
[   34.954722]  ? sch_direct_xmit+0x280/0x6d0
[   34.958926]  ? lock_release+0xa40/0xa40
[   34.962868]  ? netif_skb_features+0x9b0/0x9b0
[   34.967338]  ? do_raw_spin_trylock+0x190/0x190
[   34.971893]  ? lock_acquire+0x1d5/0x580
[   34.975859]  ? __dev_queue_xmit+0xb37/0x2920
[   34.980250]  sch_direct_xmit+0x31d/0x6d0
[   34.984289]  ? dev_deactivate_queue.constprop.30+0x260/0x260
[   34.990063]  __dev_queue_xmit+0x1ce2/0x2920
[   34.994359]  ? netdev_pick_tx+0x300/0x300
[   34.998480]  ? find_held_lock+0x35/0x1d0
[   35.002513]  ? lock_downgrade+0x980/0x980
[   35.006632]  ? check_noncircular+0x20/0x20
[   35.010839]  ? __local_bh_enable_ip+0x121/0x230
[   35.015483]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   35.020488]  ? __neigh_create+0x1657/0x1d90
[   35.024779]  ? __local_bh_enable_ip+0x121/0x230
[   35.029420]  ? _raw_write_unlock_bh+0x30/0x40
[   35.033898]  ? __neigh_create+0xc06/0x1d90
[   35.038120]  ? print_irqtrace_events+0x270/0x270
[   35.042871]  ? ip_finish_output2+0x8d2/0x1500
[   35.047350]  ? lock_downgrade+0x980/0x980
[   35.051467]  ? lock_release+0xa40/0xa40
[   35.055409]  ? mark_held_locks+0xaf/0x100
[   35.059527]  ? memcpy+0x45/0x50
[   35.062778]  dev_queue_xmit+0x17/0x20
[   35.066558]  ? dev_queue_xmit+0x17/0x20
[   35.070504]  neigh_resolve_output+0x5e2/0xa00
[   35.074974]  ? ether_setup+0x2d0/0x2d0
[   35.078835]  ? __neigh_event_send+0x1050/0x1050
[   35.083490]  ? tun_get_user+0x262e/0x3710
[   35.087616]  ? tun_chr_write_iter+0xb9/0x160
[   35.091997]  ? do_iter_readv_writev+0x525/0x7f0
[   35.096651]  ip_finish_output2+0x8d2/0x1500
[   35.100942]  ? ip_copy_metadata+0xac0/0xac0
[   35.105230]  ? check_noncircular+0x20/0x20
[   35.109441]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   35.114430]  ? ipt_do_table+0xd0a/0x1330
[   35.118461]  ? trace_hardirqs_on+0xd/0x10
[   35.122580]  ? __local_bh_enable_ip+0x121/0x230
[   35.127218]  ? ipt_do_table+0xd75/0x1330
[   35.131252]  ? ipv4_mtu+0x34d/0x4c0
[   35.134851]  ? rt_cpu_seq_show+0x2c0/0x2c0
[   35.139065]  ? find_held_lock+0x35/0x1d0
[   35.143098]  ip_finish_output+0x864/0xd10
[   35.147214]  ? ip_finish_output+0x864/0xd10
[   35.151504]  ? ip_fragment.constprop.47+0x200/0x200
[   35.156492]  ? iptable_mangle_hook+0xa9/0x560
[   35.160960]  ? nf_hook_slow+0xd3/0x1a0
[   35.164822]  ip_mc_output+0x277/0x1360
[   35.168678]  ? ip_queue_xmit+0x18e0/0x18e0
[   35.172880]  ? lock_downgrade+0x980/0x980
[   35.177004]  ? nf_hook_slow+0xd3/0x1a0
[   35.180860]  ? __ip_local_out+0x494/0x7a0
[   35.184983]  ? ip_copy_addrs+0xe0/0xe0
[   35.188845]  ? dst_release+0x3d/0x90
[   35.192529]  ? __ip_make_skb+0xfd7/0x1860
[   35.196645]  ? ip_fragment.constprop.47+0x200/0x200
[   35.201629]  ip_local_out+0x95/0x160
[   35.205313]  ip_send_skb+0x3c/0xc0
[   35.208822]  ip_push_pending_frames+0x64/0x80
[   35.213291]  icmp_push_reply+0x395/0x4f0
[   35.217321]  icmp_send+0x1148/0x19d0
[   35.221009]  ? icmp_route_lookup.constprop.24+0x1360/0x1360
[   35.226689]  ? check_noncircular+0x20/0x20
[   35.230891]  ? __lock_acquire+0x664/0x3e00
[   35.235098]  ? __is_insn_slot_addr+0x1fc/0x330
[   35.239650]  ? find_held_lock+0x35/0x1d0
[   35.243681]  ? lock_downgrade+0x980/0x980
[   35.247796]  ? lock_release+0xa40/0xa40
[   35.251738]  ip_options_compile+0xc21/0x1a50
[   35.256115]  ? ip_forward+0x1ce0/0x1ce0
[   35.260055]  ? ip_route_input_rcu+0x31b0/0x31b0
[   35.264692]  ip_rcv_finish+0x80f/0x1e30
[   35.268634]  ? inet_del_offload+0x40/0x40
[   35.272749]  ? ip_rcv+0xf22/0x1840
[   35.276255]  ? lock_downgrade+0x980/0x980
[   35.280370]  ? nf_nat_ipv4_in+0x1cd/0x270
[   35.284483]  ? iptable_nat_ipv4_fn+0x40/0x40
[   35.288862]  ? nf_hook_slow+0xd3/0x1a0
[   35.292720]  ip_rcv+0xc5a/0x1840
[   35.296053]  ? ip_local_deliver+0x6e0/0x6e0
[   35.300347]  ? inet_del_offload+0x40/0x40
[   35.304472]  ? ip_local_deliver+0x6e0/0x6e0
[   35.308768]  __netif_receive_skb_core+0x1a41/0x3460
[   35.313753]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   35.318915]  ? nf_ingress+0x9f0/0x9f0
[   35.322687]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   35.327845]  ? __skb_flow_get_ports+0x420/0x420
[   35.332482]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   35.337638]  ? check_noncircular+0x20/0x20
[   35.341840]  ? check_noncircular+0x20/0x20
[   35.346048]  ? lock_release+0xa40/0xa40
[   35.350007]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   35.355080]  ? print_irqtrace_events+0x270/0x270
[   35.359805]  ? lock_downgrade+0x980/0x980
[   35.363927]  ? pvclock_read_flags+0x160/0x160
[   35.368400]  ? mark_held_locks+0xaf/0x100
[   35.372525]  ? lock_acquire+0x1d5/0x580
[   35.376479]  ? lock_acquire+0x1d5/0x580
[   35.380450]  ? netif_receive_skb_internal+0xa2/0x670
[   35.385536]  ? ktime_get_with_offset+0x2c1/0x420
[   35.390266]  ? lock_release+0xa40/0xa40
[   35.394208]  ? do_gettimeofday+0x190/0x190
[   35.398420]  __netif_receive_skb+0x2c/0x1b0
[   35.402730]  ? __netif_receive_skb+0x2c/0x1b0
[   35.407217]  netif_receive_skb_internal+0x10b/0x670
[   35.412207]  ? dev_cpu_dead+0xb00/0xb00
[   35.416150]  ? net_rx_action+0x1910/0x1910
[   35.420354]  ? eth_type_trans+0x2b2/0x710
[   35.424472]  ? eth_gro_receive+0x820/0x820
[   35.428675]  napi_gro_frags+0x58a/0xaf0
[   35.432706]  ? napi_gro_receive+0x500/0x500
[   35.437001]  ? tun_get_user+0x2605/0x3710
[   35.441125]  tun_get_user+0x262e/0x3710
[   35.445078]  ? tun_build_skb.isra.48+0x17d0/0x17d0
[   35.449979]  ? _raw_spin_unlock+0x22/0x30
[   35.454105]  ? do_huge_pmd_anonymous_page+0xb21/0x1b00
[   35.459362]  ? tun_get+0x1ab/0x2e0
[   35.462885]  ? perf_event_fork+0x30/0x30
[   35.466931]  ? lock_release+0xa40/0xa40
[   35.470877]  ? __lock_is_held+0xb6/0x140
[   35.474910]  ? tun_get+0x1d4/0x2e0
[   35.478432]  ? tun_chr_close+0x60/0x60
[   35.482290]  ? rcu_note_context_switch+0x710/0x710
[   35.487191]  ? vma_link+0xe9/0x170
[   35.490701]  tun_chr_write_iter+0xb9/0x160
[   35.494906]  do_iter_readv_writev+0x525/0x7f0
[   35.499368]  ? vfs_dedupe_file_range+0x8f0/0x8f0
[   35.504093]  ? rw_verify_area+0xe5/0x2b0
[   35.508125]  do_iter_write+0x154/0x540
[   35.511990]  ? iov_iter_get_pages+0x1150/0x1150
[   35.516630]  compat_writev+0x225/0x420
[   35.520497]  ? __fget_light+0x297/0x380
[   35.524439]  ? do_pwritev+0x1a0/0x1a0
[   35.528217]  ? find_held_lock+0x35/0x1d0
[   35.532249]  ? __do_page_fault+0x5f7/0xc90
[   35.536454]  ? __fdget_pos+0x130/0x190
[   35.540310]  ? __fdget_raw+0x20/0x20
[   35.543991]  ? down_read_trylock+0xdb/0x170
[   35.548282]  ? __do_page_fault+0x32d/0xc90
[   35.552493]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   35.557049]  do_compat_writev+0x115/0x220
[   35.561166]  ? do_compat_writev+0x115/0x220
[   35.565457]  ? compat_writev+0x420/0x420
[   35.569487]  compat_SyS_writev+0x26/0x30
[   35.573524]  ? compat_SyS_preadv2+0x90/0x90
[   35.577816]  do_fast_syscall_32+0x3ee/0xf9d
[   35.582109]  ? do_int80_syscall_32+0x9d0/0x9d0
[   35.586659]  ? kasan_check_read+0x11/0x20
[   35.590776]  ? syscall_return_slowpath+0x550/0x550
[   35.595676]  ? SyS_rt_sigaction+0x94/0x1b0
[   35.599879]  ? SyS_sigprocmask+0x4b0/0x4b0
[   35.604095]  ? SyS_read+0x184/0x220
[   35.607707]  ? retint_user+0x18/0x18
[   35.611392]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.616205]  entry_SYSENTER_compat+0x54/0x63
[   35.620580] RIP: 0023:0xf7f38c79
[   35.623913] RSP: 002b:00000000ffcd12e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000092
[   35.631592] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000ffcd1324
[   35.638835] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[   35.646077] RBP: 00000000ffcd1498 R08: 0000000000000000 R09: 0000000000000000
[   35.653326] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   35.660570] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[