[....] Starting enhanced syslogd: rsyslogd[   12.642167] audit: type=1400 audit(1515866588.847:5): avc:  denied  { syslog } for  pid=3506 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.348549] audit: type=1400 audit(1515866594.553:6): avc:  denied  { map } for  pid=3645 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.15.244' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
[   24.534995] audit: type=1400 audit(1515866600.739:7): avc:  denied  { map } for  pid=3659 comm="syzkaller688801" path="/root/syzkaller688801828" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   24.799919] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
[   25.130783] 
[   25.132415] ============================================
[   25.137826] WARNING: possible recursive locking detected
[   25.143240] 4.15.0-rc7-mm1+ #56 Not tainted
[   25.147524] --------------------------------------------
[   25.152984] syzkaller688801/3659 is trying to acquire lock:
[   25.158669]  (_xmit_ETHER#2){+.-.}, at: [<0000000040cbac40>] sch_direct_xmit+0x361/0x1140
[   25.166976] 
[   25.166976] but task is already holding lock:
[   25.172909]  (_xmit_ETHER#2){+.-.}, at: [<0000000040cbac40>] sch_direct_xmit+0x361/0x1140
[   25.181193] 
[   25.181193] other info that might help us debug this:
[   25.187819]  Possible unsafe locking scenario:
[   25.187819] 
[   25.193851]        CPU0
[   25.196400]        ----
[   25.198944]   lock(_xmit_ETHER#2);
[   25.202447]   lock(_xmit_ETHER#2);
[   25.205959] 
[   25.205959]  *** DEADLOCK ***
[   25.205959] 
[   25.212329]  May be due to missing lock nesting notation
[   25.212329] 
[   25.219217] 8 locks held by syzkaller688801/3659:
[   25.224021]  #0:  (&tfile->napi_mutex){+.+.}, at: [<00000000b9f4e4d2>] tun_get_user+0xe6c/0x3940
[   25.232916]  #1:  (rcu_read_lock){....}, at: [<000000001759d51f>] netif_receive_skb_internal+0xa2/0x670
[   25.242415]  #2:  (k-slock-AF_INET){+...}, at: [<000000002845f617>] icmp_send+0x758/0x19b0
[   25.250783]  #3:  (rcu_read_lock_bh){....}, at: [<00000000db5cbb39>] ip_finish_output2+0x2aa/0x14f0
[   25.259933]  #4:  (rcu_read_lock_bh){....}, at: [<000000001955cdd9>] __dev_queue_xmit+0x2d8/0x2b50
[   25.269003]  #5:  (_xmit_ETHER#2){+.-.}, at: [<0000000040cbac40>] sch_direct_xmit+0x361/0x1140
[   25.277722]  #6:  (rcu_read_lock_bh){....}, at: [<00000000db5cbb39>] ip_finish_output2+0x2aa/0x14f0
[   25.286896]  #7:  (rcu_read_lock_bh){....}, at: [<000000001955cdd9>] __dev_queue_xmit+0x2d8/0x2b50
[   25.295959] 
[   25.295959] stack backtrace:
[   25.300513] CPU: 1 PID: 3659 Comm: syzkaller688801 Not tainted 4.15.0-rc7-mm1+ #56
[   25.308182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.317498] Call Trace:
[   25.320054]  dump_stack+0x194/0x257
[   25.323647]  ? arch_local_irq_restore+0x53/0x53
[   25.328283]  __lock_acquire+0xe8f/0x3e00
[   25.332308]  ? print_lockdep_cache.isra.31+0x109/0x109
[   25.337553]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   25.342712]  ? __kernel_text_address+0xd/0x40
[   25.347170]  ? unwind_get_return_address+0x61/0xa0
[   25.352065]  ? __save_stack_trace+0x7e/0xd0
[   25.356351]  ? print_lockdep_cache.isra.31+0x109/0x109
[   25.361592]  ? save_stack_trace+0x1a/0x20
[   25.365702]  ? save_trace+0xe0/0x2b0
[   25.369386]  ? __lock_acquire+0x36c0/0x3e00
[   25.373672]  ? skb_network_protocol+0xef/0x4b0
[   25.378218]  ? check_noncircular+0x20/0x20
[   25.382419]  ? netif_skb_features+0x5ff/0x9b0
[   25.386875]  ? dev_get_by_index_rcu+0x320/0x320
[   25.391507]  ? __skb_gso_segment+0x810/0x810
[   25.395879]  lock_acquire+0x1d5/0x580
[   25.399645]  ? lock_acquire+0x1d5/0x580
[   25.403581]  ? sch_direct_xmit+0x361/0x1140
[   25.407866]  ? validate_xmit_skb+0x50d/0xaf0
[   25.412250]  ? lock_release+0xa40/0xa40
[   25.416187]  ? netif_skb_features+0x9b0/0x9b0
[   25.420647]  ? pfifo_fast_dequeue+0x20e/0x870
[   25.425108]  _raw_spin_lock+0x2a/0x40
[   25.428871]  ? sch_direct_xmit+0x361/0x1140
[   25.433173]  sch_direct_xmit+0x361/0x1140
[   25.437284]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   25.442269]  ? pfifo_fast_reset+0x490/0x490
[   25.446552]  ? __lock_is_held+0xb6/0x140
[   25.450581]  __qdisc_run+0x57d/0x19c0
[   25.454345]  ? sch_direct_xmit+0x1140/0x1140
[   25.458717]  ? lock_release+0xa40/0xa40
[   25.462653]  ? __dev_queue_xmit+0x2d8/0x2b50
[   25.467041]  ? pfifo_fast_enqueue+0x2a0/0x420
[   25.471501]  __dev_queue_xmit+0xb62/0x2b50
[   25.475705]  ? netdev_pick_tx+0x300/0x300
[   25.479823]  ? find_held_lock+0x35/0x1d0
[   25.483849]  ? lock_downgrade+0x980/0x980
[   25.487961]  ? check_noncircular+0x20/0x20
[   25.492159]  ? __local_bh_enable_ip+0x121/0x230
[   25.496791]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   25.501772]  ? __neigh_create+0x1657/0x1d90
[   25.506065]  ? __local_bh_enable_ip+0x121/0x230
[   25.510697]  ? _raw_write_unlock_bh+0x30/0x40
[   25.515157]  ? __neigh_create+0xc06/0x1d90
[   25.519365]  ? print_irqtrace_events+0x270/0x270
[   25.524093]  ? ip_finish_output2+0x8c6/0x14f0
[   25.528551]  ? lock_downgrade+0x980/0x980
[   25.532664]  ? lock_release+0xa40/0xa40
[   25.536607]  ? mark_held_locks+0xaf/0x100
[   25.540729]  ? memcpy+0x45/0x50
[   25.543981]  dev_queue_xmit+0x17/0x20
[   25.547747]  ? dev_queue_xmit+0x17/0x20
[   25.551686]  neigh_resolve_output+0x5e2/0xa00
[   25.556142]  ? ether_setup+0x2d0/0x2d0
[   25.559992]  ? __neigh_event_send+0x1040/0x1040
[   25.564630]  ? ip_finish_output+0x864/0xd10
[   25.568913]  ? ip_mc_output+0x271/0x1350
[   25.572938]  ip_finish_output2+0x8c6/0x14f0
[   25.577223]  ? ip_copy_metadata+0xac0/0xac0
[   25.581511]  ? check_noncircular+0x20/0x20
[   25.585709]  ? ipt_do_table+0xdd3/0x13b0
[   25.589738]  ? ipv4_mtu+0x347/0x4c0
[   25.593328]  ? rt_cpu_seq_show+0x2c0/0x2c0
[   25.597526]  ? find_held_lock+0x35/0x1d0
[   25.601555]  ip_finish_output+0x864/0xd10
[   25.605666]  ? ip_finish_output+0x864/0xd10
[   25.609951]  ? ip_fragment.constprop.47+0x200/0x200
[   25.614930]  ? iptable_mangle_hook+0xaf/0x4a0
[   25.619393]  ? nf_hook_slow+0xd3/0x1a0
[   25.623246]  ip_mc_output+0x271/0x1350
[   25.627108]  ? ip_queue_xmit+0x18e0/0x18e0
[   25.631308]  ? lock_downgrade+0x980/0x980
[   25.635428]  ? nf_hook_slow+0xd3/0x1a0
[   25.639294]  ? __ip_local_out+0x494/0x7a0
[   25.643412]  ? ip_copy_addrs+0xe0/0xe0
[   25.647266]  ? skb_copy_ubufs+0x1910/0x1910
[   25.651553]  ? ip_fragment.constprop.47+0x200/0x200
[   25.656540]  ? __ip_select_ident+0x168/0x270
[   25.660911]  ? ip_idents_reserve+0x2a0/0x2a0
[   25.665282]  ip_local_out+0x95/0x160
[   25.668960]  iptunnel_xmit+0x556/0x810
[   25.673332]  ip_tunnel_xmit+0x1780/0x3650
[   25.677447]  ? ip_md_tunnel_xmit+0x14d0/0x14d0
[   25.682000]  ? lock_downgrade+0x980/0x980
[   25.686115]  ? pvclock_read_flags+0x160/0x160
[   25.690574]  ? mark_held_locks+0xaf/0x100
[   25.694686]  ? ktime_get_with_offset+0x188/0x420
[   25.699408]  ? kvm_clock_get_cycles+0x25/0x30
[   25.703871]  ? do_gettimeofday+0x190/0x190
[   25.708069]  __gre_xmit+0x546/0x8b0
[   25.711661]  erspan_xmit+0x7eb/0x2430
[   25.715428]  ? gretap_fb_dev_create+0x250/0x250
[   25.720063]  ? __lock_is_held+0xb6/0x140
[   25.724090]  dev_hard_start_xmit+0x24e/0xac0
[   25.728465]  ? validate_xmit_skb_list+0x120/0x120
[   25.733273]  ? __skb_gso_segment+0x810/0x810
[   25.737661]  ? lock_acquire+0x1d5/0x580
[   25.741596]  ? lock_acquire+0x1d5/0x580
[   25.745532]  ? sch_direct_xmit+0x361/0x1140
[   25.749818]  ? validate_xmit_skb+0x50d/0xaf0
[   25.754192]  ? lock_release+0xa40/0xa40
[   25.758148]  ? netif_skb_features+0x9b0/0x9b0
[   25.762608]  ? pfifo_fast_dequeue+0x20e/0x870
[   25.767089]  sch_direct_xmit+0x40d/0x1140
[   25.771209]  ? pfifo_fast_reset+0x490/0x490
[   25.775492]  ? __lock_is_held+0xb6/0x140
[   25.779530]  __qdisc_run+0x57d/0x19c0
[   25.783302]  ? sch_direct_xmit+0x1140/0x1140
[   25.787682]  ? lock_release+0xa40/0xa40
[   25.791621]  ? __dev_queue_xmit+0x2d8/0x2b50
[   25.795995]  ? pfifo_fast_enqueue+0x2a0/0x420
[   25.800460]  __dev_queue_xmit+0xb62/0x2b50
[   25.804661]  ? netdev_pick_tx+0x300/0x300
[   25.808775]  ? find_held_lock+0x35/0x1d0
[   25.812799]  ? lock_downgrade+0x980/0x980
[   25.816913]  ? check_noncircular+0x20/0x20
[   25.821119]  ? __local_bh_enable_ip+0x121/0x230
[   25.825751]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   25.830730]  ? __neigh_create+0x1657/0x1d90
[   25.835014]  ? __local_bh_enable_ip+0x121/0x230
[   25.839647]  ? _raw_write_unlock_bh+0x30/0x40
[   25.844122]  ? __neigh_create+0xc06/0x1d90
[   25.848322]  ? print_irqtrace_events+0x270/0x270
[   25.853050]  ? ip_finish_output2+0x8c6/0x14f0
[   25.857511]  ? lock_downgrade+0x980/0x980
[   25.861623]  ? lock_release+0xa40/0xa40
[   25.865562]  ? mark_held_locks+0xaf/0x100
[   25.869677]  ? memcpy+0x45/0x50
[   25.872920]  dev_queue_xmit+0x17/0x20
[   25.876684]  ? dev_queue_xmit+0x17/0x20
[   25.880621]  neigh_resolve_output+0x5e2/0xa00
[   25.885076]  ? ether_setup+0x2d0/0x2d0
[   25.888927]  ? __neigh_event_send+0x1040/0x1040
[   25.893567]  ? tun_get_user+0x2760/0x3940
[   25.897676]  ? tun_chr_write_iter+0xb9/0x160
[   25.902060]  ip_finish_output2+0x8c6/0x14f0
[   25.906352]  ? ip_copy_metadata+0xac0/0xac0
[   25.910634]  ? check_noncircular+0x20/0x20
[   25.914832]  ? ipt_do_table+0xdd3/0x13b0
[   25.918864]  ? ipv4_mtu+0x347/0x4c0
[   25.922456]  ? rt_cpu_seq_show+0x2c0/0x2c0
[   25.926654]  ? find_held_lock+0x35/0x1d0
[   25.930679]  ip_finish_output+0x864/0xd10
[   25.934788]  ? ip_finish_output+0x864/0xd10
[   25.939079]  ? ip_fragment.constprop.47+0x200/0x200
[   25.944057]  ? iptable_mangle_hook+0xaf/0x4a0
[   25.948519]  ? nf_hook_slow+0xd3/0x1a0
[   25.952376]  ip_mc_output+0x271/0x1350
[   25.956238]  ? ip_queue_xmit+0x18e0/0x18e0
[   25.960437]  ? lock_downgrade+0x980/0x980
[   25.964550]  ? nf_hook_slow+0xd3/0x1a0
[   25.968581]  ? __ip_local_out+0x494/0x7a0
[   25.972698]  ? ip_copy_addrs+0xe0/0xe0
[   25.976550]  ? dst_release+0x3a/0x90
[   25.980227]  ? __ip_make_skb+0xfd1/0x1850
[   25.984344]  ? ip_fragment.constprop.47+0x200/0x200
[   25.989326]  ip_local_out+0x95/0x160
[   25.993010]  ip_send_skb+0x3c/0xc0
[   25.996512]  ip_push_pending_frames+0x64/0x80
[   26.000972]  icmp_push_reply+0x395/0x4f0
[   26.004997]  icmp_send+0x1136/0x19b0
[   26.008684]  ? icmp_route_lookup.constprop.24+0x1360/0x1360
[   26.014370]  ? check_noncircular+0x20/0x20
[   26.018572]  ? __lock_acquire+0x664/0x3e00
[   26.022771]  ? __debug_object_init+0x235/0x1040
[   26.027407]  ? __is_insn_slot_addr+0x1fc/0x330
[   26.031953]  ? find_held_lock+0x35/0x1d0
[   26.035982]  ? lock_downgrade+0x980/0x980
[   26.040094]  ? lock_release+0xa40/0xa40
[   26.044035]  ip_options_compile+0xc21/0x1a50
[   26.048410]  ? ip_forward+0x1cd0/0x1cd0
[   26.052348]  ? ip_route_input_rcu+0x3180/0x3180
[   26.057155]  ip_rcv_finish+0x80f/0x1e30
[   26.061094]  ? inet_del_offload+0x40/0x40
[   26.065205]  ? ip_rcv+0xf22/0x1840
[   26.068723]  ? lock_downgrade+0x980/0x980
[   26.072843]  ? nf_nat_ipv4_in+0x1cd/0x270
[   26.076962]  ? iptable_nat_ipv4_fn+0x40/0x40
[   26.081336]  ? nf_hook_slow+0xd3/0x1a0
[   26.085189]  ip_rcv+0xc5a/0x1840
[   26.088522]  ? ip_local_deliver+0x6e0/0x6e0
[   26.092807]  ? inet_del_offload+0x40/0x40
[   26.096917]  ? ip_local_deliver+0x6e0/0x6e0
[   26.101205]  __netif_receive_skb_core+0x1a41/0x3460
[   26.106184]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.111341]  ? nf_ingress+0x9f0/0x9f0
[   26.115115]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.120269]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.125425]  ? check_noncircular+0x20/0x20
[   26.129640]  ? check_noncircular+0x20/0x20
[   26.133838]  ? lock_downgrade+0x980/0x980
[   26.137962]  ? lock_release+0xa40/0xa40
[   26.141924]  ? mark_held_locks+0xaf/0x100
[   26.146044]  ? print_irqtrace_events+0x270/0x270
[   26.150767]  ? lock_downgrade+0x980/0x980
[   26.154881]  ? pvclock_read_flags+0x160/0x160
[   26.159340]  ? mark_held_locks+0xaf/0x100
[   26.163452]  ? lock_acquire+0x1d5/0x580
[   26.167398]  ? lock_acquire+0x1d5/0x580
[   26.171338]  ? netif_receive_skb_internal+0xa2/0x670
[   26.176406]  ? ktime_get_with_offset+0x2c1/0x420
[   26.181126]  ? lock_release+0xa40/0xa40
[   26.185071]  ? do_gettimeofday+0x190/0x190
[   26.189271]  __netif_receive_skb+0x2c/0x1b0
[   26.193557]  ? __netif_receive_skb+0x2c/0x1b0
[   26.198018]  netif_receive_skb_internal+0x10b/0x670
[   26.203000]  ? dev_cpu_dead+0xb00/0xb00
[   26.206948]  ? net_rx_action+0x1910/0x1910
[   26.211148]  ? eth_type_trans+0x2b2/0x710
[   26.215259]  ? eth_gro_receive+0x820/0x820
[   26.219460]  napi_gro_frags+0x58a/0xaf0
[   26.223401]  ? napi_gro_receive+0x500/0x500
[   26.227699]  ? tun_get_user+0x2737/0x3940
[   26.231812]  tun_get_user+0x2760/0x3940
[   26.235750]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.240921]  ? do_huge_pmd_anonymous_page+0xb1e/0x1b00
[   26.246165]  ? tun_build_skb.isra.49+0x1810/0x1810
[   26.251060]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.256215]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.261375]  ? trace_hardirqs_on+0xd/0x10
[   26.265491]  ? find_held_lock+0x35/0x1d0
[   26.269519]  ? tun_get+0x1ab/0x2e0
[   26.273081]  ? lock_release+0xa40/0xa40
[   26.277022]  ? __lock_is_held+0xb6/0x140
[   26.281064]  ? tun_get+0x1d4/0x2e0
[   26.284568]  ? tun_do_read+0x2600/0x2600
[   26.288595]  ? __check_object_size+0x8b/0x530
[   26.293057]  ? rcu_note_context_switch+0x710/0x710
[   26.297953]  tun_chr_write_iter+0xb9/0x160
[   26.302155]  do_iter_readv_writev+0x525/0x7f0
[   26.306616]  ? vfs_dedupe_file_range+0x8f0/0x8f0
[   26.311335]  ? rw_verify_area+0xe5/0x2b0
[   26.315359]  do_iter_write+0x154/0x540
[   26.319212]  ? dup_iter+0x260/0x260
[   26.322803]  vfs_writev+0x18a/0x340
[   26.326395]  ? __fget_light+0x297/0x380
[   26.330333]  ? vfs_iter_write+0xb0/0xb0
[   26.334272]  ? up_read+0x1a/0x40
[   26.337601]  ? __do_page_fault+0x3d6/0xc90
[   26.341805]  ? mm_fault_error+0x2c0/0x2c0
[   26.345922]  ? __fdget_pos+0x130/0x190
[   26.349773]  ? __fdget_raw+0x20/0x20
[   26.353453]  ? __do_page_fault+0xc90/0xc90
[   26.357649]  do_writev+0xfc/0x2a0
[   26.361064]  ? do_writev+0xfc/0x2a0
[   26.364662]  ? vfs_writev+0x340/0x340
[   26.368434]  ? entry_SYSCALL_64_fastpath+0x5/0xa0
[   26.373240]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   26.378219]  SyS_writev+0x27/0x30
[   26.381635]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   26.386353] RIP: 0033:0x444f50
[   26.389510] RSP: 002b:00007ffe0fc7fd88 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   26.397182] RAX: ffffffffffffffda RBX: 00000000004a6852 RCX: 0000000000444f50
[   26.404414] RDX: 0000000000000001 RSI: 00007ffe0fc7fdc0 RDI: 0000000000000003
[   26.411648] RBP: 00007ffe0fc7feb8 R08: 0000000000000023 R09: 0000000000000000
[   26.418881] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe0fc7feb8
[   26.426117] R13: 0000000000402520 R14: 0000000000000000 R15: 0000000000000000
[