[....] Starting enhanced syslogd: rsyslogd[   13.380443] audit: type=1400 audit(1515862691.374:5): avc:  denied  { syslog } for  pid=3505 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   19.885756] audit: type=1400 audit(1515862697.879:6): avc:  denied  { map } for  pid=3646 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
[   26.138050] audit: type=1400 audit(1515862704.131:7): avc:  denied  { map } for  pid=3660 comm="syzkaller397540" path="/root/syzkaller397540375" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   26.518217] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
[   26.843486] 
[   26.845121] ============================================
[   26.850532] WARNING: possible recursive locking detected
[   26.855946] 4.15.0-rc7+ #187 Not tainted
[   26.859967] --------------------------------------------
[   26.865396] syzkaller397540/3660 is trying to acquire lock:
[   26.871066]  (_xmit_ETHER#2){+.-.}, at: [<00000000f9d3fe4e>] sch_direct_xmit+0x361/0x1140
[   26.879354] 
[   26.879354] but task is already holding lock:
[   26.885285]  (_xmit_ETHER#2){+.-.}, at: [<00000000f9d3fe4e>] sch_direct_xmit+0x361/0x1140
[   26.893568] 
[   26.893568] other info that might help us debug this:
[   26.900194]  Possible unsafe locking scenario:
[   26.900194] 
[   26.906212]        CPU0
[   26.908757]        ----
[   26.911301]   lock(_xmit_ETHER#2);
[   26.914813]   lock(_xmit_ETHER#2);
[   26.918317] 
[   26.918317]  *** DEADLOCK ***
[   26.918317] 
[   26.924337]  May be due to missing lock nesting notation
[   26.924337] 
[   26.931228] 8 locks held by syzkaller397540/3660:
[   26.936031]  #0:  (&tfile->napi_mutex){+.+.}, at: [<0000000074031e79>] tun_get_user+0xe6c/0x3940
[   26.944955]  #1:  (rcu_read_lock){....}, at: [<00000000018bd884>] netif_receive_skb_internal+0xa2/0x670
[   26.954457]  #2:  (k-slock-AF_INET){+...}, at: [<000000006c9689ca>] icmp_send+0x758/0x19b0
[   26.962835]  #3:  (rcu_read_lock_bh){....}, at: [<0000000008d1d1e5>] ip_finish_output2+0x2aa/0x14f0
[   26.971993]  #4:  (rcu_read_lock_bh){....}, at: [<00000000271e2cd2>] __dev_queue_xmit+0x2d8/0x2b50
[   26.981070]  #5:  (_xmit_ETHER#2){+.-.}, at: [<00000000f9d3fe4e>] sch_direct_xmit+0x361/0x1140
[   26.989793]  #6:  (rcu_read_lock_bh){....}, at: [<0000000008d1d1e5>] ip_finish_output2+0x2aa/0x14f0
[   26.998944]  #7:  (rcu_read_lock_bh){....}, at: [<00000000271e2cd2>] __dev_queue_xmit+0x2d8/0x2b50
[   27.008013] 
[   27.008013] stack backtrace:
[   27.012479] CPU: 1 PID: 3660 Comm: syzkaller397540 Not tainted 4.15.0-rc7+ #187
[   27.019893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.029210] Call Trace:
[   27.031765]  dump_stack+0x194/0x257
[   27.035360]  ? arch_local_irq_restore+0x53/0x53
[   27.039996]  __lock_acquire+0xe8f/0x3e00
[   27.044040]  ? print_lockdep_cache.isra.31+0x109/0x109
[   27.049293]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.054456]  ? __kernel_text_address+0xd/0x40
[   27.058917]  ? __save_stack_trace+0x7e/0xd0
[   27.063204]  ? print_lockdep_cache.isra.31+0x109/0x109
[   27.068446]  ? save_stack_trace+0x1a/0x20
[   27.072558]  ? save_trace+0xe0/0x2b0
[   27.076241]  ? __lock_acquire+0x36c0/0x3e00
[   27.080533]  ? skb_network_protocol+0xef/0x4b0
[   27.085081]  ? check_noncircular+0x20/0x20
[   27.089280]  ? netif_skb_features+0x5ff/0x9b0
[   27.093740]  ? dev_get_by_index_rcu+0x320/0x320
[   27.098372]  ? __skb_gso_segment+0x810/0x810
[   27.102747]  lock_acquire+0x1d5/0x580
[   27.106512]  ? lock_acquire+0x1d5/0x580
[   27.110451]  ? sch_direct_xmit+0x361/0x1140
[   27.114745]  ? validate_xmit_skb+0x50d/0xaf0
[   27.119119]  ? lock_release+0xa40/0xa40
[   27.123057]  ? netif_skb_features+0x9b0/0x9b0
[   27.127515]  ? pfifo_fast_dequeue+0x20e/0x870
[   27.131976]  _raw_spin_lock+0x2a/0x40
[   27.135741]  ? sch_direct_xmit+0x361/0x1140
[   27.140027]  sch_direct_xmit+0x361/0x1140
[   27.144140]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   27.149119]  ? pfifo_fast_reset+0x490/0x490
[   27.153403]  ? __lock_is_held+0xb6/0x140
[   27.157429]  __qdisc_run+0x57d/0x19c0
[   27.161194]  ? sch_direct_xmit+0x1140/0x1140
[   27.165567]  ? lock_release+0xa40/0xa40
[   27.169507]  ? __dev_queue_xmit+0x2d8/0x2b50
[   27.173887]  ? pfifo_fast_enqueue+0x2a0/0x420
[   27.178346]  __dev_queue_xmit+0xb62/0x2b50
[   27.182547]  ? netdev_pick_tx+0x300/0x300
[   27.186672]  ? check_noncircular+0x20/0x20
[   27.190870]  ? __local_bh_enable_ip+0x121/0x230
[   27.195501]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   27.200482]  ? __neigh_create+0x1657/0x1d90
[   27.204773]  ? __local_bh_enable_ip+0x121/0x230
[   27.209407]  ? _raw_write_unlock_bh+0x30/0x40
[   27.213865]  ? __neigh_create+0xc06/0x1d90
[   27.218066]  ? print_irqtrace_events+0x270/0x270
[   27.222789]  ? ip_finish_output2+0x8c6/0x14f0
[   27.227246]  ? lock_downgrade+0x980/0x980
[   27.231359]  ? lock_release+0xa40/0xa40
[   27.235295]  ? mark_held_locks+0xaf/0x100
[   27.239409]  ? memcpy+0x45/0x50
[   27.242653]  dev_queue_xmit+0x17/0x20
[   27.246419]  ? dev_queue_xmit+0x17/0x20
[   27.250355]  neigh_resolve_output+0x5e2/0xa00
[   27.254819]  ? ether_setup+0x2d0/0x2d0
[   27.258671]  ? __neigh_event_send+0x1040/0x1040
[   27.263304]  ? ip_finish_output+0x864/0xd10
[   27.267587]  ? ip_mc_output+0x271/0x1350
[   27.271610]  ? ip_local_out+0x95/0x160
[   27.275460]  ip_finish_output2+0x8c6/0x14f0
[   27.279747]  ? mark_held_locks+0x10/0x100
[   27.283865]  ? ip_copy_metadata+0xac0/0xac0
[   27.288151]  ? check_noncircular+0x20/0x20
[   27.292358]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   27.297337]  ? ipt_do_table+0xd0a/0x1330
[   27.301361]  ? trace_hardirqs_on+0xd/0x10
[   27.305472]  ? __local_bh_enable_ip+0x121/0x230
[   27.310103]  ? ipt_do_table+0xd75/0x1330
[   27.314129]  ? ipv4_mtu+0x347/0x4c0
[   27.317720]  ? rt_cpu_seq_show+0x2c0/0x2c0
[   27.321921]  ? find_held_lock+0x35/0x1d0
[   27.325949]  ip_finish_output+0x864/0xd10
[   27.330059]  ? ip_finish_output+0x864/0xd10
[   27.334349]  ? ip_fragment.constprop.47+0x200/0x200
[   27.339328]  ? iptable_mangle_hook+0xaf/0x4a0
[   27.343791]  ? nf_hook_slow+0xd3/0x1a0
[   27.347643]  ip_mc_output+0x271/0x1350
[   27.351511]  ? ip_queue_xmit+0x18e0/0x18e0
[   27.355713]  ? lock_downgrade+0x980/0x980
[   27.359827]  ? nf_hook_slow+0xd3/0x1a0
[   27.363680]  ? __ip_local_out+0x494/0x7a0
[   27.367791]  ? ip_copy_addrs+0xe0/0xe0
[   27.371644]  ? skb_copy_ubufs+0x1910/0x1910
[   27.375931]  ? ip_fragment.constprop.47+0x200/0x200
[   27.380912]  ? __ip_select_ident+0x168/0x270
[   27.385283]  ? ip_idents_reserve+0x2a0/0x2a0
[   27.389654]  ip_local_out+0x95/0x160
[   27.393335]  iptunnel_xmit+0x556/0x810
[   27.397187]  ip_tunnel_xmit+0x1780/0x3650
[   27.401300]  ? ip_md_tunnel_xmit+0x14d0/0x14d0
[   27.405845]  ? lock_downgrade+0x980/0x980
[   27.409958]  ? pvclock_read_flags+0x160/0x160
[   27.414421]  ? mark_held_locks+0xaf/0x100
[   27.418534]  ? ktime_get_with_offset+0x188/0x420
[   27.423256]  ? kvm_clock_get_cycles+0x25/0x30
[   27.427716]  ? do_gettimeofday+0x190/0x190
[   27.431921]  __gre_xmit+0x546/0x8b0
[   27.435515]  erspan_xmit+0x7eb/0x2430
[   27.439279]  ? gretap_fb_dev_create+0x250/0x250
[   27.443912]  ? __lock_is_held+0xb6/0x140
[   27.447945]  dev_hard_start_xmit+0x24e/0xac0
[   27.452317]  ? validate_xmit_skb_list+0x120/0x120
[   27.457129]  ? __skb_gso_segment+0x810/0x810
[   27.461502]  ? lock_acquire+0x1d5/0x580
[   27.465440]  ? lock_acquire+0x1d5/0x580
[   27.469379]  ? sch_direct_xmit+0x361/0x1140
[   27.473663]  ? validate_xmit_skb+0x50d/0xaf0
[   27.478039]  ? lock_release+0xa40/0xa40
[   27.481978]  ? netif_skb_features+0x9b0/0x9b0
[   27.486447]  ? pfifo_fast_dequeue+0x20e/0x870
[   27.490913]  sch_direct_xmit+0x40d/0x1140
[   27.495030]  ? pfifo_fast_reset+0x490/0x490
[   27.499316]  ? __lock_is_held+0xb6/0x140
[   27.503342]  __qdisc_run+0x57d/0x19c0
[   27.507109]  ? sch_direct_xmit+0x1140/0x1140
[   27.511482]  ? lock_release+0xa40/0xa40
[   27.515420]  ? __dev_queue_xmit+0x2d8/0x2b50
[   27.519796]  ? pfifo_fast_enqueue+0x2a0/0x420
[   27.524257]  __dev_queue_xmit+0xb62/0x2b50
[   27.528460]  ? netdev_pick_tx+0x300/0x300
[   27.532574]  ? find_held_lock+0x35/0x1d0
[   27.536603]  ? lock_downgrade+0x980/0x980
[   27.540718]  ? check_noncircular+0x20/0x20
[   27.544919]  ? __local_bh_enable_ip+0x121/0x230
[   27.549552]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   27.554541]  ? __neigh_create+0x1657/0x1d90
[   27.558829]  ? __local_bh_enable_ip+0x121/0x230
[   27.563464]  ? _raw_write_unlock_bh+0x30/0x40
[   27.567923]  ? __neigh_create+0xc06/0x1d90
[   27.572126]  ? print_irqtrace_events+0x270/0x270
[   27.576863]  ? ip_finish_output2+0x8c6/0x14f0
[   27.581323]  ? lock_downgrade+0x980/0x980
[   27.585435]  ? lock_release+0xa40/0xa40
[   27.589372]  ? mark_held_locks+0xaf/0x100
[   27.593488]  ? memcpy+0x45/0x50
[   27.596740]  dev_queue_xmit+0x17/0x20
[   27.600506]  ? dev_queue_xmit+0x17/0x20
[   27.604458]  neigh_resolve_output+0x5e2/0xa00
[   27.608917]  ? ether_setup+0x2d0/0x2d0
[   27.612777]  ? __neigh_event_send+0x1040/0x1040
[   27.617422]  ? tun_get_user+0x2760/0x3940
[   27.621534]  ? tun_chr_write_iter+0xb9/0x160
[   27.625912]  ? do_iter_readv_writev+0x525/0x7f0
[   27.630552]  ip_finish_output2+0x8c6/0x14f0
[   27.634839]  ? mark_held_locks+0x10/0x100
[   27.638961]  ? ip_copy_metadata+0xac0/0xac0
[   27.643244]  ? check_noncircular+0x20/0x20
[   27.647441]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   27.652423]  ? ipt_do_table+0xd0a/0x1330
[   27.656454]  ? trace_hardirqs_on+0xd/0x10
[   27.660566]  ? __local_bh_enable_ip+0x121/0x230
[   27.665198]  ? ipt_do_table+0xd75/0x1330
[   27.669227]  ? ipv4_mtu+0x347/0x4c0
[   27.672825]  ? rt_cpu_seq_show+0x2c0/0x2c0
[   27.677031]  ? find_held_lock+0x35/0x1d0
[   27.681067]  ip_finish_output+0x864/0xd10
[   27.685181]  ? ip_finish_output+0x864/0xd10
[   27.689467]  ? ip_fragment.constprop.47+0x200/0x200
[   27.694452]  ? iptable_mangle_hook+0xaf/0x4a0
[   27.698918]  ? nf_hook_slow+0xd3/0x1a0
[   27.702773]  ip_mc_output+0x271/0x1350
[   27.706636]  ? ip_queue_xmit+0x18e0/0x18e0
[   27.710858]  ? lock_downgrade+0x980/0x980
[   27.715001]  ? nf_hook_slow+0xd3/0x1a0
[   27.718871]  ? __ip_local_out+0x494/0x7a0
[   27.723009]  ? ip_copy_addrs+0xe0/0xe0
[   27.726873]  ? dst_release+0x3a/0x90
[   27.730561]  ? __ip_make_skb+0xfd1/0x1850
[   27.734681]  ? ip_fragment.constprop.47+0x200/0x200
[   27.739665]  ip_local_out+0x95/0x160
[   27.743345]  ip_send_skb+0x3c/0xc0
[   27.746856]  ip_push_pending_frames+0x64/0x80
[   27.751327]  icmp_push_reply+0x395/0x4f0
[   27.755366]  icmp_send+0x1136/0x19b0
[   27.759055]  ? icmp_route_lookup.constprop.24+0x1360/0x1360
[   27.764732]  ? check_noncircular+0x20/0x20
[   27.768966]  ? __lock_acquire+0x664/0x3e00
[   27.773169]  ? __debug_object_init+0x235/0x1040
[   27.777814]  ? __is_insn_slot_addr+0x1fc/0x330
[   27.782369]  ? find_held_lock+0x35/0x1d0
[   27.786398]  ? lock_downgrade+0x980/0x980
[   27.790515]  ? lock_release+0xa40/0xa40
[   27.794457]  ip_options_compile+0xc21/0x1a50
[   27.798833]  ? ip_forward+0x1cd0/0x1cd0
[   27.802776]  ? ip_route_input_rcu+0x3180/0x3180
[   27.807414]  ip_rcv_finish+0x80f/0x1e30
[   27.811361]  ? inet_del_offload+0x40/0x40
[   27.815472]  ? ip_rcv+0xf22/0x1840
[   27.818980]  ? lock_downgrade+0x980/0x980
[   27.823903]  ? nf_nat_ipv4_in+0x1cd/0x270
[   27.828020]  ? iptable_nat_ipv4_fn+0x40/0x40
[   27.832408]  ? nf_hook_slow+0xd3/0x1a0
[   27.836264]  ip_rcv+0xc5a/0x1840
[   27.839600]  ? ip_local_deliver+0x6e0/0x6e0
[   27.843890]  ? inet_del_offload+0x40/0x40
[   27.848003]  ? ip_local_deliver+0x6e0/0x6e0
[   27.852306]  __netif_receive_skb_core+0x1a41/0x3460
[   27.857288]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.862445]  ? nf_ingress+0x9f0/0x9f0
[   27.866215]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.871369]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.876523]  ? check_noncircular+0x20/0x20
[   27.880724]  ? check_noncircular+0x20/0x20
[   27.884925]  ? lock_release+0xa40/0xa40
[   27.888870]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   27.893942]  ? print_irqtrace_events+0x270/0x270
[   27.898666]  ? lock_downgrade+0x980/0x980
[   27.902781]  ? pvclock_read_flags+0x160/0x160
[   27.907240]  ? mark_held_locks+0xaf/0x100
[   27.911352]  ? lock_acquire+0x1d5/0x580
[   27.915288]  ? lock_acquire+0x1d5/0x580
[   27.919227]  ? netif_receive_skb_internal+0xa2/0x670
[   27.924298]  ? ktime_get_with_offset+0x2c1/0x420
[   27.929193]  ? lock_release+0xa40/0xa40
[   27.933136]  ? do_gettimeofday+0x190/0x190
[   27.937338]  __netif_receive_skb+0x2c/0x1b0
[   27.941624]  ? __netif_receive_skb+0x2c/0x1b0
[   27.946087]  netif_receive_skb_internal+0x10b/0x670
[   27.951078]  ? dev_cpu_dead+0xb00/0xb00
[   27.955027]  ? net_rx_action+0x1910/0x1910
[   27.959224]  ? eth_type_trans+0x2b2/0x710
[   27.963335]  ? eth_gro_receive+0x820/0x820
[   27.967536]  napi_gro_frags+0x58a/0xaf0
[   27.971480]  ? napi_gro_receive+0x500/0x500
[   27.975774]  ? tun_get_user+0x2737/0x3940
[   27.979888]  tun_get_user+0x2760/0x3940
[   27.983833]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.988989]  ? do_huge_pmd_anonymous_page+0xb21/0x1b00
[   27.994242]  ? tun_build_skb.isra.49+0x1810/0x1810
[   27.999145]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   28.004301]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   28.009460]  ? find_held_lock+0x35/0x1d0
[   28.013490]  ? tun_get+0x1ab/0x2e0
[   28.016996]  ? lock_release+0xa40/0xa40
[   28.020939]  ? __lock_is_held+0xb6/0x140
[   28.024965]  ? tun_get+0x1d4/0x2e0
[   28.028471]  ? tun_do_read+0x2600/0x2600
[   28.032496]  ? __check_object_size+0x25d/0x4f0
[   28.037041]  ? rcu_note_context_switch+0x710/0x710
[   28.041937]  tun_chr_write_iter+0xb9/0x160
[   28.046137]  do_iter_readv_writev+0x525/0x7f0
[   28.050600]  ? vfs_dedupe_file_range+0x8f0/0x8f0
[   28.055324]  ? rw_verify_area+0xe5/0x2b0
[   28.059354]  do_iter_write+0x154/0x540
[   28.063219]  ? dup_iter+0x260/0x260
[   28.066826]  vfs_writev+0x18a/0x340
[   28.070423]  ? __fget_light+0x297/0x380
[   28.074364]  ? vfs_iter_write+0xb0/0xb0
[   28.078301]  ? up_read+0x1a/0x40
[   28.081636]  ? __do_page_fault+0x3d6/0xc90
[   28.085837]  ? mm_fault_error+0x2c0/0x2c0
[   28.089951]  ? __fdget_pos+0x130/0x190
[   28.093801]  ? __fdget_raw+0x20/0x20
[   28.097478]  ? __do_page_fault+0xc90/0xc90
[   28.101676]  do_writev+0xfc/0x2a0
[   28.105093]  ? do_writev+0xfc/0x2a0
[   28.108684]  ? vfs_writev+0x340/0x340
[   28.112456]  ? entry_SYSCALL_64_fastpath+0x5/0x9a
[   28.117276]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   28.122264]  SyS_writev+0x27/0x30
[   28.125684]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   28.130415] RIP: 0033:0x444f50
[   28.133571] RSP: 002b:00007ffd438c8fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   28.141241] RAX: ffffffffffffffda RBX: 00000000004a6852 RCX: 0000000000444f50
[   28.1484