[....] Starting enhanced syslogd: rsyslogd[   12.533880] audit: type=1400 audit(1515862374.887:5): avc:  denied  { syslog } for  pid=3507 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   19.980053] audit: type=1400 audit(1515862382.333:6): avc:  denied  { map } for  pid=3648 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.10' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
[   26.246832] audit: type=1400 audit(1515862388.600:7): avc:  denied  { map } for  pid=3662 comm="syzkaller848830" path="/root/syzkaller848830497" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   26.544996] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
[   26.902456] 
[   26.904094] ============================================
[   26.909516] WARNING: possible recursive locking detected
[   26.914933] 4.15.0-rc7-next-20180112+ #96 Not tainted
[   26.920086] --------------------------------------------
[   26.925501] syzkaller848830/3662 is trying to acquire lock:
[   26.931263]  (_xmit_ETHER#2){+.-.}, at: [<00000000660296fd>] sch_direct_xmit+0x361/0x1140
[   26.939556] 
[   26.939556] but task is already holding lock:
[   26.945488]  (_xmit_ETHER#2){+.-.}, at: [<00000000660296fd>] sch_direct_xmit+0x361/0x1140
[   26.953773] 
[   26.953773] other info that might help us debug this:
[   26.960403]  Possible unsafe locking scenario:
[   26.960403] 
[   26.966431]        CPU0
[   26.968979]        ----
[   26.971524]   lock(_xmit_ETHER#2);
[   26.975031]   lock(_xmit_ETHER#2);
[   26.978536] 
[   26.978536]  *** DEADLOCK ***
[   26.978536] 
[   26.984563]  May be due to missing lock nesting notation
[   26.984563] 
[   26.991630] 8 locks held by syzkaller848830/3662:
[   26.996435]  #0:  (&tfile->napi_mutex){+.+.}, at: [<00000000f3d446e4>] tun_get_user+0xe6c/0x3940
[   27.005686]  #1:  (rcu_read_lock){....}, at: [<00000000472db7ee>] netif_receive_skb_internal+0xa2/0x670
[   27.015197]  #2:  (k-slock-AF_INET){+...}, at: [<0000000074e504d6>] icmp_send+0x758/0x19b0
[   27.023579]  #3:  (rcu_read_lock_bh){....}, at: [<00000000039d479e>] ip_finish_output2+0x2aa/0x14f0
[   27.032760]  #4:  (rcu_read_lock_bh){....}, at: [<0000000025954f93>] __dev_queue_xmit+0x2d8/0x2b50
[   27.041839]  #5:  (_xmit_ETHER#2){+.-.}, at: [<00000000660296fd>] sch_direct_xmit+0x361/0x1140
[   27.050566]  #6:  (rcu_read_lock_bh){....}, at: [<00000000039d479e>] ip_finish_output2+0x2aa/0x14f0
[   27.059721]  #7:  (rcu_read_lock_bh){....}, at: [<0000000025954f93>] __dev_queue_xmit+0x2d8/0x2b50
[   27.068799] 
[   27.068799] stack backtrace:
[   27.073264] CPU: 1 PID: 3662 Comm: syzkaller848830 Not tainted 4.15.0-rc7-next-20180112+ #96
[   27.081802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.091132] Call Trace:
[   27.093692]  dump_stack+0x194/0x257
[   27.097291]  ? arch_local_irq_restore+0x53/0x53
[   27.101929]  __lock_acquire+0xe8f/0x3e00
[   27.105956]  ? print_lockdep_cache.isra.31+0x109/0x109
[   27.111211]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.116373]  ? __kernel_text_address+0xd/0x40
[   27.120835]  ? __save_stack_trace+0x7e/0xd0
[   27.125129]  ? print_lockdep_cache.isra.31+0x109/0x109
[   27.130373]  ? save_stack_trace+0x1a/0x20
[   27.134497]  ? save_trace+0xe0/0x2b0
[   27.138177]  ? __lock_acquire+0x36c0/0x3e00
[   27.142476]  ? skb_network_protocol+0xef/0x4b0
[   27.147023]  ? check_noncircular+0x20/0x20
[   27.151221]  ? netif_skb_features+0x5ff/0x9b0
[   27.155688]  ? dev_get_by_index_rcu+0x320/0x320
[   27.160324]  ? __skb_gso_segment+0x810/0x810
[   27.164699]  lock_acquire+0x1d5/0x580
[   27.168464]  ? lock_acquire+0x1d5/0x580
[   27.172402]  ? sch_direct_xmit+0x361/0x1140
[   27.176697]  ? validate_xmit_skb+0x50d/0xaf0
[   27.181074]  ? lock_release+0xa40/0xa40
[   27.185020]  ? netif_skb_features+0x9b0/0x9b0
[   27.189504]  ? pfifo_fast_dequeue+0x20e/0x870
[   27.193991]  _raw_spin_lock+0x2a/0x40
[   27.197791]  ? sch_direct_xmit+0x361/0x1140
[   27.202082]  sch_direct_xmit+0x361/0x1140
[   27.206201]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   27.211189]  ? pfifo_fast_reset+0x490/0x490
[   27.215476]  ? __lock_is_held+0xb6/0x140
[   27.219511]  __qdisc_run+0x57d/0x19c0
[   27.223293]  ? sch_direct_xmit+0x1140/0x1140
[   27.227667]  ? lock_release+0xa40/0xa40
[   27.231610]  ? __dev_queue_xmit+0x2d8/0x2b50
[   27.235985]  ? pfifo_fast_enqueue+0x2a0/0x420
[   27.240448]  __dev_queue_xmit+0xb62/0x2b50
[   27.244660]  ? netdev_pick_tx+0x300/0x300
[   27.249036]  ? find_held_lock+0x35/0x1d0
[   27.253065]  ? lock_downgrade+0x980/0x980
[   27.257179]  ? check_noncircular+0x20/0x20
[   27.261387]  ? __local_bh_enable_ip+0x121/0x230
[   27.266021]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   27.271008]  ? __neigh_create+0x1657/0x1d90
[   27.275294]  ? __local_bh_enable_ip+0x121/0x230
[   27.279939]  ? _raw_write_unlock_bh+0x30/0x40
[   27.284417]  ? __neigh_create+0xc06/0x1d90
[   27.288635]  ? print_irqtrace_events+0x270/0x270
[   27.293372]  ? ip_finish_output2+0x8c6/0x14f0
[   27.297838]  ? lock_downgrade+0x980/0x980
[   27.301969]  ? lock_release+0xa40/0xa40
[   27.305917]  ? mark_held_locks+0xaf/0x100
[   27.310042]  ? memcpy+0x45/0x50
[   27.313292]  dev_queue_xmit+0x17/0x20
[   27.317060]  ? dev_queue_xmit+0x17/0x20
[   27.321000]  neigh_resolve_output+0x5e2/0xa00
[   27.325460]  ? ether_setup+0x2d0/0x2d0
[   27.329316]  ? __neigh_event_send+0x1040/0x1040
[   27.333952]  ? ip_finish_output+0x864/0xd10
[   27.338239]  ? ip_mc_output+0x271/0x1350
[   27.342353]  ip_finish_output2+0x8c6/0x14f0
[   27.346655]  ? __local_bh_enable_ip+0x121/0x230
[   27.351302]  ? ip_copy_metadata+0xac0/0xac0
[   27.355602]  ? check_noncircular+0x20/0x20
[   27.359815]  ? ipt_do_table+0xdd3/0x13b0
[   27.363860]  ? ipv4_mtu+0x347/0x4c0
[   27.367455]  ? rt_cpu_seq_show+0x2c0/0x2c0
[   27.371675]  ? find_held_lock+0x35/0x1d0
[   27.375724]  ip_finish_output+0x864/0xd10
[   27.379926]  ? ip_finish_output+0x864/0xd10
[   27.384224]  ? ip_fragment.constprop.47+0x200/0x200
[   27.389213]  ? iptable_mangle_hook+0xaf/0x4a0
[   27.393685]  ? nf_hook_slow+0xd3/0x1a0
[   27.397540]  ip_mc_output+0x271/0x1350
[   27.401395]  ? ip_queue_xmit+0x18e0/0x18e0
[   27.405601]  ? lock_downgrade+0x980/0x980
[   27.409728]  ? nf_hook_slow+0xd3/0x1a0
[   27.413585]  ? __ip_local_out+0x494/0x7a0
[   27.417697]  ? ip_copy_addrs+0xe0/0xe0
[   27.421554]  ? skb_copy_ubufs+0x1910/0x1910
[   27.425844]  ? ip_fragment.constprop.47+0x200/0x200
[   27.430830]  ? __ip_select_ident+0x168/0x270
[   27.435209]  ? ip_idents_reserve+0x2a0/0x2a0
[   27.439589]  ip_local_out+0x95/0x160
[   27.443276]  iptunnel_xmit+0x556/0x810
[   27.447138]  ip_tunnel_xmit+0x1780/0x3650
[   27.451605]  ? ip_md_tunnel_xmit+0x14d0/0x14d0
[   27.456157]  ? lock_downgrade+0x980/0x980
[   27.460279]  ? pvclock_read_flags+0x160/0x160
[   27.464740]  ? mark_held_locks+0xaf/0x100
[   27.468860]  ? ktime_get_with_offset+0x188/0x420
[   27.473703]  ? kvm_clock_get_cycles+0x25/0x30
[   27.478202]  ? do_gettimeofday+0x190/0x190
[   27.482409]  __gre_xmit+0x546/0x8b0
[   27.486014]  erspan_xmit+0x7eb/0x2430
[   27.489788]  ? gretap_fb_dev_create+0x250/0x250
[   27.494422]  ? __lock_is_held+0xb6/0x140
[   27.498455]  dev_hard_start_xmit+0x24e/0xac0
[   27.502857]  ? validate_xmit_skb_list+0x120/0x120
[   27.507679]  ? __skb_gso_segment+0x810/0x810
[   27.512060]  ? lock_acquire+0x1d5/0x580
[   27.516006]  ? lock_acquire+0x1d5/0x580
[   27.519952]  ? sch_direct_xmit+0x361/0x1140
[   27.524246]  ? validate_xmit_skb+0x50d/0xaf0
[   27.528622]  ? lock_release+0xa40/0xa40
[   27.532562]  ? netif_skb_features+0x9b0/0x9b0
[   27.537022]  ? pfifo_fast_dequeue+0x20e/0x870
[   27.541499]  sch_direct_xmit+0x40d/0x1140
[   27.545617]  ? pfifo_fast_reset+0x490/0x490
[   27.549905]  ? __lock_is_held+0xb6/0x140
[   27.554715]  __qdisc_run+0x57d/0x19c0
[   27.558569]  ? sch_direct_xmit+0x1140/0x1140
[   27.562940]  ? lock_release+0xa40/0xa40
[   27.566881]  ? __dev_queue_xmit+0x2d8/0x2b50
[   27.571257]  ? pfifo_fast_enqueue+0x2a0/0x420
[   27.575726]  __dev_queue_xmit+0xb62/0x2b50
[   27.580017]  ? netdev_pick_tx+0x300/0x300
[   27.584137]  ? check_noncircular+0x20/0x20
[   27.588340]  ? __local_bh_enable_ip+0x121/0x230
[   27.592984]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   27.597968]  ? __neigh_create+0x1657/0x1d90
[   27.602261]  ? __local_bh_enable_ip+0x121/0x230
[   27.606901]  ? _raw_write_unlock_bh+0x30/0x40
[   27.611384]  ? __neigh_create+0xc06/0x1d90
[   27.615598]  ? print_irqtrace_events+0x270/0x270
[   27.620329]  ? ip_finish_output2+0x8c6/0x14f0
[   27.624788]  ? lock_downgrade+0x980/0x980
[   27.628903]  ? lock_release+0xa40/0xa40
[   27.632850]  ? mark_held_locks+0xaf/0x100
[   27.636979]  ? memcpy+0x45/0x50
[   27.640243]  dev_queue_xmit+0x17/0x20
[   27.644008]  ? dev_queue_xmit+0x17/0x20
[   27.647949]  neigh_resolve_output+0x5e2/0xa00
[   27.652417]  ? ether_setup+0x2d0/0x2d0
[   27.656271]  ? __neigh_event_send+0x1040/0x1040
[   27.660905]  ? tun_get_user+0x2760/0x3940
[   27.665017]  ? tun_chr_write_iter+0xb9/0x160
[   27.669391]  ip_finish_output2+0x8c6/0x14f0
[   27.673704]  ? __local_bh_enable_ip+0x121/0x230
[   27.678559]  ? ip_copy_metadata+0xac0/0xac0
[   27.682855]  ? check_noncircular+0x20/0x20
[   27.687055]  ? ipt_do_table+0xdd3/0x13b0
[   27.691083]  ? ipv4_mtu+0x347/0x4c0
[   27.694679]  ? rt_cpu_seq_show+0x2c0/0x2c0
[   27.698877]  ? find_held_lock+0x35/0x1d0
[   27.702906]  ip_finish_output+0x864/0xd10
[   27.707103]  ? ip_finish_output+0x864/0xd10
[   27.711576]  ? ip_fragment.constprop.47+0x200/0x200
[   27.716572]  ? iptable_mangle_hook+0xaf/0x4a0
[   27.721043]  ? nf_hook_slow+0xd3/0x1a0
[   27.724902]  ip_mc_output+0x271/0x1350
[   27.728755]  ? ip_queue_xmit+0x18e0/0x18e0
[   27.732955]  ? lock_downgrade+0x980/0x980
[   27.737068]  ? nf_hook_slow+0xd3/0x1a0
[   27.740922]  ? __ip_local_out+0x494/0x7a0
[   27.745036]  ? ip_copy_addrs+0xe0/0xe0
[   27.748887]  ? dst_release+0x3a/0x90
[   27.752566]  ? __ip_make_skb+0xfd1/0x1850
[   27.756681]  ? ip_fragment.constprop.47+0x200/0x200
[   27.761670]  ip_local_out+0x95/0x160
[   27.765368]  ip_send_skb+0x3c/0xc0
[   27.768873]  ip_push_pending_frames+0x64/0x80
[   27.773340]  icmp_push_reply+0x395/0x4f0
[   27.777373]  icmp_send+0x1136/0x19b0
[   27.781055]  ? icmp_route_lookup.constprop.24+0x1360/0x1360
[   27.786824]  ? check_noncircular+0x20/0x20
[   27.791024]  ? __lock_acquire+0x664/0x3e00
[   27.795234]  ? __debug_object_init+0x235/0x1040
[   27.799879]  ? __is_insn_slot_addr+0x1fc/0x330
[   27.804432]  ? find_held_lock+0x35/0x1d0
[   27.808465]  ? lock_downgrade+0x980/0x980
[   27.812581]  ? lock_release+0xa40/0xa40
[   27.816533]  ip_options_compile+0xc21/0x1a50
[   27.820913]  ? ip_forward+0x1cd0/0x1cd0
[   27.824856]  ? ip_route_input_rcu+0x3180/0x3180
[   27.829492]  ip_rcv_finish+0x80f/0x1e30
[   27.833439]  ? inet_del_offload+0x40/0x40
[   27.837555]  ? ip_rcv+0xf22/0x1840
[   27.841064]  ? lock_downgrade+0x980/0x980
[   27.845177]  ? nf_nat_ipv4_in+0x1cd/0x270
[   27.849298]  ? iptable_nat_ipv4_fn+0x40/0x40
[   27.853686]  ? nf_hook_slow+0xd3/0x1a0
[   27.857539]  ip_rcv+0xc5a/0x1840
[   27.860871]  ? ip_local_deliver+0x6e0/0x6e0
[   27.865160]  ? inet_del_offload+0x40/0x40
[   27.869273]  ? ip_local_deliver+0x6e0/0x6e0
[   27.873567]  __netif_receive_skb_core+0x1a41/0x3460
[   27.878556]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.883718]  ? nf_ingress+0x9f0/0x9f0
[   27.887487]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.892651]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.897829]  ? check_noncircular+0x20/0x20
[   27.902063]  ? check_noncircular+0x20/0x20
[   27.906275]  ? lock_downgrade+0x980/0x980
[   27.910389]  ? lock_release+0xa40/0xa40
[   27.914333]  ? mark_held_locks+0xaf/0x100
[   27.918448]  ? print_irqtrace_events+0x270/0x270
[   27.923169]  ? lock_downgrade+0x980/0x980
[   27.927287]  ? pvclock_read_flags+0x160/0x160
[   27.931749]  ? mark_held_locks+0xaf/0x100
[   27.935862]  ? lock_acquire+0x1d5/0x580
[   27.939799]  ? lock_acquire+0x1d5/0x580
[   27.943740]  ? netif_receive_skb_internal+0xa2/0x670
[   27.948810]  ? ktime_get_with_offset+0x2c1/0x420
[   27.953534]  ? lock_release+0xa40/0xa40
[   27.957473]  ? do_gettimeofday+0x190/0x190
[   27.961693]  __netif_receive_skb+0x2c/0x1b0
[   27.965980]  ? __netif_receive_skb+0x2c/0x1b0
[   27.970442]  netif_receive_skb_internal+0x10b/0x670
[   27.975423]  ? dev_cpu_dead+0xb00/0xb00
[   27.979366]  ? net_rx_action+0x1910/0x1910
[   27.983569]  ? eth_type_trans+0x2b2/0x710
[   27.987693]  ? eth_gro_receive+0x820/0x820
[   27.991898]  napi_gro_frags+0x58a/0xaf0
[   27.995838]  ? napi_gro_receive+0x500/0x500
[   28.000150]  ? tun_get_user+0x2737/0x3940
[   28.004274]  tun_get_user+0x2760/0x3940
[   28.008221]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   28.013389]  ? do_huge_pmd_anonymous_page+0xb1e/0x1b00
[   28.018651]  ? tun_build_skb.isra.49+0x1810/0x1810
[   28.023549]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   28.028704]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   28.033859]  ? trace_hardirqs_on+0xd/0x10
[   28.037980]  ? find_held_lock+0x35/0x1d0
[   28.042008]  ? tun_get+0x1ab/0x2e0
[   28.045514]  ? lock_release+0xa40/0xa40
[   28.049460]  ? __lock_is_held+0xb6/0x140
[   28.053488]  ? tun_get+0x1d4/0x2e0
[   28.056996]  ? tun_do_read+0x2600/0x2600
[   28.061033]  ? __check_object_size+0x8b/0x530
[   28.065496]  ? rcu_note_context_switch+0x710/0x710
[   28.070390]  tun_chr_write_iter+0xb9/0x160
[   28.074601]  do_iter_readv_writev+0x525/0x7f0
[   28.079066]  ? vfs_dedupe_file_range+0x8f0/0x8f0
[   28.083787]  ? rw_verify_area+0xe5/0x2b0
[   28.087817]  do_iter_write+0x154/0x540
[   28.091670]  ? dup_iter+0x260/0x260
[   28.095275]  vfs_writev+0x18a/0x340
[   28.098869]  ? __fget_light+0x297/0x380
[   28.103079]  ? vfs_iter_write+0xb0/0xb0
[   28.107108]  ? up_read+0x1a/0x40
[   28.110442]  ? __do_page_fault+0x3d6/0xc90
[   28.114646]  ? mm_fault_error+0x2c0/0x2c0
[   28.118761]  ? __fdget_pos+0x130/0x190
[   28.122615]  ? __fdget_raw+0x20/0x20
[   28.126297]  ? __do_page_fault+0xc90/0xc90
[   28.130506]  do_writev+0xfc/0x2a0
[   28.133926]  ? do_writev+0xfc/0x2a0
[   28.137518]  ? vfs_writev+0x340/0x340
[   28.141286]  ? entry_SYSCALL_64_fastpath+0x5/0xa0
[   28.146097]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   28.151080]  SyS_writev+0x27/0x30
[   28.154502]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   28.159221] RIP: 0033:0x444f50
[   28.162383] RSP: 002b:00007fff438f6318 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   28.170152] RAX: ffffffffffffffda RBX: 00000000004a6852 RCX: 0000000000444f50
[   28.177395] RDX: 0000000000000001 RSI: 00007fff438f6350 RDI: 0000000000000003
[   28.184635] RBP: 00007fff438f6448 R08: 000000000000001f R09: 0000000000000000
[   28.191878] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff438f6448
[   28.199119] R13: 0000000000402520 R14: 0000000000000000 R15: 0000000000000000
[