[....] Starting enhanced syslogd: rsyslogd[   13.143082] audit: type=1400 audit(1515863624.024:5): avc:  denied  { syslog } for  pid=3510 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.764402] audit: type=1400 audit(1515863629.646:6): avc:  denied  { map } for  pid=3649 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.31' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
[   24.996867] audit: type=1400 audit(1515863635.878:7): avc:  denied  { map } for  pid=3663 comm="syzkaller647215" path="/root/syzkaller647215958" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   25.392287] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
[   25.764554] 
[   25.766227] ============================================
[   25.771646] WARNING: possible recursive locking detected
[   25.777068] 4.15.0-rc7-next-20180112+ #96 Not tainted
[   25.782311] --------------------------------------------
[   25.787732] syzkaller647215/3663 is trying to acquire lock:
[   25.793410]  (_xmit_ETHER#2){+.-.}, at: [<0000000030d2c8b5>] sch_direct_xmit+0x361/0x1140
[   25.801719] 
[   25.801719] but task is already holding lock:
[   25.807657]  (_xmit_ETHER#2){+.-.}, at: [<0000000030d2c8b5>] sch_direct_xmit+0x361/0x1140
[   25.815950] 
[   25.815950] other info that might help us debug this:
[   25.822584]  Possible unsafe locking scenario:
[   25.822584] 
[   25.828610]        CPU0
[   25.831161]        ----
[   25.833711]   lock(_xmit_ETHER#2);
[   25.837222]   lock(_xmit_ETHER#2);
[   25.840731] 
[   25.840731]  *** DEADLOCK ***
[   25.840731] 
[   25.846770]  May be due to missing lock nesting notation
[   25.846770] 
[   25.853667] 8 locks held by syzkaller647215/3663:
[   25.858488]  #0:  (&tfile->napi_mutex){+.+.}, at: [<0000000075c150fb>] tun_get_user+0xe6c/0x3940
[   25.867392]  #1:  (rcu_read_lock){....}, at: [<00000000dcd5f371>] netif_receive_skb_internal+0xa2/0x670
[   25.876902]  #2:  (k-slock-AF_INET){+...}, at: [<00000000e4cc5bd7>] icmp_send+0x758/0x19b0
[   25.885280]  #3:  (rcu_read_lock_bh){....}, at: [<0000000074abd930>] ip_finish_output2+0x2aa/0x14f0
[   25.894451]  #4:  (rcu_read_lock_bh){....}, at: [<000000009731b3ab>] __dev_queue_xmit+0x2d8/0x2b50
[   25.903530]  #5:  (_xmit_ETHER#2){+.-.}, at: [<0000000030d2c8b5>] sch_direct_xmit+0x361/0x1140
[   25.912258]  #6:  (rcu_read_lock_bh){....}, at: [<0000000074abd930>] ip_finish_output2+0x2aa/0x14f0
[   25.921418]  #7:  (rcu_read_lock_bh){....}, at: [<000000009731b3ab>] __dev_queue_xmit+0x2d8/0x2b50
[   25.930491] 
[   25.930491] stack backtrace:
[   25.934957] CPU: 0 PID: 3663 Comm: syzkaller647215 Not tainted 4.15.0-rc7-next-20180112+ #96
[   25.943502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.952826] Call Trace:
[   25.955407]  dump_stack+0x194/0x257
[   25.959021]  ? arch_local_irq_restore+0x53/0x53
[   25.963666]  __lock_acquire+0xe8f/0x3e00
[   25.967699]  ? print_lockdep_cache.isra.31+0x109/0x109
[   25.972948]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   25.978118]  ? __kernel_text_address+0xd/0x40
[   25.982588]  ? unwind_get_return_address+0x61/0xa0
[   25.987490]  ? __save_stack_trace+0x7e/0xd0
[   25.991784]  ? print_lockdep_cache.isra.31+0x109/0x109
[   25.997032]  ? save_stack_trace+0x1a/0x20
[   26.001152]  ? save_trace+0xe0/0x2b0
[   26.004836]  ? __lock_acquire+0x36c0/0x3e00
[   26.009132]  ? skb_network_protocol+0xef/0x4b0
[   26.013699]  ? check_noncircular+0x20/0x20
[   26.017909]  ? netif_skb_features+0x5ff/0x9b0
[   26.022376]  ? dev_get_by_index_rcu+0x320/0x320
[   26.027021]  ? __skb_gso_segment+0x810/0x810
[   26.031427]  lock_acquire+0x1d5/0x580
[   26.035209]  ? lock_acquire+0x1d5/0x580
[   26.039158]  ? sch_direct_xmit+0x361/0x1140
[   26.043461]  ? validate_xmit_skb+0x50d/0xaf0
[   26.047843]  ? lock_release+0xa40/0xa40
[   26.051791]  ? netif_skb_features+0x9b0/0x9b0
[   26.056260]  ? pfifo_fast_dequeue+0x20e/0x870
[   26.060731]  _raw_spin_lock+0x2a/0x40
[   26.064503]  ? sch_direct_xmit+0x361/0x1140
[   26.068794]  sch_direct_xmit+0x361/0x1140
[   26.072916]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   26.077904]  ? pfifo_fast_reset+0x490/0x490
[   26.082201]  ? __lock_is_held+0xb6/0x140
[   26.086235]  __qdisc_run+0x57d/0x19c0
[   26.090011]  ? sch_direct_xmit+0x1140/0x1140
[   26.094395]  ? lock_release+0xa40/0xa40
[   26.098340]  ? __dev_queue_xmit+0x2d8/0x2b50
[   26.102732]  ? pfifo_fast_enqueue+0x2a0/0x420
[   26.107200]  __dev_queue_xmit+0xb62/0x2b50
[   26.111408]  ? netdev_pick_tx+0x300/0x300
[   26.115535]  ? check_noncircular+0x20/0x20
[   26.119745]  ? __local_bh_enable_ip+0x121/0x230
[   26.124384]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   26.129374]  ? __neigh_create+0x1657/0x1d90
[   26.133670]  ? __local_bh_enable_ip+0x121/0x230
[   26.138312]  ? _raw_write_unlock_bh+0x30/0x40
[   26.142788]  ? __neigh_create+0xc06/0x1d90
[   26.147001]  ? print_irqtrace_events+0x270/0x270
[   26.151747]  ? ip_finish_output2+0x8c6/0x14f0
[   26.156216]  ? lock_downgrade+0x980/0x980
[   26.160350]  ? lock_release+0xa40/0xa40
[   26.164297]  ? mark_held_locks+0xaf/0x100
[   26.168420]  ? memcpy+0x45/0x50
[   26.171683]  dev_queue_xmit+0x17/0x20
[   26.175467]  ? dev_queue_xmit+0x17/0x20
[   26.179423]  neigh_resolve_output+0x5e2/0xa00
[   26.183889]  ? ether_setup+0x2d0/0x2d0
[   26.187751]  ? __neigh_event_send+0x1040/0x1040
[   26.192394]  ? ip_finish_output+0x864/0xd10
[   26.196688]  ? ip_mc_output+0x271/0x1350
[   26.200730]  ip_finish_output2+0x8c6/0x14f0
[   26.205031]  ? ip_copy_metadata+0xac0/0xac0
[   26.209324]  ? check_noncircular+0x20/0x20
[   26.213532]  ? ipt_do_table+0xdd3/0x13b0
[   26.217567]  ? ipv4_mtu+0x347/0x4c0
[   26.221166]  ? rt_cpu_seq_show+0x2c0/0x2c0
[   26.225372]  ? find_held_lock+0x35/0x1d0
[   26.229407]  ip_finish_output+0x864/0xd10
[   26.233526]  ? ip_finish_output+0x864/0xd10
[   26.237819]  ? ip_fragment.constprop.47+0x200/0x200
[   26.242807]  ? iptable_mangle_hook+0xaf/0x4a0
[   26.247274]  ? nf_hook_slow+0xd3/0x1a0
[   26.251137]  ip_mc_output+0x271/0x1350
[   26.254998]  ? ip_queue_xmit+0x18e0/0x18e0
[   26.259210]  ? lock_downgrade+0x980/0x980
[   26.263332]  ? nf_hook_slow+0xd3/0x1a0
[   26.267191]  ? __ip_local_out+0x494/0x7a0
[   26.271309]  ? ip_copy_addrs+0xe0/0xe0
[   26.275168]  ? skb_copy_ubufs+0x1910/0x1910
[   26.279461]  ? ip_fragment.constprop.47+0x200/0x200
[   26.284449]  ? __ip_select_ident+0x168/0x270
[   26.288829]  ? ip_idents_reserve+0x2a0/0x2a0
[   26.293214]  ip_local_out+0x95/0x160
[   26.296902]  iptunnel_xmit+0x556/0x810
[   26.300761]  ip_tunnel_xmit+0x1780/0x3650
[   26.304882]  ? ip_md_tunnel_xmit+0x14d0/0x14d0
[   26.309438]  ? lock_downgrade+0x980/0x980
[   26.313561]  ? pvclock_read_flags+0x160/0x160
[   26.318029]  ? mark_held_locks+0xaf/0x100
[   26.322151]  ? ktime_get_with_offset+0x188/0x420
[   26.326879]  ? kvm_clock_get_cycles+0x25/0x30
[   26.331348]  ? do_gettimeofday+0x190/0x190
[   26.335556]  __gre_xmit+0x546/0x8b0
[   26.339157]  erspan_xmit+0x7eb/0x2430
[   26.342930]  ? gretap_fb_dev_create+0x250/0x250
[   26.347569]  ? __lock_is_held+0xb6/0x140
[   26.351607]  dev_hard_start_xmit+0x24e/0xac0
[   26.355990]  ? validate_xmit_skb_list+0x120/0x120
[   26.360810]  ? __skb_gso_segment+0x810/0x810
[   26.365194]  ? lock_acquire+0x1d5/0x580
[   26.369140]  ? lock_acquire+0x1d5/0x580
[   26.373091]  ? sch_direct_xmit+0x361/0x1140
[   26.377384]  ? validate_xmit_skb+0x50d/0xaf0
[   26.381775]  ? lock_release+0xa40/0xa40
[   26.385727]  ? netif_skb_features+0x9b0/0x9b0
[   26.390194]  ? pfifo_fast_dequeue+0x20e/0x870
[   26.394662]  sch_direct_xmit+0x40d/0x1140
[   26.398786]  ? pfifo_fast_reset+0x490/0x490
[   26.403085]  ? __lock_is_held+0xb6/0x140
[   26.407120]  __qdisc_run+0x57d/0x19c0
[   26.410892]  ? sch_direct_xmit+0x1140/0x1140
[   26.415272]  ? lock_release+0xa40/0xa40
[   26.419222]  ? __dev_queue_xmit+0x2d8/0x2b50
[   26.423608]  ? pfifo_fast_enqueue+0x2a0/0x420
[   26.428085]  __dev_queue_xmit+0xb62/0x2b50
[   26.432298]  ? netdev_pick_tx+0x300/0x300
[   26.436421]  ? find_held_lock+0x35/0x1d0
[   26.440456]  ? lock_downgrade+0x980/0x980
[   26.444589]  ? check_noncircular+0x20/0x20
[   26.448801]  ? __local_bh_enable_ip+0x121/0x230
[   26.453454]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   26.458458]  ? __neigh_create+0x1657/0x1d90
[   26.462753]  ? __local_bh_enable_ip+0x121/0x230
[   26.467395]  ? _raw_write_unlock_bh+0x30/0x40
[   26.471873]  ? __neigh_create+0xc06/0x1d90
[   26.476084]  ? print_irqtrace_events+0x270/0x270
[   26.480824]  ? ip_finish_output2+0x8c6/0x14f0
[   26.485299]  ? lock_downgrade+0x980/0x980
[   26.489420]  ? lock_release+0xa40/0xa40
[   26.493372]  ? mark_held_locks+0xaf/0x100
[   26.497505]  ? memcpy+0x45/0x50
[   26.500763]  dev_queue_xmit+0x17/0x20
[   26.504542]  ? dev_queue_xmit+0x17/0x20
[   26.508522]  neigh_resolve_output+0x5e2/0xa00
[   26.512996]  ? ether_setup+0x2d0/0x2d0
[   26.516862]  ? __neigh_event_send+0x1040/0x1040
[   26.521502]  ? tun_get_user+0x2760/0x3940
[   26.525622]  ? tun_chr_write_iter+0xb9/0x160
[   26.530012]  ip_finish_output2+0x8c6/0x14f0
[   26.534334]  ? __local_bh_enable_ip+0x121/0x230
[   26.538993]  ? ip_copy_metadata+0xac0/0xac0
[   26.543296]  ? check_noncircular+0x20/0x20
[   26.547509]  ? ipt_do_table+0xdd3/0x13b0
[   26.551547]  ? ipv4_mtu+0x347/0x4c0
[   26.555156]  ? rt_cpu_seq_show+0x2c0/0x2c0
[   26.559395]  ? find_held_lock+0x35/0x1d0
[   26.563447]  ip_finish_output+0x864/0xd10
[   26.567576]  ? ip_finish_output+0x864/0xd10
[   26.571878]  ? ip_fragment.constprop.47+0x200/0x200
[   26.576869]  ? iptable_mangle_hook+0xaf/0x4a0
[   26.581348]  ? nf_hook_slow+0xd3/0x1a0
[   26.585224]  ip_mc_output+0x271/0x1350
[   26.589089]  ? ip_queue_xmit+0x18e0/0x18e0
[   26.593301]  ? lock_downgrade+0x980/0x980
[   26.597445]  ? nf_hook_slow+0xd3/0x1a0
[   26.601309]  ? __ip_local_out+0x494/0x7a0
[   26.605434]  ? ip_copy_addrs+0xe0/0xe0
[   26.609301]  ? dst_release+0x3a/0x90
[   26.613008]  ? __ip_make_skb+0xfd1/0x1850
[   26.617132]  ? ip_fragment.constprop.47+0x200/0x200
[   26.622122]  ip_local_out+0x95/0x160
[   26.625806]  ip_send_skb+0x3c/0xc0
[   26.629316]  ip_push_pending_frames+0x64/0x80
[   26.633786]  icmp_push_reply+0x395/0x4f0
[   26.637819]  icmp_send+0x1136/0x19b0
[   26.641507]  ? icmp_route_lookup.constprop.24+0x1360/0x1360
[   26.647193]  ? check_noncircular+0x20/0x20
[   26.651399]  ? __lock_acquire+0x664/0x3e00
[   26.655606]  ? __debug_object_init+0x235/0x1040
[   26.660264]  ? __is_insn_slot_addr+0x1fc/0x330
[   26.664821]  ? find_held_lock+0x35/0x1d0
[   26.668856]  ? lock_downgrade+0x980/0x980
[   26.672976]  ? lock_release+0xa40/0xa40
[   26.676923]  ip_options_compile+0xc21/0x1a50
[   26.681305]  ? ip_forward+0x1cd0/0x1cd0
[   26.685250]  ? ip_route_input_rcu+0x3180/0x3180
[   26.689892]  ip_rcv_finish+0x80f/0x1e30
[   26.693837]  ? inet_del_offload+0x40/0x40
[   26.697968]  ? ip_rcv+0xf22/0x1840
[   26.701480]  ? lock_downgrade+0x980/0x980
[   26.705600]  ? nf_nat_ipv4_in+0x1cd/0x270
[   26.709719]  ? iptable_nat_ipv4_fn+0x40/0x40
[   26.714105]  ? nf_hook_slow+0xd3/0x1a0
[   26.717963]  ip_rcv+0xc5a/0x1840
[   26.721300]  ? ip_local_deliver+0x6e0/0x6e0
[   26.725596]  ? inet_del_offload+0x40/0x40
[   26.729716]  ? ip_local_deliver+0x6e0/0x6e0
[   26.734694]  __netif_receive_skb_core+0x1a41/0x3460
[   26.739689]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.744854]  ? nf_ingress+0x9f0/0x9f0
[   26.748628]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.753788]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.758948]  ? check_noncircular+0x20/0x20
[   26.763156]  ? check_noncircular+0x20/0x20
[   26.767362]  ? lock_downgrade+0x980/0x980
[   26.771494]  ? lock_release+0xa40/0xa40
[   26.775440]  ? mark_held_locks+0xaf/0x100
[   26.779563]  ? print_irqtrace_events+0x270/0x270
[   26.784295]  ? lock_downgrade+0x980/0x980
[   26.788420]  ? pvclock_read_flags+0x160/0x160
[   26.792889]  ? mark_held_locks+0xaf/0x100
[   26.797021]  ? lock_acquire+0x1d5/0x580
[   26.800971]  ? lock_acquire+0x1d5/0x580
[   26.804919]  ? netif_receive_skb_internal+0xa2/0x670
[   26.810013]  ? ktime_get_with_offset+0x2c1/0x420
[   26.814746]  ? lock_release+0xa40/0xa40
[   26.818700]  ? do_gettimeofday+0x190/0x190
[   26.822909]  __netif_receive_skb+0x2c/0x1b0
[   26.827205]  ? __netif_receive_skb+0x2c/0x1b0
[   26.831671]  netif_receive_skb_internal+0x10b/0x670
[   26.836657]  ? dev_cpu_dead+0xb00/0xb00
[   26.840602]  ? net_rx_action+0x1910/0x1910
[   26.844806]  ? eth_type_trans+0x2b2/0x710
[   26.848923]  ? eth_gro_receive+0x820/0x820
[   26.853129]  napi_gro_frags+0x58a/0xaf0
[   26.857079]  ? napi_gro_receive+0x500/0x500
[   26.861377]  ? tun_get_user+0x2737/0x3940
[   26.865494]  tun_get_user+0x2760/0x3940
[   26.869442]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.874605]  ? do_huge_pmd_anonymous_page+0xb1e/0x1b00
[   26.879856]  ? tun_build_skb.isra.49+0x1810/0x1810
[   26.884758]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.889919]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.895078]  ? trace_hardirqs_on+0xd/0x10
[   26.899201]  ? find_held_lock+0x35/0x1d0
[   26.903235]  ? tun_get+0x1ab/0x2e0
[   26.906748]  ? lock_release+0xa40/0xa40
[   26.910696]  ? __lock_is_held+0xb6/0x140
[   26.914733]  ? tun_get+0x1d4/0x2e0
[   26.918248]  ? tun_do_read+0x2600/0x2600
[   26.922284]  ? __check_object_size+0x8b/0x530
[   26.926756]  ? rcu_note_context_switch+0x710/0x710
[   26.931658]  tun_chr_write_iter+0xb9/0x160
[   26.935864]  do_iter_readv_writev+0x525/0x7f0
[   26.940330]  ? vfs_dedupe_file_range+0x8f0/0x8f0
[   26.945057]  ? rw_verify_area+0xe5/0x2b0
[   26.949087]  do_iter_write+0x154/0x540
[   26.952952]  ? dup_iter+0x260/0x260
[   26.956552]  vfs_writev+0x18a/0x340
[   26.960153]  ? __fget_light+0x297/0x380
[   26.964099]  ? vfs_iter_write+0xb0/0xb0
[   26.968047]  ? up_read+0x1a/0x40
[   26.971387]  ? __do_page_fault+0x3d6/0xc90
[   26.975593]  ? mm_fault_error+0x2c0/0x2c0
[   26.979711]  ? __fdget_pos+0x130/0x190
[   26.983567]  ? __fdget_raw+0x20/0x20
[   26.987250]  ? __do_page_fault+0xc90/0xc90
[   26.991455]  do_writev+0xfc/0x2a0
[   26.994877]  ? do_writev+0xfc/0x2a0
[   26.998473]  ? vfs_writev+0x340/0x340
[   27.002245]  ? entry_SYSCALL_64_fastpath+0x5/0xa0
[   27.007058]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   27.012045]  SyS_writev+0x27/0x30
[   27.015471]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   27.020198] RIP: 0033:0x444f50
[   27.023359] RSP: 002b:00007fff459765d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   27.031038] RAX: ffffffffffffffda RBX: 00000000004a6852 RCX: 0000000000444f50
[   27.038281] RDX: 0000000000000001 RSI: 00007fff45976610 RDI: 0000000000000003
[   27.045523] RBP: 00007fff45976708 R08: 000000000000001f R09: 0000000000000000
[   27.052774] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff45976708
[   27.060017] R13: 0000000000402520 R14: 0000000000000000 R15: 0000000000000000
[