[....] Starting enhanced syslogd: rsyslogd[   12.917342] audit: type=1400 audit(1515862582.614:5): avc:  denied  { syslog } for  pid=3491 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.915491] audit: type=1400 audit(1515862588.612:6): avc:  denied  { map } for  pid=3631 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.49' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
[   25.175990] audit: type=1400 audit(1515862594.872:7): avc:  denied  { map } for  pid=3645 comm="syzkaller979616" path="/root/syzkaller979616374" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   25.562532] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
[   25.912738] 
[   25.914377] ============================================
[   25.919796] WARNING: possible recursive locking detected
[   25.925213] 4.15.0-rc7+ #170 Not tainted
[   25.929240] --------------------------------------------
[   25.934656] syzkaller979616/3645 is trying to acquire lock:
[   25.940332]  (_xmit_ETHER#2){+.-.}, at: [<00000000987e864d>] sch_direct_xmit+0x280/0x6d0
[   25.948540] 
[   25.948540] but task is already holding lock:
[   25.954478]  (_xmit_ETHER#2){+.-.}, at: [<00000000987e864d>] sch_direct_xmit+0x280/0x6d0
[   25.962679] 
[   25.962679] other info that might help us debug this:
[   25.969310]  Possible unsafe locking scenario:
[   25.969310] 
[   25.975334]        CPU0
[   25.977884]        ----
[   25.980433]   lock(_xmit_ETHER#2);
[   25.983940]   lock(_xmit_ETHER#2);
[   25.987447] 
[   25.987447]  *** DEADLOCK ***
[   25.987447] 
[   25.993474]  May be due to missing lock nesting notation
[   25.993474] 
[   26.000377] 10 locks held by syzkaller979616/3645:
[   26.005271]  #0:  (&tfile->napi_mutex){+.+.}, at: [<00000000b3f837b9>] tun_get_user+0xe5a/0x3710
[   26.014170]  #1:  (rcu_read_lock){....}, at: [<00000000e0413f0a>] netif_receive_skb_internal+0xa2/0x670
[   26.023696]  #2:  (k-slock-AF_INET){+...}, at: [<00000000ade6e71d>] icmp_send+0x75e/0x19d0
[   26.032079]  #3:  (rcu_read_lock_bh){....}, at: [<000000004d9ab92d>] ip_finish_output2+0x2b6/0x1500
[   26.041241]  #4:  (rcu_read_lock_bh){....}, at: [<00000000ab86e730>] __dev_queue_xmit+0x294/0x2920
[   26.050313]  #5:  (dev->qdisc_running_key ?: &qdisc_running_key){+...}, at: [<000000006aa64552>] dev_queue_xmit+0x17/0x20
[   26.061386]  #6:  (_xmit_ETHER#2){+.-.}, at: [<00000000987e864d>] sch_direct_xmit+0x280/0x6d0
[   26.070045]  #7:  (rcu_read_lock_bh){....}, at: [<000000004d9ab92d>] ip_finish_output2+0x2b6/0x1500
[   26.079215]  #8:  (rcu_read_lock_bh){....}, at: [<00000000ab86e730>] __dev_queue_xmit+0x294/0x2920
[   26.088287]  #9:  (dev->qdisc_running_key ?: &qdisc_running_key){+...}, at: [<000000006aa64552>] dev_queue_xmit+0x17/0x20
[   26.099353] 
[   26.099353] stack backtrace:
[   26.103819] CPU: 1 PID: 3645 Comm: syzkaller979616 Not tainted 4.15.0-rc7+ #170
[   26.111235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.120558] Call Trace:
[   26.123120]  dump_stack+0x194/0x257
[   26.126718]  ? arch_local_irq_restore+0x53/0x53
[   26.131365]  __lock_acquire+0xe8f/0x3e00
[   26.135394]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.140555]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.145713]  ? __lock_acquire+0x664/0x3e00
[   26.149925]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.155089]  ? check_noncircular+0x20/0x20
[   26.159293]  ? trace_hardirqs_off+0x10/0x10
[   26.163593]  ? bpf_prog_kallsyms_find+0xbd/0x440
[   26.168318]  ? modules_open+0xa0/0xa0
[   26.172091]  ? trace_raw_output_xdp_redirect_map_err+0x440/0x440
[   26.178211]  ? check_noncircular+0x20/0x20
[   26.182415]  ? is_bpf_text_address+0x7b/0x120
[   26.186886]  ? lock_downgrade+0x980/0x980
[   26.191009]  ? skb_network_protocol+0xef/0x4b0
[   26.195564]  ? reacquire_held_locks+0x1f9/0x3e0
[   26.200200]  ? reacquire_held_locks+0x1f9/0x3e0
[   26.204839]  ? netif_skb_features+0x5ff/0x9b0
[   26.209309]  ? dev_get_by_index_rcu+0x320/0x320
[   26.213957]  lock_acquire+0x1d5/0x580
[   26.217726]  ? lock_acquire+0x1d5/0x580
[   26.221678]  ? sch_direct_xmit+0x280/0x6d0
[   26.225883]  ? lock_release+0xa40/0xa40
[   26.229834]  ? netif_skb_features+0x9b0/0x9b0
[   26.234305]  ? do_raw_spin_trylock+0x190/0x190
[   26.238856]  ? lock_acquire+0x1d5/0x580
[   26.242800]  ? __dev_queue_xmit+0xb37/0x2920
[   26.247180]  _raw_spin_lock+0x2a/0x40
[   26.250948]  ? sch_direct_xmit+0x280/0x6d0
[   26.255153]  sch_direct_xmit+0x280/0x6d0
[   26.259186]  ? dev_deactivate_queue.constprop.30+0x260/0x260
[   26.264954]  __dev_queue_xmit+0x1ce2/0x2920
[   26.269247]  ? netdev_pick_tx+0x300/0x300
[   26.273364]  ? find_held_lock+0x35/0x1d0
[   26.277395]  ? lock_downgrade+0x980/0x980
[   26.281516]  ? check_noncircular+0x20/0x20
[   26.285724]  ? __local_bh_enable_ip+0x121/0x230
[   26.290370]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   26.295359]  ? __neigh_create+0x1657/0x1d90
[   26.299650]  ? __local_bh_enable_ip+0x121/0x230
[   26.304291]  ? _raw_write_unlock_bh+0x30/0x40
[   26.308758]  ? __neigh_create+0xc06/0x1d90
[   26.312967]  ? print_irqtrace_events+0x270/0x270
[   26.317696]  ? ip_finish_output2+0x8d2/0x1500
[   26.322160]  ? lock_downgrade+0x980/0x980
[   26.326276]  ? lock_release+0xa40/0xa40
[   26.330220]  ? mark_held_locks+0xaf/0x100
[   26.334343]  ? memcpy+0x45/0x50
[   26.337601]  dev_queue_xmit+0x17/0x20
[   26.341374]  ? dev_queue_xmit+0x17/0x20
[   26.345317]  neigh_resolve_output+0x5e2/0xa00
[   26.349782]  ? ether_setup+0x2d0/0x2d0
[   26.353647]  ? __neigh_event_send+0x1050/0x1050
[   26.358288]  ? ip_finish_output+0x864/0xd10
[   26.362586]  ? ip_local_out+0x95/0x160
[   26.366442]  ? ip_send_skb+0x3c/0xc0
[   26.370123]  ? ip_push_pending_frames+0x64/0x80
[   26.374785]  ip_finish_output2+0x8d2/0x1500
[   26.379101]  ? ip_copy_metadata+0xac0/0xac0
[   26.383403]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   26.388396]  ? ipt_do_table+0xd0a/0x1330
[   26.392440]  ? trace_hardirqs_on+0xd/0x10
[   26.396579]  ? __local_bh_enable_ip+0x121/0x230
[   26.401232]  ? ipt_do_table+0xd75/0x1330
[   26.405266]  ? ipv4_mtu+0x34d/0x4c0
[   26.408877]  ? find_held_lock+0x35/0x1d0
[   26.412910]  ip_finish_output+0x864/0xd10
[   26.417028]  ? ip_finish_output+0x864/0xd10
[   26.421321]  ? ip_fragment.constprop.47+0x200/0x200
[   26.426307]  ? iptable_mangle_hook+0xa9/0x560
[   26.430779]  ? nf_hook_slow+0xd3/0x1a0
[   26.434637]  ip_mc_output+0x277/0x1360
[   26.438493]  ? ip_queue_xmit+0x18e0/0x18e0
[   26.442699]  ? lock_downgrade+0x980/0x980
[   26.446820]  ? nf_hook_slow+0xd3/0x1a0
[   26.450679]  ? __ip_local_out+0x494/0x7a0
[   26.454803]  ? ip_copy_addrs+0xe0/0xe0
[   26.458667]  ? skb_copy_ubufs+0x1910/0x1910
[   26.462964]  ? ip_fragment.constprop.47+0x200/0x200
[   26.467948]  ? __ip_select_ident+0x168/0x270
[   26.472324]  ? ip_idents_reserve+0x2a0/0x2a0
[   26.476704]  ip_local_out+0x95/0x160
[   26.480387]  iptunnel_xmit+0x556/0x810
[   26.484248]  ip_tunnel_xmit+0x1780/0x3650
[   26.488369]  ? skb_headers_offset_update+0x170/0x290
[   26.493441]  ? ip_md_tunnel_xmit+0x14e0/0x14e0
[   26.497997]  ? save_stack_trace+0x1a/0x20
[   26.502121]  ? skb_copy_ubufs+0x1910/0x1910
[   26.506417]  ? iptunnel_handle_offloads+0x3a3/0x710
[   26.511403]  __gre_xmit+0x546/0x8b0
[   26.515012]  erspan_xmit+0x409/0x13b0
[   26.518802]  ? prepare_fb_xmit+0x9a0/0x9a0
[   26.523016]  ? __lock_is_held+0xb6/0x140
[   26.527060]  dev_hard_start_xmit+0x24e/0xac0
[   26.531440]  ? validate_xmit_skb_list+0x120/0x120
[   26.536253]  ? netif_skb_features+0x5ff/0x9b0
[   26.540720]  ? lock_acquire+0x1d5/0x580
[   26.544664]  ? lock_acquire+0x1d5/0x580
[   26.548616]  ? sch_direct_xmit+0x280/0x6d0
[   26.552830]  ? lock_release+0xa40/0xa40
[   26.556781]  ? netif_skb_features+0x9b0/0x9b0
[   26.561247]  ? do_raw_spin_trylock+0x190/0x190
[   26.565800]  ? lock_acquire+0x1d5/0x580
[   26.569749]  ? __dev_queue_xmit+0xb37/0x2920
[   26.574131]  sch_direct_xmit+0x31d/0x6d0
[   26.578165]  ? dev_deactivate_queue.constprop.30+0x260/0x260
[   26.583940]  __dev_queue_xmit+0x1ce2/0x2920
[   26.588232]  ? netdev_pick_tx+0x300/0x300
[   26.592357]  ? check_noncircular+0x20/0x20
[   26.596564]  ? __local_bh_enable_ip+0x121/0x230
[   26.601205]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   26.606192]  ? __neigh_create+0x1657/0x1d90
[   26.610491]  ? __local_bh_enable_ip+0x121/0x230
[   26.615136]  ? _raw_write_unlock_bh+0x30/0x40
[   26.619605]  ? __neigh_create+0xc06/0x1d90
[   26.623810]  ? print_irqtrace_events+0x270/0x270
[   26.628540]  ? ip_finish_output2+0x8d2/0x1500
[   26.633631]  ? lock_downgrade+0x980/0x980
[   26.637753]  ? lock_release+0xa40/0xa40
[   26.641696]  ? mark_held_locks+0xaf/0x100
[   26.645814]  ? memcpy+0x45/0x50
[   26.649076]  dev_queue_xmit+0x17/0x20
[   26.652845]  ? dev_queue_xmit+0x17/0x20
[   26.656789]  neigh_resolve_output+0x5e2/0xa00
[   26.661254]  ? ether_setup+0x2d0/0x2d0
[   26.665111]  ? __neigh_event_send+0x1050/0x1050
[   26.669750]  ? tun_get_user+0x262e/0x3710
[   26.673871]  ? tun_chr_write_iter+0xb9/0x160
[   26.678250]  ? do_iter_readv_writev+0x525/0x7f0
[   26.682894]  ip_finish_output2+0x8d2/0x1500
[   26.687187]  ? ip_copy_metadata+0xac0/0xac0
[   26.691478]  ? check_noncircular+0x20/0x20
[   26.695685]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   26.700682]  ? ipt_do_table+0xd0a/0x1330
[   26.704718]  ? trace_hardirqs_on+0xd/0x10
[   26.708839]  ? __local_bh_enable_ip+0x121/0x230
[   26.713478]  ? ipt_do_table+0xd75/0x1330
[   26.717512]  ? ipv4_mtu+0x34d/0x4c0
[   26.721108]  ? rt_cpu_seq_show+0x2c0/0x2c0
[   26.725315]  ? find_held_lock+0x35/0x1d0
[   26.729348]  ip_finish_output+0x864/0xd10
[   26.733468]  ? ip_finish_output+0x864/0xd10
[   26.737760]  ? ip_fragment.constprop.47+0x200/0x200
[   26.742747]  ? iptable_mangle_hook+0xa9/0x560
[   26.747219]  ? nf_hook_slow+0xd3/0x1a0
[   26.751080]  ip_mc_output+0x277/0x1360
[   26.754943]  ? ip_queue_xmit+0x18e0/0x18e0
[   26.759150]  ? lock_downgrade+0x980/0x980
[   26.763269]  ? nf_hook_slow+0xd3/0x1a0
[   26.767128]  ? __ip_local_out+0x494/0x7a0
[   26.771246]  ? ip_copy_addrs+0xe0/0xe0
[   26.775106]  ? dst_release+0x3d/0x90
[   26.778790]  ? __ip_make_skb+0xfd7/0x1860
[   26.782911]  ? ip_fragment.constprop.47+0x200/0x200
[   26.787899]  ip_local_out+0x95/0x160
[   26.791586]  ip_send_skb+0x3c/0xc0
[   26.795185]  ip_push_pending_frames+0x64/0x80
[   26.799663]  icmp_push_reply+0x395/0x4f0
[   26.803700]  icmp_send+0x1148/0x19d0
[   26.807390]  ? icmp_route_lookup.constprop.24+0x1360/0x1360
[   26.813073]  ? check_noncircular+0x20/0x20
[   26.817281]  ? __lock_acquire+0x664/0x3e00
[   26.821493]  ? __is_insn_slot_addr+0x1fc/0x330
[   26.826055]  ? find_held_lock+0x35/0x1d0
[   26.830095]  ? lock_downgrade+0x980/0x980
[   26.834221]  ? lock_release+0xa40/0xa40
[   26.838167]  ip_options_compile+0xc21/0x1a50
[   26.842553]  ? ip_forward+0x1ce0/0x1ce0
[   26.846501]  ? ip_route_input_rcu+0x31b0/0x31b0
[   26.851141]  ip_rcv_finish+0x80f/0x1e30
[   26.855093]  ? inet_del_offload+0x40/0x40
[   26.859211]  ? ip_rcv+0xf22/0x1840
[   26.862722]  ? lock_downgrade+0x980/0x980
[   26.866839]  ? nf_nat_ipv4_in+0x1cd/0x270
[   26.870961]  ? iptable_nat_ipv4_fn+0x40/0x40
[   26.875356]  ? nf_hook_slow+0xd3/0x1a0
[   26.879216]  ip_rcv+0xc5a/0x1840
[   26.882576]  ? ip_local_deliver+0x6e0/0x6e0
[   26.886871]  ? inet_del_offload+0x40/0x40
[   26.890991]  ? ip_local_deliver+0x6e0/0x6e0
[   26.895289]  __netif_receive_skb_core+0x1a41/0x3460
[   26.900290]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.905452]  ? nf_ingress+0x9f0/0x9f0
[   26.909226]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.914397]  ? __skb_flow_get_ports+0x420/0x420
[   26.919039]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.924206]  ? check_noncircular+0x20/0x20
[   26.928412]  ? check_noncircular+0x20/0x20
[   26.932624]  ? lock_release+0xa40/0xa40
[   26.936579]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   26.941654]  ? print_irqtrace_events+0x270/0x270
[   26.946382]  ? lock_downgrade+0x980/0x980
[   26.950502]  ? pvclock_read_flags+0x160/0x160
[   26.954980]  ? mark_held_locks+0xaf/0x100
[   26.959105]  ? lock_acquire+0x1d5/0x580
[   26.963051]  ? lock_acquire+0x1d5/0x580
[   26.966994]  ? netif_receive_skb_internal+0xa2/0x670
[   26.972084]  ? ktime_get_with_offset+0x2c1/0x420
[   26.976818]  ? lock_release+0xa40/0xa40
[   26.980770]  ? do_gettimeofday+0x190/0x190
[   26.984980]  __netif_receive_skb+0x2c/0x1b0
[   26.989272]  ? __netif_receive_skb+0x2c/0x1b0
[   26.993739]  netif_receive_skb_internal+0x10b/0x670
[   26.998726]  ? dev_cpu_dead+0xb00/0xb00
[   27.002676]  ? net_rx_action+0x1910/0x1910
[   27.006879]  ? eth_type_trans+0x2b2/0x710
[   27.010997]  ? eth_gro_receive+0x820/0x820
[   27.015207]  napi_gro_frags+0x58a/0xaf0
[   27.019151]  ? napi_gro_receive+0x500/0x500
[   27.023447]  ? tun_get_user+0x2605/0x3710
[   27.027571]  tun_get_user+0x262e/0x3710
[   27.031527]  ? tun_build_skb.isra.48+0x17d0/0x17d0
[   27.036428]  ? _raw_spin_unlock+0x22/0x30
[   27.040554]  ? do_huge_pmd_anonymous_page+0xb21/0x1b00
[   27.045802]  ? tun_get+0x1ab/0x2e0
[   27.049313]  ? perf_event_fork+0x30/0x30
[   27.053345]  ? lock_release+0xa40/0xa40
[   27.057288]  ? __lock_is_held+0xb6/0x140
[   27.061320]  ? tun_get+0x1d4/0x2e0
[   27.064839]  ? tun_chr_close+0x60/0x60
[   27.068701]  ? rcu_note_context_switch+0x710/0x710
[   27.073599]  ? vma_link+0xe9/0x170
[   27.077109]  tun_chr_write_iter+0xb9/0x160
[   27.081313]  do_iter_readv_writev+0x525/0x7f0
[   27.085786]  ? vfs_dedupe_file_range+0x8f0/0x8f0
[   27.090525]  ? rw_verify_area+0xe5/0x2b0
[   27.094562]  do_iter_write+0x154/0x540
[   27.098423]  ? iov_iter_get_pages+0x1150/0x1150
[   27.103062]  compat_writev+0x225/0x420
[   27.106917]  ? __fget_light+0x297/0x380
[   27.110860]  ? do_pwritev+0x1a0/0x1a0
[   27.114629]  ? find_held_lock+0x35/0x1d0
[   27.118661]  ? __do_page_fault+0x5f7/0xc90
[   27.122866]  ? __fdget_pos+0x130/0x190
[   27.126731]  ? __fdget_raw+0x20/0x20
[   27.130415]  ? down_read_trylock+0xdb/0x170
[   27.134705]  ? __do_page_fault+0x32d/0xc90
[   27.138911]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   27.143465]  do_compat_writev+0x115/0x220
[   27.147583]  ? do_compat_writev+0x115/0x220
[   27.151875]  ? compat_writev+0x420/0x420
[   27.155916]  compat_SyS_writev+0x26/0x30
[   27.159952]  ? compat_SyS_preadv2+0x90/0x90
[   27.164256]  do_fast_syscall_32+0x3ee/0xf9d
[   27.168550]  ? do_int80_syscall_32+0x9d0/0x9d0
[   27.173103]  ? kasan_check_read+0x11/0x20
[   27.177228]  ? syscall_return_slowpath+0x550/0x550
[   27.182127]  ? SyS_rt_sigaction+0x94/0x1b0
[   27.186333]  ? SyS_sigprocmask+0x4b0/0x4b0
[   27.190537]  ? SyS_read+0x184/0x220
[   27.194133]  ? retint_user+0x18/0x18
[   27.197818]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   27.202637]  entry_SYSENTER_compat+0x54/0x63
[   27.207017] RIP: 0023:0xf7f87c79
[   27.210351] RSP: 002b:00000000ffb2aa08 EFLAGS: 00000246 ORIG_RAX: 0000000000000092
[   27.21