[....] Starting enhanced syslogd: rsyslogd[   13.397986] audit: type=1400 audit(1515862074.534:5): avc:  denied  { syslog } for  pid=3502 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.655547] audit: type=1400 audit(1515862079.792:6): avc:  denied  { map } for  pid=3641 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
[   24.959860] audit: type=1400 audit(1515862086.096:7): avc:  denied  { map } for  pid=3655 comm="syzkaller777475" path="/root/syzkaller777475787" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   25.246763] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
[   25.609256] 
[   25.610942] ============================================
[   25.616365] WARNING: possible recursive locking detected
[   25.621790] 4.15.0-rc7+ #260 Not tainted
[   25.625828] --------------------------------------------
[   25.631261] syzkaller777475/3655 is trying to acquire lock:
[   25.636942]  (_xmit_ETHER#2){+.-.}, at: [<000000006aa61962>] sch_direct_xmit+0x280/0x6d0
[   25.645169] 
[   25.645169] but task is already holding lock:
[   25.651110]  (_xmit_ETHER#2){+.-.}, at: [<000000006aa61962>] sch_direct_xmit+0x280/0x6d0
[   25.659327] 
[   25.659327] other info that might help us debug this:
[   25.665962]  Possible unsafe locking scenario:
[   25.665962] 
[   25.671988]        CPU0
[   25.674543]        ----
[   25.677095]   lock(_xmit_ETHER#2);
[   25.680609]   lock(_xmit_ETHER#2);
[   25.684123] 
[   25.684123]  *** DEADLOCK ***
[   25.684123] 
[   25.690153]  May be due to missing lock nesting notation
[   25.690153] 
[   25.697065] 10 locks held by syzkaller777475/3655:
[   25.701963]  #0:  (&tfile->napi_mutex){+.+.}, at: [<00000000b5222ea0>] tun_get_user+0xe5a/0x3710
[   25.710870]  #1:  (rcu_read_lock){....}, at: [<00000000b7e14a12>] netif_receive_skb_internal+0xa2/0x670
[   25.720384]  #2:  (k-slock-AF_INET){+...}, at: [<00000000e4bbe909>] icmp_send+0x75e/0x19d0
[   25.728774]  #3:  (rcu_read_lock_bh){....}, at: [<00000000c547f0a6>] ip_finish_output2+0x2b6/0x1500
[   25.737941]  #4:  (rcu_read_lock_bh){....}, at: [<000000007d306e59>] __dev_queue_xmit+0x294/0x2920
[   25.747022]  #5:  (dev->qdisc_running_key ?: &qdisc_running_key){+...}, at: [<00000000ac5838bd>] dev_queue_xmit+0x17/0x20
[   25.758112]  #6:  (_xmit_ETHER#2){+.-.}, at: [<000000006aa61962>] sch_direct_xmit+0x280/0x6d0
[   25.766755]  #7:  (rcu_read_lock_bh){....}, at: [<00000000c547f0a6>] ip_finish_output2+0x2b6/0x1500
[   25.775932]  #8:  (rcu_read_lock_bh){....}, at: [<000000007d306e59>] __dev_queue_xmit+0x294/0x2920
[   25.785012]  #9:  (dev->qdisc_running_key ?: &qdisc_running_key){+...}, at: [<00000000ac5838bd>] dev_queue_xmit+0x17/0x20
[   25.796104] 
[   25.796104] stack backtrace:
[   25.800619] CPU: 1 PID: 3655 Comm: syzkaller777475 Not tainted 4.15.0-rc7+ #260
[   25.808053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.817387] Call Trace:
[   25.819958]  dump_stack+0x194/0x257
[   25.823563]  ? arch_local_irq_restore+0x53/0x53
[   25.828210]  __lock_acquire+0xe8f/0x3e00
[   25.832242]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   25.837409]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   25.842569]  ? __lock_acquire+0x664/0x3e00
[   25.846782]  ? check_noncircular+0x20/0x20
[   25.850990]  ? trace_hardirqs_off+0x10/0x10
[   25.855285]  ? bpf_prog_kallsyms_find+0xbd/0x440
[   25.860011]  ? modules_open+0xa0/0xa0
[   25.863783]  ? trace_raw_output_xdp_redirect_map_err+0x440/0x440
[   25.869897]  ? check_noncircular+0x20/0x20
[   25.874105]  ? is_bpf_text_address+0x7b/0x120
[   25.878569]  ? lock_downgrade+0x980/0x980
[   25.882694]  ? skb_network_protocol+0xef/0x4b0
[   25.887247]  ? reacquire_held_locks+0x1f9/0x3e0
[   25.891901]  ? reacquire_held_locks+0x1f9/0x3e0
[   25.896553]  ? netif_skb_features+0x5ff/0x9b0
[   25.901021]  ? dev_get_by_index_rcu+0x320/0x320
[   25.905662]  lock_acquire+0x1d5/0x580
[   25.909433]  ? lock_acquire+0x1d5/0x580
[   25.913380]  ? sch_direct_xmit+0x280/0x6d0
[   25.917589]  ? lock_release+0xa40/0xa40
[   25.921535]  ? netif_skb_features+0x9b0/0x9b0
[   25.926004]  ? do_raw_spin_trylock+0x190/0x190
[   25.930571]  ? lock_acquire+0x1d5/0x580
[   25.934524]  ? __dev_queue_xmit+0xb37/0x2920
[   25.938917]  _raw_spin_lock+0x2a/0x40
[   25.942691]  ? sch_direct_xmit+0x280/0x6d0
[   25.946899]  sch_direct_xmit+0x280/0x6d0
[   25.950939]  ? dev_deactivate_queue.constprop.30+0x260/0x260
[   25.956709]  __dev_queue_xmit+0x1ce2/0x2920
[   25.961006]  ? netdev_pick_tx+0x300/0x300
[   25.965129]  ? find_held_lock+0x35/0x1d0
[   25.969164]  ? lock_downgrade+0x980/0x980
[   25.973288]  ? check_noncircular+0x20/0x20
[   25.977496]  ? __local_bh_enable_ip+0x121/0x230
[   25.982145]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   25.987136]  ? __neigh_create+0x1657/0x1d90
[   25.991437]  ? __local_bh_enable_ip+0x121/0x230
[   25.996085]  ? _raw_write_unlock_bh+0x30/0x40
[   26.000556]  ? __neigh_create+0xc06/0x1d90
[   26.004783]  ? print_irqtrace_events+0x270/0x270
[   26.009518]  ? ip_finish_output2+0x8d2/0x1500
[   26.013989]  ? lock_downgrade+0x980/0x980
[   26.018114]  ? lock_release+0xa40/0xa40
[   26.022063]  ? mark_held_locks+0xaf/0x100
[   26.026189]  ? memcpy+0x45/0x50
[   26.029446]  dev_queue_xmit+0x17/0x20
[   26.033222]  ? dev_queue_xmit+0x17/0x20
[   26.037190]  neigh_resolve_output+0x5e2/0xa00
[   26.041657]  ? ether_setup+0x2d0/0x2d0
[   26.045516]  ? __neigh_event_send+0x1050/0x1050
[   26.050423]  ? ip_finish_output+0x864/0xd10
[   26.054719]  ? ip_local_out+0x95/0x160
[   26.058583]  ? ip_send_skb+0x3c/0xc0
[   26.062287]  ? ip_push_pending_frames+0x64/0x80
[   26.066931]  ip_finish_output2+0x8d2/0x1500
[   26.071238]  ? ip_copy_metadata+0xac0/0xac0
[   26.075538]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   26.080525]  ? ipt_do_table+0xd0a/0x1330
[   26.084561]  ? trace_hardirqs_on+0xd/0x10
[   26.088694]  ? __local_bh_enable_ip+0x121/0x230
[   26.093335]  ? ipt_do_table+0xd75/0x1330
[   26.097367]  ? ipv4_mtu+0x34d/0x4c0
[   26.100966]  ? find_held_lock+0x35/0x1d0
[   26.105003]  ip_finish_output+0x864/0xd10
[   26.109121]  ? ip_finish_output+0x864/0xd10
[   26.113414]  ? ip_fragment.constprop.47+0x200/0x200
[   26.118411]  ? iptable_mangle_hook+0xa9/0x560
[   26.122883]  ? nf_hook_slow+0xd3/0x1a0
[   26.126753]  ip_mc_output+0x277/0x1360
[   26.130619]  ? ip_queue_xmit+0x18e0/0x18e0
[   26.134828]  ? lock_downgrade+0x980/0x980
[   26.138955]  ? nf_hook_slow+0xd3/0x1a0
[   26.142814]  ? __ip_local_out+0x494/0x7a0
[   26.146933]  ? ip_copy_addrs+0xe0/0xe0
[   26.150793]  ? skb_copy_ubufs+0x1910/0x1910
[   26.155102]  ? ip_fragment.constprop.47+0x200/0x200
[   26.160093]  ? __ip_select_ident+0x168/0x270
[   26.164497]  ? __ip_rt_update_pmtu+0x9c0/0x9c0
[   26.169057]  ? ip_idents_reserve+0x2a0/0x2a0
[   26.173442]  ip_local_out+0x95/0x160
[   26.177131]  iptunnel_xmit+0x556/0x810
[   26.180990]  ip_tunnel_xmit+0x1780/0x3650
[   26.185119]  ? skb_headers_offset_update+0x170/0x290
[   26.190194]  ? ip_md_tunnel_xmit+0x14e0/0x14e0
[   26.194748]  ? save_stack_trace+0x1a/0x20
[   26.198868]  ? skb_copy_ubufs+0x1910/0x1910
[   26.203164]  ? iptunnel_handle_offloads+0x3a3/0x710
[   26.208160]  __gre_xmit+0x546/0x8b0
[   26.211762]  erspan_xmit+0x409/0x13b0
[   26.215535]  ? prepare_fb_xmit+0x9a0/0x9a0
[   26.219768]  ? __lock_is_held+0xb6/0x140
[   26.223823]  dev_hard_start_xmit+0x24e/0xac0
[   26.228209]  ? validate_xmit_skb_list+0x120/0x120
[   26.233028]  ? netif_skb_features+0x5ff/0x9b0
[   26.237500]  ? lock_acquire+0x1d5/0x580
[   26.241449]  ? lock_acquire+0x1d5/0x580
[   26.245396]  ? sch_direct_xmit+0x280/0x6d0
[   26.249604]  ? lock_release+0xa40/0xa40
[   26.253554]  ? netif_skb_features+0x9b0/0x9b0
[   26.258027]  ? do_raw_spin_trylock+0x190/0x190
[   26.262584]  ? lock_acquire+0x1d5/0x580
[   26.266534]  ? __dev_queue_xmit+0xb37/0x2920
[   26.270933]  sch_direct_xmit+0x31d/0x6d0
[   26.274969]  ? dev_deactivate_queue.constprop.30+0x260/0x260
[   26.280743]  __dev_queue_xmit+0x1ce2/0x2920
[   26.285039]  ? netdev_pick_tx+0x300/0x300
[   26.289162]  ? find_held_lock+0x35/0x1d0
[   26.293198]  ? lock_downgrade+0x980/0x980
[   26.297324]  ? check_noncircular+0x20/0x20
[   26.301545]  ? __local_bh_enable_ip+0x121/0x230
[   26.306191]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   26.311181]  ? __neigh_create+0x1657/0x1d90
[   26.315475]  ? __local_bh_enable_ip+0x121/0x230
[   26.320119]  ? _raw_write_unlock_bh+0x30/0x40
[   26.324588]  ? __neigh_create+0xc06/0x1d90
[   26.328795]  ? print_irqtrace_events+0x270/0x270
[   26.333525]  ? ip_finish_output2+0x8d2/0x1500
[   26.337990]  ? lock_downgrade+0x980/0x980
[   26.342108]  ? lock_release+0xa40/0xa40
[   26.346056]  ? mark_held_locks+0xaf/0x100
[   26.350177]  ? memcpy+0x45/0x50
[   26.353428]  dev_queue_xmit+0x17/0x20
[   26.357199]  ? dev_queue_xmit+0x17/0x20
[   26.361144]  neigh_resolve_output+0x5e2/0xa00
[   26.365613]  ? ether_setup+0x2d0/0x2d0
[   26.369475]  ? __neigh_event_send+0x1050/0x1050
[   26.374120]  ? tun_get_user+0x262e/0x3710
[   26.378239]  ? tun_chr_write_iter+0xb9/0x160
[   26.382618]  ? do_iter_readv_writev+0x525/0x7f0
[   26.387264]  ip_finish_output2+0x8d2/0x1500
[   26.391563]  ? ip_copy_metadata+0xac0/0xac0
[   26.395859]  ? check_noncircular+0x20/0x20
[   26.400068]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   26.405060]  ? ipt_do_table+0xd0a/0x1330
[   26.409091]  ? trace_hardirqs_on+0xd/0x10
[   26.413212]  ? __local_bh_enable_ip+0x121/0x230
[   26.417874]  ? ipt_do_table+0xd75/0x1330
[   26.421909]  ? ipv4_mtu+0x34d/0x4c0
[   26.425508]  ? rt_cpu_seq_show+0x2c0/0x2c0
[   26.429712]  ? find_held_lock+0x35/0x1d0
[   26.433747]  ip_finish_output+0x864/0xd10
[   26.437875]  ? ip_finish_output+0x864/0xd10
[   26.442170]  ? ip_fragment.constprop.47+0x200/0x200
[   26.447157]  ? iptable_mangle_hook+0xa9/0x560
[   26.451625]  ? nf_hook_slow+0xd3/0x1a0
[   26.455488]  ip_mc_output+0x277/0x1360
[   26.459352]  ? ip_queue_xmit+0x18e0/0x18e0
[   26.463562]  ? lock_downgrade+0x980/0x980
[   26.467685]  ? nf_hook_slow+0xd3/0x1a0
[   26.471544]  ? __ip_local_out+0x494/0x7a0
[   26.475667]  ? ip_copy_addrs+0xe0/0xe0
[   26.479529]  ? dst_release+0x3d/0x90
[   26.483212]  ? __ip_make_skb+0xfd7/0x1860
[   26.487330]  ? ip_fragment.constprop.47+0x200/0x200
[   26.492319]  ip_local_out+0x95/0x160
[   26.496007]  ip_send_skb+0x3c/0xc0
[   26.499530]  ip_push_pending_frames+0x64/0x80
[   26.504008]  icmp_push_reply+0x395/0x4f0
[   26.508048]  icmp_send+0x1148/0x19d0
[   26.511735]  ? icmp_route_lookup.constprop.24+0x1360/0x1360
[   26.517417]  ? check_noncircular+0x20/0x20
[   26.521626]  ? __lock_acquire+0x664/0x3e00
[   26.525835]  ? print_irqtrace_events+0x270/0x270
[   26.530565]  ? print_irqtrace_events+0x270/0x270
[   26.535309]  ? __is_insn_slot_addr+0x1fc/0x330
[   26.539875]  ? find_held_lock+0x35/0x1d0
[   26.543909]  ? lock_downgrade+0x980/0x980
[   26.548036]  ? lock_release+0xa40/0xa40
[   26.551981]  ip_options_compile+0xc21/0x1a50
[   26.556366]  ? ip_forward+0x1ce0/0x1ce0
[   26.560311]  ? ip_route_input_rcu+0x31b0/0x31b0
[   26.564953]  ip_rcv_finish+0x80f/0x1e30
[   26.568900]  ? inet_del_offload+0x40/0x40
[   26.573030]  ? ip_rcv+0xf22/0x1840
[   26.576542]  ? lock_downgrade+0x980/0x980
[   26.580666]  ? nf_nat_ipv4_in+0x1cd/0x270
[   26.584787]  ? iptable_nat_ipv4_fn+0x40/0x40
[   26.589170]  ? nf_hook_slow+0xd3/0x1a0
[   26.593029]  ip_rcv+0xc5a/0x1840
[   26.596369]  ? ip_local_deliver+0x6e0/0x6e0
[   26.600663]  ? inet_del_offload+0x40/0x40
[   26.604780]  ? ip_local_deliver+0x6e0/0x6e0
[   26.609074]  __netif_receive_skb_core+0x1a41/0x3460
[   26.614065]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.619227]  ? nf_ingress+0x9f0/0x9f0
[   26.623003]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.628182]  ? __skb_flow_get_ports+0x420/0x420
[   26.632826]  ? check_noncircular+0x20/0x20
[   26.637035]  ? check_noncircular+0x20/0x20
[   26.641255]  ? lock_release+0xa40/0xa40
[   26.645220]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   26.650298]  ? print_irqtrace_events+0x270/0x270
[   26.655028]  ? lock_downgrade+0x980/0x980
[   26.659149]  ? pvclock_read_flags+0x160/0x160
[   26.663616]  ? mark_held_locks+0xaf/0x100
[   26.667737]  ? lock_acquire+0x1d5/0x580
[   26.671685]  ? lock_acquire+0x1d5/0x580
[   26.675634]  ? netif_receive_skb_internal+0xa2/0x670
[   26.680708]  ? ktime_get_with_offset+0x2c1/0x420
[   26.685439]  ? lock_release+0xa40/0xa40
[   26.689382]  ? do_gettimeofday+0x190/0x190
[   26.693594]  __netif_receive_skb+0x2c/0x1b0
[   26.697888]  ? __netif_receive_skb+0x2c/0x1b0
[   26.702355]  netif_receive_skb_internal+0x10b/0x670
[   26.707354]  ? dev_cpu_dead+0xb00/0xb00
[   26.711305]  ? net_rx_action+0x1910/0x1910
[   26.715513]  ? eth_type_trans+0x2b2/0x710
[   26.719633]  ? eth_gro_receive+0x820/0x820
[   26.723840]  napi_gro_frags+0x58a/0xaf0
[   26.727787]  ? napi_gro_receive+0x500/0x500
[   26.732084]  ? tun_get_user+0x2605/0x3710
[   26.736206]  tun_get_user+0x262e/0x3710
[   26.740156]  ? tun_build_skb.isra.48+0x17d0/0x17d0
[   26.745059]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.750220]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.755385]  ? check_noncircular+0x20/0x20
[   26.759597]  ? tun_get+0x1ab/0x2e0
[   26.763110]  ? lock_release+0xa40/0xa40
[   26.767073]  ? __lock_is_held+0xb6/0x140
[   26.771110]  ? tun_get+0x1d4/0x2e0
[   26.774622]  ? tun_chr_close+0x60/0x60
[   26.778480]  ? __check_object_size+0x25d/0x4f0
[   26.783037]  ? rcu_note_context_switch+0x710/0x710
[   26.787948]  tun_chr_write_iter+0xb9/0x160
[   26.792158]  do_iter_readv_writev+0x525/0x7f0
[   26.796626]  ? vfs_dedupe_file_range+0x8f0/0x8f0
[   26.801841]  ? rw_verify_area+0xe5/0x2b0
[   26.805875]  do_iter_write+0x154/0x540
[   26.809734]  ? dup_iter+0x260/0x260
[   26.813333]  vfs_writev+0x18a/0x340
[   26.816926]  ? __fget_light+0x297/0x380
[   26.820869]  ? vfs_iter_write+0xb0/0xb0
[   26.824816]  ? up_read+0x1a/0x40
[   26.828158]  ? __do_page_fault+0x3d6/0xc90
[   26.832362]  ? mm_fault_error+0x2c0/0x2c0
[   26.836486]  ? __fdget_pos+0x130/0x190
[   26.840350]  ? __fdget_raw+0x20/0x20
[   26.844078]  ? __do_page_fault+0xc90/0xc90
[   26.848287]  do_writev+0xfc/0x2a0
[   26.851711]  ? do_writev+0xfc/0x2a0
[   26.855311]  ? vfs_writev+0x340/0x340
[   26.859089]  ? entry_SYSCALL_64_fastpath+0x5/0x9a
[   26.863905]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   26.868896]  SyS_writev+0x27/0x30
[   26.872324]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   26.877053] RIP: 0033:0x444f50
[   26.880214] RSP: 002b:00007fffa5199d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   26.887895] RAX: ffffffffffffffda RBX: 00000000004a6852 RCX: 0000000000444f50
[   26.895141] RDX: 0000000000000001 RSI: 00007fffa5199dd0 RDI: 0000000000000003
[   26.902384] RBP: 00007fffa5199ec8 R08: 000000000000001f R09: 0000000000000000
[   26.909627] R10: 0000000000000000 R11: 0000000000000246 R1