[....] Starting enhanced syslogd: rsyslogd[   12.944161] audit: type=1400 audit(1515861480.871:5): avc:  denied  { syslog } for  pid=3499 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.355638] audit: type=1400 audit(1515861486.282:6): avc:  denied  { map } for  pid=3640 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.15.242' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
[   24.647260] audit: type=1400 audit(1515861492.574:7): avc:  denied  { map } for  pid=3654 comm="syzkaller460424" path="/root/syzkaller460424627" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   25.031599] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
[   25.370903] 
[   25.372539] ============================================
[   25.377951] WARNING: possible recursive locking detected
[   25.383365] 4.15.0-rc7+ #260 Not tainted
[   25.387387] --------------------------------------------
[   25.395818] syzkaller460424/3654 is trying to acquire lock:
[   25.401494]  (_xmit_ETHER#2){+.-.}, at: [<00000000a2ecb841>] sch_direct_xmit+0x280/0x6d0
[   25.409702] 
[   25.409702] but task is already holding lock:
[   25.417045]  (_xmit_ETHER#2){+.-.}, at: [<00000000a2ecb841>] sch_direct_xmit+0x280/0x6d0
[   25.425255] 
[   25.425255] other info that might help us debug this:
[   25.431883]  Possible unsafe locking scenario:
[   25.431883] 
[   25.437902]        CPU0
[   25.440449]        ----
[   25.442993]   lock(_xmit_ETHER#2);
[   25.446500]   lock(_xmit_ETHER#2);
[   25.450107] 
[   25.450107]  *** DEADLOCK ***
[   25.450107] 
[   25.456130]  May be due to missing lock nesting notation
[   25.456130] 
[   25.463021] 10 locks held by syzkaller460424/3654:
[   25.467913]  #0:  (&tfile->napi_mutex){+.+.}, at: [<0000000023072540>] tun_get_user+0xe5a/0x3710
[   25.476812]  #1:  (rcu_read_lock){....}, at: [<000000006a8dc5a3>] netif_receive_skb_internal+0xa2/0x670
[   25.486313]  #2:  (k-slock-AF_INET){+...}, at: [<00000000f27cbcd6>] icmp_send+0x75e/0x19d0
[   25.494685]  #3:  (rcu_read_lock_bh){....}, at: [<00000000e8f3432f>] ip_finish_output2+0x2b6/0x1500
[   25.503943]  #4:  (rcu_read_lock_bh){....}, at: [<000000001e7a1499>] __dev_queue_xmit+0x294/0x2920
[   25.513013]  #5:  (dev->qdisc_running_key ?: &qdisc_running_key){+...}, at: [<00000000c8d219ce>] dev_queue_xmit+0x17/0x20
[   25.524088]  #6:  (_xmit_ETHER#2){+.-.}, at: [<00000000a2ecb841>] sch_direct_xmit+0x280/0x6d0
[   25.532729]  #7:  (rcu_read_lock_bh){....}, at: [<00000000e8f3432f>] ip_finish_output2+0x2b6/0x1500
[   25.541940]  #8:  (rcu_read_lock_bh){....}, at: [<000000001e7a1499>] __dev_queue_xmit+0x294/0x2920
[   25.551018]  #9:  (dev->qdisc_running_key ?: &qdisc_running_key){+...}, at: [<00000000c8d219ce>] dev_queue_xmit+0x17/0x20
[   25.562105] 
[   25.562105] stack backtrace:
[   25.566574] CPU: 0 PID: 3654 Comm: syzkaller460424 Not tainted 4.15.0-rc7+ #260
[   25.574026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.583353] Call Trace:
[   25.585915]  dump_stack+0x194/0x257
[   25.589510]  ? arch_local_irq_restore+0x53/0x53
[   25.594147]  __lock_acquire+0xe8f/0x3e00
[   25.598238]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   25.603397]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   25.608553]  ? __lock_acquire+0x664/0x3e00
[   25.612754]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   25.617909]  ? check_noncircular+0x20/0x20
[   25.622122]  ? trace_hardirqs_off+0x10/0x10
[   25.626408]  ? bpf_prog_kallsyms_find+0xbd/0x440
[   25.631129]  ? modules_open+0xa0/0xa0
[   25.634893]  ? trace_raw_output_xdp_redirect_map_err+0x440/0x440
[   25.641005]  ? check_noncircular+0x20/0x20
[   25.645211]  ? is_bpf_text_address+0x7b/0x120
[   25.649672]  ? lock_downgrade+0x980/0x980
[   25.653802]  ? skb_network_protocol+0xef/0x4b0
[   25.658450]  ? reacquire_held_locks+0x1f9/0x3e0
[   25.663082]  ? reacquire_held_locks+0x1f9/0x3e0
[   25.667717]  ? netif_skb_features+0x5ff/0x9b0
[   25.672177]  ? dev_get_by_index_rcu+0x320/0x320
[   25.676811]  lock_acquire+0x1d5/0x580
[   25.680577]  ? lock_acquire+0x1d5/0x580
[   25.684515]  ? sch_direct_xmit+0x280/0x6d0
[   25.688714]  ? lock_release+0xa40/0xa40
[   25.692653]  ? netif_skb_features+0x9b0/0x9b0
[   25.697126]  ? do_raw_spin_trylock+0x190/0x190
[   25.701673]  ? lock_acquire+0x1d5/0x580
[   25.705614]  ? __dev_queue_xmit+0xb37/0x2920
[   25.709990]  _raw_spin_lock+0x2a/0x40
[   25.713758]  ? sch_direct_xmit+0x280/0x6d0
[   25.717957]  sch_direct_xmit+0x280/0x6d0
[   25.721985]  ? dev_deactivate_queue.constprop.30+0x260/0x260
[   25.727751]  __dev_queue_xmit+0x1ce2/0x2920
[   25.732138]  ? netdev_pick_tx+0x300/0x300
[   25.736257]  ? check_noncircular+0x20/0x20
[   25.740472]  ? __local_bh_enable_ip+0x121/0x230
[   25.745115]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   25.750103]  ? __neigh_create+0x1657/0x1d90
[   25.754391]  ? __local_bh_enable_ip+0x121/0x230
[   25.759031]  ? _raw_write_unlock_bh+0x30/0x40
[   25.763497]  ? __neigh_create+0xc06/0x1d90
[   25.767701]  ? print_irqtrace_events+0x270/0x270
[   25.772437]  ? ip_finish_output2+0x8d2/0x1500
[   25.776896]  ? lock_downgrade+0x980/0x980
[   25.781013]  ? lock_release+0xa40/0xa40
[   25.784955]  ? mark_held_locks+0xaf/0x100
[   25.789067]  ? memcpy+0x45/0x50
[   25.792314]  dev_queue_xmit+0x17/0x20
[   25.796078]  ? dev_queue_xmit+0x17/0x20
[   25.800020]  neigh_resolve_output+0x5e2/0xa00
[   25.804486]  ? ether_setup+0x2d0/0x2d0
[   25.808338]  ? __neigh_event_send+0x1050/0x1050
[   25.812974]  ? ip_finish_output+0x864/0xd10
[   25.817258]  ? ip_local_out+0x95/0x160
[   25.821112]  ? ip_send_skb+0x3c/0xc0
[   25.824790]  ? ip_push_pending_frames+0x64/0x80
[   25.829424]  ip_finish_output2+0x8d2/0x1500
[   25.833712]  ? ip_copy_metadata+0xac0/0xac0
[   25.838012]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   25.843000]  ? ipt_do_table+0xd0a/0x1330
[   25.847036]  ? trace_hardirqs_on+0xd/0x10
[   25.851154]  ? __local_bh_enable_ip+0x121/0x230
[   25.855787]  ? ipt_do_table+0xd75/0x1330
[   25.859814]  ? ipv4_mtu+0x34d/0x4c0
[   25.863407]  ? find_held_lock+0x35/0x1d0
[   25.867435]  ip_finish_output+0x864/0xd10
[   25.871561]  ? ip_finish_output+0x864/0xd10
[   25.875855]  ? ip_fragment.constprop.47+0x200/0x200
[   25.880846]  ? iptable_mangle_hook+0xa9/0x560
[   25.885306]  ? nf_hook_slow+0xd3/0x1a0
[   25.889178]  ip_mc_output+0x277/0x1360
[   25.893031]  ? ip_queue_xmit+0x18e0/0x18e0
[   25.897229]  ? lock_downgrade+0x980/0x980
[   25.901343]  ? nf_hook_slow+0xd3/0x1a0
[   25.905198]  ? __ip_local_out+0x494/0x7a0
[   25.909311]  ? ip_copy_addrs+0xe0/0xe0
[   25.913170]  ? skb_copy_ubufs+0x1910/0x1910
[   25.917460]  ? ip_fragment.constprop.47+0x200/0x200
[   25.922441]  ? __ip_select_ident+0x168/0x270
[   25.926815]  ? ip_idents_reserve+0x2a0/0x2a0
[   25.931196]  ip_local_out+0x95/0x160
[   25.934874]  iptunnel_xmit+0x556/0x810
[   25.938729]  ip_tunnel_xmit+0x1780/0x3650
[   25.942844]  ? skb_headers_offset_update+0x170/0x290
[   25.947913]  ? ip_md_tunnel_xmit+0x14e0/0x14e0
[   25.952462]  ? save_stack_trace+0x1a/0x20
[   25.956576]  ? skb_copy_ubufs+0x1910/0x1910
[   25.960866]  ? iptunnel_handle_offloads+0x3a3/0x710
[   25.966036]  __gre_xmit+0x546/0x8b0
[   25.969627]  erspan_xmit+0x409/0x13b0
[   25.973403]  ? prepare_fb_xmit+0x9a0/0x9a0
[   25.977606]  ? __lock_is_held+0xb6/0x140
[   25.981638]  dev_hard_start_xmit+0x24e/0xac0
[   25.986018]  ? validate_xmit_skb_list+0x120/0x120
[   25.990840]  ? netif_skb_features+0x5ff/0x9b0
[   25.995305]  ? lock_acquire+0x1d5/0x580
[   25.999244]  ? lock_acquire+0x1d5/0x580
[   26.003185]  ? sch_direct_xmit+0x280/0x6d0
[   26.007385]  ? lock_release+0xa40/0xa40
[   26.011326]  ? netif_skb_features+0x9b0/0x9b0
[   26.015798]  ? do_raw_spin_trylock+0x190/0x190
[   26.020348]  ? lock_acquire+0x1d5/0x580
[   26.024288]  ? __dev_queue_xmit+0xb37/0x2920
[   26.028664]  sch_direct_xmit+0x31d/0x6d0
[   26.032692]  ? dev_deactivate_queue.constprop.30+0x260/0x260
[   26.038456]  __dev_queue_xmit+0x1ce2/0x2920
[   26.042743]  ? netdev_pick_tx+0x300/0x300
[   26.046858]  ? find_held_lock+0x35/0x1d0
[   26.050885]  ? lock_downgrade+0x980/0x980
[   26.054998]  ? check_noncircular+0x20/0x20
[   26.059202]  ? __local_bh_enable_ip+0x121/0x230
[   26.063836]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   26.068832]  ? __neigh_create+0x1657/0x1d90
[   26.073123]  ? __local_bh_enable_ip+0x121/0x230
[   26.077758]  ? _raw_write_unlock_bh+0x30/0x40
[   26.082218]  ? __neigh_create+0xc06/0x1d90
[   26.086422]  ? print_irqtrace_events+0x270/0x270
[   26.091339]  ? ip_finish_output2+0x8d2/0x1500
[   26.095799]  ? lock_downgrade+0x980/0x980
[   26.099911]  ? lock_release+0xa40/0xa40
[   26.103849]  ? mark_held_locks+0xaf/0x100
[   26.107963]  ? memcpy+0x45/0x50
[   26.111208]  dev_queue_xmit+0x17/0x20
[   26.115196]  ? dev_queue_xmit+0x17/0x20
[   26.119139]  neigh_resolve_output+0x5e2/0xa00
[   26.123609]  ? ether_setup+0x2d0/0x2d0
[   26.127467]  ? __neigh_event_send+0x1050/0x1050
[   26.132102]  ? tun_get_user+0x262e/0x3710
[   26.136224]  ? tun_chr_write_iter+0xb9/0x160
[   26.140599]  ? do_iter_readv_writev+0x525/0x7f0
[   26.145246]  ip_finish_output2+0x8d2/0x1500
[   26.149535]  ? ip_copy_metadata+0xac0/0xac0
[   26.153822]  ? check_noncircular+0x20/0x20
[   26.158025]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   26.163014]  ? ipt_do_table+0xd0a/0x1330
[   26.167043]  ? trace_hardirqs_on+0xd/0x10
[   26.171169]  ? __local_bh_enable_ip+0x121/0x230
[   26.175802]  ? ipt_do_table+0xd75/0x1330
[   26.179827]  ? ipv4_mtu+0x34d/0x4c0
[   26.183417]  ? rt_cpu_seq_show+0x2c0/0x2c0
[   26.187618]  ? find_held_lock+0x35/0x1d0
[   26.191655]  ip_finish_output+0x864/0xd10
[   26.195770]  ? ip_finish_output+0x864/0xd10
[   26.200062]  ? ip_fragment.constprop.47+0x200/0x200
[   26.205043]  ? iptable_mangle_hook+0xa9/0x560
[   26.209522]  ? nf_hook_slow+0xd3/0x1a0
[   26.213376]  ip_mc_output+0x277/0x1360
[   26.217233]  ? ip_queue_xmit+0x18e0/0x18e0
[   26.221434]  ? lock_downgrade+0x980/0x980
[   26.225550]  ? nf_hook_slow+0xd3/0x1a0
[   26.229403]  ? __ip_local_out+0x494/0x7a0
[   26.233517]  ? ip_copy_addrs+0xe0/0xe0
[   26.237382]  ? dst_release+0x3d/0x90
[   26.241060]  ? __ip_make_skb+0xfd7/0x1860
[   26.245190]  ? ip_fragment.constprop.47+0x200/0x200
[   26.250172]  ip_local_out+0x95/0x160
[   26.253851]  ip_send_skb+0x3c/0xc0
[   26.257367]  ip_push_pending_frames+0x64/0x80
[   26.261839]  icmp_push_reply+0x395/0x4f0
[   26.265867]  icmp_send+0x1148/0x19d0
[   26.269548]  ? icmp_route_lookup.constprop.24+0x1360/0x1360
[   26.275222]  ? check_noncircular+0x20/0x20
[   26.279424]  ? __lock_acquire+0x664/0x3e00
[   26.283626]  ? print_irqtrace_events+0x270/0x270
[   26.288344]  ? print_irqtrace_events+0x270/0x270
[   26.293065]  ? __is_insn_slot_addr+0x1fc/0x330
[   26.297620]  ? find_held_lock+0x35/0x1d0
[   26.301649]  ? lock_downgrade+0x980/0x980
[   26.305760]  ? lock_release+0xa40/0xa40
[   26.309700]  ip_options_compile+0xc21/0x1a50
[   26.314086]  ? ip_forward+0x1ce0/0x1ce0
[   26.318030]  ? ip_route_input_rcu+0x31b0/0x31b0
[   26.322665]  ip_rcv_finish+0x80f/0x1e30
[   26.326604]  ? inet_del_offload+0x40/0x40
[   26.330741]  ? ip_rcv+0xf22/0x1840
[   26.334246]  ? lock_downgrade+0x980/0x980
[   26.338449]  ? nf_nat_ipv4_in+0x1cd/0x270
[   26.342562]  ? iptable_nat_ipv4_fn+0x40/0x40
[   26.346937]  ? nf_hook_slow+0xd3/0x1a0
[   26.350920]  ip_rcv+0xc5a/0x1840
[   26.354251]  ? ip_local_deliver+0x6e0/0x6e0
[   26.358550]  ? inet_del_offload+0x40/0x40
[   26.362662]  ? ip_local_deliver+0x6e0/0x6e0
[   26.366949]  __netif_receive_skb_core+0x1a41/0x3460
[   26.371932]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.377089]  ? nf_ingress+0x9f0/0x9f0
[   26.380858]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.386020]  ? __skb_flow_get_ports+0x420/0x420
[   26.391752]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.397735]  ? check_noncircular+0x20/0x20
[   26.401934]  ? check_noncircular+0x20/0x20
[   26.406134]  ? lock_release+0xa40/0xa40
[   26.410076]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   26.416309]  ? print_irqtrace_events+0x270/0x270
[   26.421034]  ? lock_downgrade+0x980/0x980
[   26.426280]  ? pvclock_read_flags+0x160/0x160
[   26.430743]  ? mark_held_locks+0xaf/0x100
[   26.434856]  ? lock_acquire+0x1d5/0x580
[   26.439243]  ? lock_acquire+0x1d5/0x580
[   26.443187]  ? netif_receive_skb_internal+0xa2/0x670
[   26.448257]  ? ktime_get_with_offset+0x2c1/0x420
[   26.452978]  ? lock_release+0xa40/0xa40
[   26.456917]  ? do_gettimeofday+0x190/0x190
[   26.461120]  __netif_receive_skb+0x2c/0x1b0
[   26.465406]  ? __netif_receive_skb+0x2c/0x1b0
[   26.469867]  netif_receive_skb_internal+0x10b/0x670
[   26.474850]  ? dev_cpu_dead+0xb00/0xb00
[   26.478790]  ? net_rx_action+0x1910/0x1910
[   26.482998]  ? eth_type_trans+0x2b2/0x710
[   26.487133]  ? eth_gro_receive+0x820/0x820
[   26.491335]  napi_gro_frags+0x58a/0xaf0
[   26.495274]  ? napi_gro_receive+0x500/0x500
[   26.499631]  ? tun_get_user+0x2605/0x3710
[   26.503757]  tun_get_user+0x262e/0x3710
[   26.507702]  ? tun_build_skb.isra.48+0x17d0/0x17d0
[   26.512598]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.517752]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.522908]  ? avc_has_extended_perms+0x12c0/0x12c0
[   26.527890]  ? check_noncircular+0x20/0x20
[   26.532093]  ? tun_get+0x1ab/0x2e0
[   26.535601]  ? lock_release+0xa40/0xa40
[   26.539542]  ? __lock_is_held+0xb6/0x140
[   26.543572]  ? tun_get+0x1d4/0x2e0
[   26.547079]  ? tun_chr_close+0x60/0x60
[   26.550932]  ? __check_object_size+0x25d/0x4f0
[   26.555482]  ? rcu_note_context_switch+0x710/0x710
[   26.560379]  tun_chr_write_iter+0xb9/0x160
[   26.564584]  do_iter_readv_writev+0x525/0x7f0
[   26.569047]  ? vfs_dedupe_file_range+0x8f0/0x8f0
[   26.573767]  ? rw_verify_area+0xe5/0x2b0
[   26.577794]  do_iter_write+0x154/0x540
[   26.581645]  ? dup_iter+0x260/0x260
[   26.585239]  vfs_writev+0x18a/0x340
[   26.588830]  ? __fget_light+0x297/0x380
[   26.592768]  ? vfs_iter_write+0xb0/0xb0
[   26.596718]  ? up_read+0x1a/0x40
[   26.600051]  ? __do_page_fault+0x3d6/0xc90
[   26.604262]  ? mm_fault_error+0x2c0/0x2c0
[   26.608383]  ? __fdget_pos+0x130/0x190
[   26.612239]  ? __fdget_raw+0x20/0x20
[   26.615919]  ? __do_page_fault+0xc90/0xc90
[   26.620121]  do_writev+0xfc/0x2a0
[   26.623545]  ? do_writev+0xfc/0x2a0
[   26.627137]  ? vfs_writev+0x340/0x340
[   26.630907]  ? entry_SYSCALL_64_fastpath+0x5/0x9a
[   26.635716]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   26.640700]  SyS_writev+0x27/0x30
[   26.644120]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   26.648840] RIP: 0033:0x444f50
[   26.652008] RSP: 002b:00007fffe6298c18 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   26.659698] RAX: ffffffffffffffda RBX: 00000000004a6852 RCX: 0000000000444f50
[   26.666945] RDX: 0000000000000001 RSI: 00007fffe6298c50 RDI: 0000000000000003
[   26.674181] RBP: 00007fffe6