[....] Starting enhanced syslogd: rsyslogd[   12.323186] audit: type=1400 audit(1515865320.309:5): avc:  denied  { syslog } for  pid=3495 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   19.300356] audit: type=1400 audit(1515865327.285:6): avc:  denied  { map } for  pid=3635 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.55' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
[   25.527931] audit: type=1400 audit(1515865333.513:7): avc:  denied  { map } for  pid=3649 comm="syzkaller832480" path="/root/syzkaller832480623" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   25.915589] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
[   26.257595] 
[   26.259259] ============================================
[   26.264672] WARNING: possible recursive locking detected
[   26.270104] 4.15.0-rc7+ #260 Not tainted
[   26.274134] --------------------------------------------
[   26.279550] syzkaller832480/3649 is trying to acquire lock:
[   26.285226]  (_xmit_ETHER#2){+.-.}, at: [<00000000ea08d803>] sch_direct_xmit+0x280/0x6d0
[   26.293433] 
[   26.293433] but task is already holding lock:
[   26.299387]  (_xmit_ETHER#2){+.-.}, at: [<00000000ea08d803>] sch_direct_xmit+0x280/0x6d0
[   26.307600] 
[   26.307600] other info that might help us debug this:
[   26.314240]  Possible unsafe locking scenario:
[   26.314240] 
[   26.320263]        CPU0
[   26.322811]        ----
[   26.325359]   lock(_xmit_ETHER#2);
[   26.328876]   lock(_xmit_ETHER#2);
[   26.332405] 
[   26.332405]  *** DEADLOCK ***
[   26.332405] 
[   26.338446]  May be due to missing lock nesting notation
[   26.338446] 
[   26.345339] 10 locks held by syzkaller832480/3649:
[   26.350239]  #0:  (&tfile->napi_mutex){+.+.}, at: [<00000000a232d3e8>] tun_get_user+0xe5a/0x3710
[   26.359138]  #1:  (rcu_read_lock){....}, at: [<0000000009f53a60>] netif_receive_skb_internal+0xa2/0x670
[   26.368641]  #2:  (k-slock-AF_INET){+...}, at: [<00000000e490a16f>] icmp_send+0x75e/0x19d0
[   26.377020]  #3:  (rcu_read_lock_bh){....}, at: [<000000005ecd0c10>] ip_finish_output2+0x2b6/0x1500
[   26.386186]  #4:  (rcu_read_lock_bh){....}, at: [<0000000082b07fa2>] __dev_queue_xmit+0x294/0x2920
[   26.395253]  #5:  (dev->qdisc_running_key ?: &qdisc_running_key){+...}, at: [<00000000085ed058>] dev_queue_xmit+0x17/0x20
[   26.406331]  #6:  (_xmit_ETHER#2){+.-.}, at: [<00000000ea08d803>] sch_direct_xmit+0x280/0x6d0
[   26.414987]  #7:  (rcu_read_lock_bh){....}, at: [<000000005ecd0c10>] ip_finish_output2+0x2b6/0x1500
[   26.424153]  #8:  (rcu_read_lock_bh){....}, at: [<0000000082b07fa2>] __dev_queue_xmit+0x294/0x2920
[   26.433223]  #9:  (dev->qdisc_running_key ?: &qdisc_running_key){+...}, at: [<00000000085ed058>] dev_queue_xmit+0x17/0x20
[   26.444288] 
[   26.444288] stack backtrace:
[   26.448755] CPU: 0 PID: 3649 Comm: syzkaller832480 Not tainted 4.15.0-rc7+ #260
[   26.456165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.465489] Call Trace:
[   26.468048]  dump_stack+0x194/0x257
[   26.471642]  ? arch_local_irq_restore+0x53/0x53
[   26.476281]  __lock_acquire+0xe8f/0x3e00
[   26.480317]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.485486]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.490642]  ? __lock_acquire+0x664/0x3e00
[   26.494845]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.500003]  ? check_noncircular+0x20/0x20
[   26.504210]  ? trace_hardirqs_off+0x10/0x10
[   26.508505]  ? bpf_prog_kallsyms_find+0xbd/0x440
[   26.513242]  ? modules_open+0xa0/0xa0
[   26.517019]  ? trace_raw_output_xdp_redirect_map_err+0x440/0x440
[   26.523143]  ? check_noncircular+0x20/0x20
[   26.527344]  ? is_bpf_text_address+0x7b/0x120
[   26.531806]  ? lock_downgrade+0x980/0x980
[   26.535923]  ? skb_network_protocol+0xef/0x4b0
[   26.540482]  ? reacquire_held_locks+0x1f9/0x3e0
[   26.545125]  ? reacquire_held_locks+0x1f9/0x3e0
[   26.549762]  ? netif_skb_features+0x5ff/0x9b0
[   26.554228]  ? dev_get_by_index_rcu+0x320/0x320
[   26.558865]  lock_acquire+0x1d5/0x580
[   26.562631]  ? lock_acquire+0x1d5/0x580
[   26.566572]  ? sch_direct_xmit+0x280/0x6d0
[   26.570777]  ? lock_release+0xa40/0xa40
[   26.574727]  ? netif_skb_features+0x9b0/0x9b0
[   26.579189]  ? do_raw_spin_trylock+0x190/0x190
[   26.583743]  ? lock_acquire+0x1d5/0x580
[   26.587684]  ? __dev_queue_xmit+0xb37/0x2920
[   26.592062]  _raw_spin_lock+0x2a/0x40
[   26.595832]  ? sch_direct_xmit+0x280/0x6d0
[   26.600035]  sch_direct_xmit+0x280/0x6d0
[   26.604063]  ? dev_deactivate_queue.constprop.30+0x260/0x260
[   26.609829]  __dev_queue_xmit+0x1ce2/0x2920
[   26.614135]  ? netdev_pick_tx+0x300/0x300
[   26.618251]  ? find_held_lock+0x35/0x1d0
[   26.622281]  ? lock_downgrade+0x980/0x980
[   26.626405]  ? check_noncircular+0x20/0x20
[   26.630623]  ? __local_bh_enable_ip+0x121/0x230
[   26.635262]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   26.640246]  ? __neigh_create+0x1657/0x1d90
[   26.644535]  ? __local_bh_enable_ip+0x121/0x230
[   26.649175]  ? _raw_write_unlock_bh+0x30/0x40
[   26.653640]  ? __neigh_create+0xc06/0x1d90
[   26.657845]  ? print_irqtrace_events+0x270/0x270
[   26.662577]  ? ip_finish_output2+0x8d2/0x1500
[   26.667041]  ? lock_downgrade+0x980/0x980
[   26.671164]  ? lock_release+0xa40/0xa40
[   26.675106]  ? mark_held_locks+0xaf/0x100
[   26.679231]  ? memcpy+0x45/0x50
[   26.682480]  dev_queue_xmit+0x17/0x20
[   26.686248]  ? dev_queue_xmit+0x17/0x20
[   26.690187]  neigh_resolve_output+0x5e2/0xa00
[   26.694649]  ? ether_setup+0x2d0/0x2d0
[   26.698503]  ? __neigh_event_send+0x1050/0x1050
[   26.703141]  ? ip_finish_output+0x864/0xd10
[   26.707432]  ? ip_local_out+0x95/0x160
[   26.711288]  ? ip_send_skb+0x3c/0xc0
[   26.714987]  ? ip_push_pending_frames+0x64/0x80
[   26.719625]  ip_finish_output2+0x8d2/0x1500
[   26.723916]  ? ip_copy_metadata+0xac0/0xac0
[   26.728205]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   26.733190]  ? ipt_do_table+0xd0a/0x1330
[   26.737217]  ? trace_hardirqs_on+0xd/0x10
[   26.741337]  ? __local_bh_enable_ip+0x121/0x230
[   26.745974]  ? ipt_do_table+0xd75/0x1330
[   26.750013]  ? ipv4_mtu+0x34d/0x4c0
[   26.753613]  ? find_held_lock+0x35/0x1d0
[   26.757653]  ip_finish_output+0x864/0xd10
[   26.761767]  ? ip_finish_output+0x864/0xd10
[   26.766068]  ? ip_fragment.constprop.47+0x200/0x200
[   26.771053]  ? iptable_mangle_hook+0xa9/0x560
[   26.775514]  ? nf_hook_slow+0xd3/0x1a0
[   26.779375]  ip_mc_output+0x277/0x1360
[   26.783238]  ? ip_queue_xmit+0x18e0/0x18e0
[   26.787441]  ? lock_downgrade+0x980/0x980
[   26.791564]  ? nf_hook_slow+0xd3/0x1a0
[   26.795421]  ? __ip_local_out+0x494/0x7a0
[   26.799537]  ? ip_copy_addrs+0xe0/0xe0
[   26.803398]  ? skb_copy_ubufs+0x1910/0x1910
[   26.807689]  ? ip_fragment.constprop.47+0x200/0x200
[   26.812681]  ? __ip_select_ident+0x168/0x270
[   26.817058]  ? ip_idents_reserve+0x2a0/0x2a0
[   26.821441]  ip_local_out+0x95/0x160
[   26.825123]  iptunnel_xmit+0x556/0x810
[   26.828979]  ip_tunnel_xmit+0x1780/0x3650
[   26.833098]  ? skb_headers_offset_update+0x170/0x290
[   26.838167]  ? ip_md_tunnel_xmit+0x14e0/0x14e0
[   26.842730]  ? save_stack_trace+0x1a/0x20
[   26.846854]  ? skb_copy_ubufs+0x1910/0x1910
[   26.851152]  ? iptunnel_handle_offloads+0x3a3/0x710
[   26.856136]  __gre_xmit+0x546/0x8b0
[   26.859739]  erspan_xmit+0x409/0x13b0
[   26.863517]  ? prepare_fb_xmit+0x9a0/0x9a0
[   26.867720]  ? __lock_is_held+0xb6/0x140
[   26.871750]  dev_hard_start_xmit+0x24e/0xac0
[   26.876130]  ? validate_xmit_skb_list+0x120/0x120
[   26.880938]  ? netif_skb_features+0x5ff/0x9b0
[   26.885406]  ? lock_acquire+0x1d5/0x580
[   26.889359]  ? lock_acquire+0x1d5/0x580
[   26.893302]  ? sch_direct_xmit+0x280/0x6d0
[   26.897504]  ? lock_release+0xa40/0xa40
[   26.901450]  ? netif_skb_features+0x9b0/0x9b0
[   26.905912]  ? do_raw_spin_trylock+0x190/0x190
[   26.910461]  ? lock_acquire+0x1d5/0x580
[   26.914402]  ? __dev_queue_xmit+0xb37/0x2920
[   26.918780]  sch_direct_xmit+0x31d/0x6d0
[   26.922816]  ? dev_deactivate_queue.constprop.30+0x260/0x260
[   26.928593]  __dev_queue_xmit+0x1ce2/0x2920
[   26.932883]  ? netdev_pick_tx+0x300/0x300
[   26.937004]  ? check_noncircular+0x20/0x20
[   26.942047]  ? __local_bh_enable_ip+0x121/0x230
[   26.946697]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   26.951681]  ? __neigh_create+0x1657/0x1d90
[   26.955968]  ? __local_bh_enable_ip+0x121/0x230
[   26.960607]  ? _raw_write_unlock_bh+0x30/0x40
[   26.965067]  ? __neigh_create+0xc06/0x1d90
[   26.969278]  ? print_irqtrace_events+0x270/0x270
[   26.974007]  ? ip_finish_output2+0x8d2/0x1500
[   26.978482]  ? lock_downgrade+0x980/0x980
[   26.982599]  ? lock_release+0xa40/0xa40
[   26.986550]  ? mark_held_locks+0xaf/0x100
[   26.990667]  ? memcpy+0x45/0x50
[   26.993916]  dev_queue_xmit+0x17/0x20
[   26.997684]  ? dev_queue_xmit+0x17/0x20
[   27.001625]  neigh_resolve_output+0x5e2/0xa00
[   27.006088]  ? ether_setup+0x2d0/0x2d0
[   27.009943]  ? __neigh_event_send+0x1050/0x1050
[   27.014583]  ? tun_get_user+0x262e/0x3710
[   27.018701]  ? tun_chr_write_iter+0xb9/0x160
[   27.023076]  ? do_iter_readv_writev+0x525/0x7f0
[   27.027714]  ip_finish_output2+0x8d2/0x1500
[   27.032018]  ? ip_copy_metadata+0xac0/0xac0
[   27.036323]  ? check_noncircular+0x20/0x20
[   27.040538]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   27.045520]  ? ipt_do_table+0xd0a/0x1330
[   27.049548]  ? trace_hardirqs_on+0xd/0x10
[   27.053661]  ? __local_bh_enable_ip+0x121/0x230
[   27.058306]  ? ipt_do_table+0xd75/0x1330
[   27.062346]  ? ipv4_mtu+0x34d/0x4c0
[   27.065946]  ? rt_cpu_seq_show+0x2c0/0x2c0
[   27.070148]  ? find_held_lock+0x35/0x1d0
[   27.074176]  ip_finish_output+0x864/0xd10
[   27.078296]  ? ip_finish_output+0x864/0xd10
[   27.082589]  ? ip_fragment.constprop.47+0x200/0x200
[   27.087572]  ? iptable_mangle_hook+0xa9/0x560
[   27.092037]  ? nf_hook_slow+0xd3/0x1a0
[   27.096239]  ip_mc_output+0x277/0x1360
[   27.100109]  ? ip_queue_xmit+0x18e0/0x18e0
[   27.104318]  ? lock_downgrade+0x980/0x980
[   27.108435]  ? nf_hook_slow+0xd3/0x1a0
[   27.112288]  ? __ip_local_out+0x494/0x7a0
[   27.116401]  ? ip_copy_addrs+0xe0/0xe0
[   27.120257]  ? dst_release+0x3d/0x90
[   27.123937]  ? __ip_make_skb+0xfd7/0x1860
[   27.128053]  ? ip_fragment.constprop.47+0x200/0x200
[   27.133038]  ip_local_out+0x95/0x160
[   27.136720]  ip_send_skb+0x3c/0xc0
[   27.140228]  ip_push_pending_frames+0x64/0x80
[   27.144695]  icmp_push_reply+0x395/0x4f0
[   27.148728]  icmp_send+0x1148/0x19d0
[   27.152436]  ? icmp_route_lookup.constprop.24+0x1360/0x1360
[   27.158288]  ? check_noncircular+0x20/0x20
[   27.162500]  ? __lock_acquire+0x664/0x3e00
[   27.166711]  ? print_irqtrace_events+0x270/0x270
[   27.171434]  ? print_irqtrace_events+0x270/0x270
[   27.176167]  ? __is_insn_slot_addr+0x1fc/0x330
[   27.180726]  ? find_held_lock+0x35/0x1d0
[   27.184844]  ? lock_downgrade+0x980/0x980
[   27.188968]  ? lock_release+0xa40/0xa40
[   27.192919]  ip_options_compile+0xc21/0x1a50
[   27.197299]  ? ip_forward+0x1ce0/0x1ce0
[   27.201241]  ? ip_route_input_rcu+0x31b0/0x31b0
[   27.205881]  ip_rcv_finish+0x80f/0x1e30
[   27.209822]  ? inet_del_offload+0x40/0x40
[   27.213939]  ? ip_rcv+0xf22/0x1840
[   27.217449]  ? lock_downgrade+0x980/0x980
[   27.221566]  ? nf_nat_ipv4_in+0x1cd/0x270
[   27.225689]  ? iptable_nat_ipv4_fn+0x40/0x40
[   27.230066]  ? nf_hook_slow+0xd3/0x1a0
[   27.233925]  ip_rcv+0xc5a/0x1840
[   27.237257]  ? ip_local_deliver+0x6e0/0x6e0
[   27.241550]  ? inet_del_offload+0x40/0x40
[   27.245664]  ? ip_local_deliver+0x6e0/0x6e0
[   27.249953]  __netif_receive_skb_core+0x1a41/0x3460
[   27.254945]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.260104]  ? nf_ingress+0x9f0/0x9f0
[   27.263871]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.269038]  ? __skb_flow_get_ports+0x420/0x420
[   27.273674]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.278840]  ? check_noncircular+0x20/0x20
[   27.283052]  ? check_noncircular+0x20/0x20
[   27.287253]  ? lock_release+0xa40/0xa40
[   27.291198]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   27.296268]  ? print_irqtrace_events+0x270/0x270
[   27.300991]  ? lock_downgrade+0x980/0x980
[   27.305114]  ? pvclock_read_flags+0x160/0x160
[   27.309575]  ? mark_held_locks+0xaf/0x100
[   27.313690]  ? lock_acquire+0x1d5/0x580
[   27.317638]  ? lock_acquire+0x1d5/0x580
[   27.321582]  ? netif_receive_skb_internal+0xa2/0x670
[   27.326827]  ? ktime_get_with_offset+0x2c1/0x420
[   27.331557]  ? lock_release+0xa40/0xa40
[   27.335496]  ? do_gettimeofday+0x190/0x190
[   27.339698]  __netif_receive_skb+0x2c/0x1b0
[   27.343990]  ? __netif_receive_skb+0x2c/0x1b0
[   27.348462]  netif_receive_skb_internal+0x10b/0x670
[   27.353446]  ? dev_cpu_dead+0xb00/0xb00
[   27.357388]  ? net_rx_action+0x1910/0x1910
[   27.361603]  ? eth_type_trans+0x2b2/0x710
[   27.365719]  ? eth_gro_receive+0x820/0x820
[   27.369923]  napi_gro_frags+0x58a/0xaf0
[   27.373874]  ? napi_gro_receive+0x500/0x500
[   27.378166]  ? tun_get_user+0x2605/0x3710
[   27.382283]  tun_get_user+0x262e/0x3710
[   27.386240]  ? tun_build_skb.isra.48+0x17d0/0x17d0
[   27.391137]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.396312]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.401475]  ? check_noncircular+0x20/0x20
[   27.405679]  ? tun_get+0x1ab/0x2e0
[   27.409186]  ? lock_release+0xa40/0xa40
[   27.413125]  ? __lock_is_held+0xb6/0x140
[   27.417154]  ? tun_get+0x1d4/0x2e0
[   27.420660]  ? tun_chr_close+0x60/0x60
[   27.424515]  ? __check_object_size+0x25d/0x4f0
[   27.429065]  ? rcu_note_context_switch+0x710/0x710
[   27.433968]  tun_chr_write_iter+0xb9/0x160
[   27.438866]  do_iter_readv_writev+0x525/0x7f0
[   27.443334]  ? vfs_dedupe_file_range+0x8f0/0x8f0
[   27.448057]  ? rw_verify_area+0xe5/0x2b0
[   27.452091]  do_iter_write+0x154/0x540
[   27.455946]  ? dup_iter+0x260/0x260
[   27.459540]  vfs_writev+0x18a/0x340
[   27.463133]  ? __fget_light+0x297/0x380
[   27.467081]  ? vfs_iter_write+0xb0/0xb0
[   27.471024]  ? up_read+0x1a/0x40
[   27.474359]  ? __do_page_fault+0x3d6/0xc90
[   27.478562]  ? mm_fault_error+0x2c0/0x2c0
[   27.482693]  ? __fdget_pos+0x130/0x190
[   27.486639]  ? __fdget_raw+0x20/0x20
[   27.490321]  ? __do_page_fault+0xc90/0xc90
[   27.494521]  do_writev+0xfc/0x2a0
[   27.497950]  ? do_writev+0xfc/0x2a0
[   27.501544]  ? vfs_writev+0x340/0x340
[   27.505316]  ? entry_SYSCALL_64_fastpath+0x5/0x9a
[   27.510139]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   27.515121]  SyS_writev+0x27/0x30
[   27.518541]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   27.523263] RIP: 0033:0x444f50
[   27.526421] RSP: 002b:00007ffe7cbd9e18 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   27.534093] RAX: ffffffffffffffda RBX: 00000000004a6852 RCX: 0000000000444f50
[   27.541335] RDX: 0000000000000001 RSI: 00007ffe7cbd9e50 RDI: 0000000000000003
[   27.548572] RBP: 00007ffe7cbd9f48 R08: 0000000000000023 R09: 0000000000000000
[   27.555817] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe7cbd9f48
[