[....] Starting enhanced syslogd: rsyslogd[   12.919205] audit: type=1400 audit(1515861966.573:5): avc:  denied  { syslog } for  pid=3500 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   17.917522] audit: type=1400 audit(1515861971.572:6): avc:  denied  { map } for  pid=3642 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.49' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
[   24.148330] audit: type=1400 audit(1515861977.803:7): avc:  denied  { map } for  pid=3656 comm="syzkaller735942" path="/root/syzkaller735942974" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   24.443565] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
[   24.791044] 
[   24.792686] ============================================
[   24.798109] WARNING: possible recursive locking detected
[   24.803555] 4.15.0-rc7+ #170 Not tainted
[   24.807590] --------------------------------------------
[   24.813011] syzkaller735942/3656 is trying to acquire lock:
[   24.818690]  (_xmit_ETHER#2){+.-.}, at: [<000000001d00d96c>] sch_direct_xmit+0x280/0x6d0
[   24.826933] 
[   24.826933] but task is already holding lock:
[   24.832869]  (_xmit_ETHER#2){+.-.}, at: [<000000001d00d96c>] sch_direct_xmit+0x280/0x6d0
[   24.841075] 
[   24.841075] other info that might help us debug this:
[   24.847705]  Possible unsafe locking scenario:
[   24.847705] 
[   24.853736]        CPU0
[   24.856284]        ----
[   24.858827]   lock(_xmit_ETHER#2);
[   24.862338]   lock(_xmit_ETHER#2);
[   24.865840] 
[   24.865840]  *** DEADLOCK ***
[   24.865840] 
[   24.871863]  May be due to missing lock nesting notation
[   24.871863] 
[   24.878754] 10 locks held by syzkaller735942/3656:
[   24.883643]  #0:  (&tfile->napi_mutex){+.+.}, at: [<00000000430e37b1>] tun_get_user+0xe5a/0x3710
[   24.892624]  #1:  (rcu_read_lock){....}, at: [<00000000c5f6f886>] netif_receive_skb_internal+0xa2/0x670
[   24.902126]  #2:  (k-slock-AF_INET){+...}, at: [<0000000003ec2842>] icmp_send+0x75e/0x19d0
[   24.911451]  #3:  (rcu_read_lock_bh){....}, at: [<000000000a8e2de8>] ip_finish_output2+0x2b6/0x1500
[   24.920605]  #4:  (rcu_read_lock_bh){....}, at: [<00000000981ade4b>] __dev_queue_xmit+0x294/0x2920
[   24.929669]  #5:  (dev->qdisc_running_key ?: &qdisc_running_key){+...}, at: [<000000007f2c0514>] dev_queue_xmit+0x17/0x20
[   24.940727]  #6:  (_xmit_ETHER#2){+.-.}, at: [<000000001d00d96c>] sch_direct_xmit+0x280/0x6d0
[   24.949359]  #7:  (rcu_read_lock_bh){....}, at: [<000000000a8e2de8>] ip_finish_output2+0x2b6/0x1500
[   24.958597]  #8:  (rcu_read_lock_bh){....}, at: [<00000000981ade4b>] __dev_queue_xmit+0x294/0x2920
[   24.967665]  #9:  (dev->qdisc_running_key ?: &qdisc_running_key){+...}, at: [<000000007f2c0514>] dev_queue_xmit+0x17/0x20
[   24.978726] 
[   24.978726] stack backtrace:
[   24.983187] CPU: 1 PID: 3656 Comm: syzkaller735942 Not tainted 4.15.0-rc7+ #170
[   24.990594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   24.999910] Call Trace:
[   25.002463]  dump_stack+0x194/0x257
[   25.006054]  ? arch_local_irq_restore+0x53/0x53
[   25.010690]  __lock_acquire+0xe8f/0x3e00
[   25.014714]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   25.019869]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   25.025019]  ? __lock_acquire+0x664/0x3e00
[   25.029220]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   25.034375]  ? check_noncircular+0x20/0x20
[   25.038585]  ? trace_hardirqs_off+0x10/0x10
[   25.043132]  ? bpf_prog_kallsyms_find+0xbd/0x440
[   25.047852]  ? modules_open+0xa0/0xa0
[   25.051616]  ? trace_raw_output_xdp_redirect_map_err+0x440/0x440
[   25.057735]  ? check_noncircular+0x20/0x20
[   25.061933]  ? is_bpf_text_address+0x7b/0x120
[   25.066392]  ? lock_downgrade+0x980/0x980
[   25.070505]  ? skb_network_protocol+0xef/0x4b0
[   25.075061]  ? reacquire_held_locks+0x1f9/0x3e0
[   25.079692]  ? reacquire_held_locks+0x1f9/0x3e0
[   25.084326]  ? netif_skb_features+0x5ff/0x9b0
[   25.088793]  ? dev_get_by_index_rcu+0x320/0x320
[   25.093426]  lock_acquire+0x1d5/0x580
[   25.097191]  ? lock_acquire+0x1d5/0x580
[   25.101130]  ? sch_direct_xmit+0x280/0x6d0
[   25.105330]  ? lock_release+0xa40/0xa40
[   25.109274]  ? netif_skb_features+0x9b0/0x9b0
[   25.113732]  ? do_raw_spin_trylock+0x190/0x190
[   25.118275]  ? lock_acquire+0x1d5/0x580
[   25.122210]  ? __dev_queue_xmit+0xb37/0x2920
[   25.126588]  _raw_spin_lock+0x2a/0x40
[   25.130353]  ? sch_direct_xmit+0x280/0x6d0
[   25.134551]  sch_direct_xmit+0x280/0x6d0
[   25.138579]  ? dev_deactivate_queue.constprop.30+0x260/0x260
[   25.144343]  __dev_queue_xmit+0x1ce2/0x2920
[   25.148631]  ? netdev_pick_tx+0x300/0x300
[   25.152750]  ? check_noncircular+0x20/0x20
[   25.156948]  ? retint_kernel+0x10/0x10
[   25.160801]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   25.165786]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   25.170511]  ? print_irqtrace_events+0x270/0x270
[   25.175235]  ? ip_finish_output2+0x8d2/0x1500
[   25.179693]  ? lock_downgrade+0x980/0x980
[   25.183803]  ? lock_release+0xa40/0xa40
[   25.187739]  ? mark_held_locks+0xaf/0x100
[   25.191851]  ? memcpy+0x45/0x50
[   25.195097]  dev_queue_xmit+0x17/0x20
[   25.198861]  ? dev_queue_xmit+0x17/0x20
[   25.202799]  neigh_resolve_output+0x5e2/0xa00
[   25.207258]  ? ether_setup+0x2d0/0x2d0
[   25.211111]  ? __neigh_event_send+0x1050/0x1050
[   25.215742]  ? ip_finish_output+0x864/0xd10
[   25.220028]  ? ip_local_out+0x95/0x160
[   25.223881]  ? ip_send_skb+0x3c/0xc0
[   25.227560]  ? ip_push_pending_frames+0x64/0x80
[   25.232192]  ip_finish_output2+0x8d2/0x1500
[   25.236479]  ? ip_copy_metadata+0xac0/0xac0
[   25.241113]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   25.246092]  ? ipt_do_table+0xd0a/0x1330
[   25.250114]  ? trace_hardirqs_on+0xd/0x10
[   25.254233]  ? __local_bh_enable_ip+0x121/0x230
[   25.258866]  ? ipt_do_table+0xd75/0x1330
[   25.262890]  ? ipv4_mtu+0x34d/0x4c0
[   25.266479]  ? find_held_lock+0x35/0x1d0
[   25.270765]  ip_finish_output+0x864/0xd10
[   25.274963]  ? ip_finish_output+0x864/0xd10
[   25.279249]  ? ip_fragment.constprop.47+0x200/0x200
[   25.284229]  ? iptable_mangle_hook+0xa9/0x560
[   25.288689]  ? nf_hook_slow+0xd3/0x1a0
[   25.292539]  ip_mc_output+0x277/0x1360
[   25.296392]  ? ip_queue_xmit+0x18e0/0x18e0
[   25.300590]  ? lock_downgrade+0x980/0x980
[   25.304703]  ? nf_hook_slow+0xd3/0x1a0
[   25.308557]  ? __ip_local_out+0x494/0x7a0
[   25.312674]  ? ip_copy_addrs+0xe0/0xe0
[   25.316525]  ? skb_copy_ubufs+0x1910/0x1910
[   25.320811]  ? ip_fragment.constprop.47+0x200/0x200
[   25.325797]  ? __ip_select_ident+0x168/0x270
[   25.330170]  ? ip_idents_reserve+0x2a0/0x2a0
[   25.335150]  ip_local_out+0x95/0x160
[   25.338826]  iptunnel_xmit+0x556/0x810
[   25.342677]  ip_tunnel_xmit+0x1780/0x3650
[   25.346792]  ? skb_headers_offset_update+0x170/0x290
[   25.351858]  ? ip_md_tunnel_xmit+0x14e0/0x14e0
[   25.356408]  ? save_stack_trace+0x1a/0x20
[   25.361043]  ? skb_copy_ubufs+0x1910/0x1910
[   25.365331]  ? iptunnel_handle_offloads+0x3a3/0x710
[   25.370311]  __gre_xmit+0x546/0x8b0
[   25.374773]  erspan_xmit+0x409/0x13b0
[   25.379061]  ? prepare_fb_xmit+0x9a0/0x9a0
[   25.383262]  ? __lock_is_held+0xb6/0x140
[   25.387291]  dev_hard_start_xmit+0x24e/0xac0
[   25.391751]  ? validate_xmit_skb_list+0x120/0x120
[   25.396554]  ? netif_skb_features+0x5ff/0x9b0
[   25.401014]  ? lock_acquire+0x1d5/0x580
[   25.404950]  ? lock_acquire+0x1d5/0x580
[   25.408887]  ? sch_direct_xmit+0x280/0x6d0
[   25.413088]  ? lock_release+0xa40/0xa40
[   25.417032]  ? netif_skb_features+0x9b0/0x9b0
[   25.421493]  ? do_raw_spin_trylock+0x190/0x190
[   25.426039]  ? lock_acquire+0x1d5/0x580
[   25.430235]  ? __dev_queue_xmit+0xb37/0x2920
[   25.435045]  sch_direct_xmit+0x31d/0x6d0
[   25.439073]  ? dev_deactivate_queue.constprop.30+0x260/0x260
[   25.444835]  __dev_queue_xmit+0x1ce2/0x2920
[   25.449124]  ? netdev_pick_tx+0x300/0x300
[   25.453237]  ? find_held_lock+0x35/0x1d0
[   25.457266]  ? lock_downgrade+0x980/0x980
[   25.461377]  ? check_noncircular+0x20/0x20
[   25.465576]  ? __local_bh_enable_ip+0x121/0x230
[   25.470210]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   25.475188]  ? __neigh_create+0x1657/0x1d90
[   25.479473]  ? __local_bh_enable_ip+0x121/0x230
[   25.484108]  ? _raw_write_unlock_bh+0x30/0x40
[   25.488566]  ? __neigh_create+0xc06/0x1d90
[   25.492763]  ? print_irqtrace_events+0x270/0x270
[   25.497488]  ? ip_finish_output2+0x8d2/0x1500
[   25.501948]  ? lock_downgrade+0x980/0x980
[   25.506059]  ? lock_release+0xa40/0xa40
[   25.509998]  ? mark_held_locks+0xaf/0x100
[   25.514110]  ? memcpy+0x45/0x50
[   25.517354]  dev_queue_xmit+0x17/0x20
[   25.521117]  ? dev_queue_xmit+0x17/0x20
[   25.525055]  neigh_resolve_output+0x5e2/0xa00
[   25.529513]  ? ether_setup+0x2d0/0x2d0
[   25.533368]  ? __neigh_event_send+0x1050/0x1050
[   25.538004]  ? tun_get_user+0x262e/0x3710
[   25.542114]  ? tun_chr_write_iter+0xb9/0x160
[   25.546487]  ? do_iter_readv_writev+0x525/0x7f0
[   25.551130]  ip_finish_output2+0x8d2/0x1500
[   25.556111]  ? ip_copy_metadata+0xac0/0xac0
[   25.561612]  ? check_noncircular+0x20/0x20
[   25.565825]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   25.570808]  ? ipt_do_table+0xd0a/0x1330
[   25.574833]  ? trace_hardirqs_on+0xd/0x10
[   25.578947]  ? __local_bh_enable_ip+0x121/0x230
[   25.583584]  ? ipt_do_table+0xd75/0x1330
[   25.587618]  ? ipv4_mtu+0x34d/0x4c0
[   25.591208]  ? rt_cpu_seq_show+0x2c0/0x2c0
[   25.595406]  ? find_held_lock+0x35/0x1d0
[   25.599431]  ip_finish_output+0x864/0xd10
[   25.603543]  ? ip_finish_output+0x864/0xd10
[   25.607829]  ? ip_fragment.constprop.47+0x200/0x200
[   25.612808]  ? iptable_mangle_hook+0xa9/0x560
[   25.617267]  ? nf_hook_slow+0xd3/0x1a0
[   25.621117]  ip_mc_output+0x277/0x1360
[   25.624969]  ? ip_queue_xmit+0x18e0/0x18e0
[   25.629166]  ? lock_downgrade+0x980/0x980
[   25.633281]  ? nf_hook_slow+0xd3/0x1a0
[   25.637132]  ? __ip_local_out+0x494/0x7a0
[   25.641245]  ? ip_copy_addrs+0xe0/0xe0
[   25.645097]  ? dst_release+0x3d/0x90
[   25.648772]  ? __ip_make_skb+0xfd7/0x1860
[   25.652885]  ? ip_fragment.constprop.47+0x200/0x200
[   25.657867]  ip_local_out+0x95/0x160
[   25.661544]  ip_send_skb+0x3c/0xc0
[   25.665049]  ip_push_pending_frames+0x64/0x80
[   25.669510]  icmp_push_reply+0x395/0x4f0
[   25.673539]  icmp_send+0x1148/0x19d0
[   25.677229]  ? icmp_route_lookup.constprop.24+0x1360/0x1360
[   25.682910]  ? check_noncircular+0x20/0x20
[   25.687108]  ? __lock_acquire+0x664/0x3e00
[   25.691309]  ? __is_insn_slot_addr+0x1fc/0x330
[   25.695855]  ? find_held_lock+0x35/0x1d0
[   25.699882]  ? lock_downgrade+0x980/0x980
[   25.703994]  ? lock_release+0xa40/0xa40
[   25.707932]  ip_options_compile+0xc21/0x1a50
[   25.712306]  ? ip_forward+0x1ce0/0x1ce0
[   25.716242]  ? ip_route_input_rcu+0x31b0/0x31b0
[   25.720877]  ip_rcv_finish+0x80f/0x1e30
[   25.724819]  ? inet_del_offload+0x40/0x40
[   25.728932]  ? ip_rcv+0xf22/0x1840
[   25.732438]  ? lock_downgrade+0x980/0x980
[   25.736550]  ? nf_nat_ipv4_in+0x1cd/0x270
[   25.740662]  ? iptable_nat_ipv4_fn+0x40/0x40
[   25.745776]  ? nf_hook_slow+0xd3/0x1a0
[   25.750236]  ip_rcv+0xc5a/0x1840
[   25.753568]  ? ip_local_deliver+0x6e0/0x6e0
[   25.757866]  ? inet_del_offload+0x40/0x40
[   25.761982]  ? ip_local_deliver+0x6e0/0x6e0
[   25.766270]  __netif_receive_skb_core+0x1a41/0x3460
[   25.771258]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   25.776421]  ? nf_ingress+0x9f0/0x9f0
[   25.780191]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   25.785362]  ? __skb_flow_get_ports+0x420/0x420
[   25.789995]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   25.795151]  ? check_noncircular+0x20/0x20
[   25.799354]  ? check_noncircular+0x20/0x20
[   25.803553]  ? lock_release+0xa40/0xa40
[   25.807508]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   25.812575]  ? print_irqtrace_events+0x270/0x270
[   25.817556]  ? lock_downgrade+0x980/0x980
[   25.821671]  ? pvclock_read_flags+0x160/0x160
[   25.826131]  ? mark_held_locks+0xaf/0x100
[   25.830244]  ? lock_acquire+0x1d5/0x580
[   25.834183]  ? lock_acquire+0x1d5/0x580
[   25.838146]  ? netif_receive_skb_internal+0xa2/0x670
[   25.843214]  ? ktime_get_with_offset+0x2c1/0x420
[   25.847934]  ? lock_release+0xa40/0xa40
[   25.851874]  ? do_gettimeofday+0x190/0x190
[   25.856075]  __netif_receive_skb+0x2c/0x1b0
[   25.860361]  ? __netif_receive_skb+0x2c/0x1b0
[   25.864909]  netif_receive_skb_internal+0x10b/0x670
[   25.869898]  ? dev_cpu_dead+0xb00/0xb00
[   25.873837]  ? net_rx_action+0x1910/0x1910
[   25.878036]  ? eth_type_trans+0x2b2/0x710
[   25.882147]  ? eth_gro_receive+0x820/0x820
[   25.886347]  napi_gro_frags+0x58a/0xaf0
[   25.890286]  ? napi_gro_receive+0x500/0x500
[   25.894577]  ? tun_get_user+0x2605/0x3710
[   25.898690]  tun_get_user+0x262e/0x3710
[   25.903246]  ? tun_build_skb.isra.48+0x17d0/0x17d0
[   25.908141]  ? _raw_spin_unlock+0x22/0x30
[   25.912259]  ? do_huge_pmd_anonymous_page+0xb21/0x1b00
[   25.917504]  ? tun_get+0x1ab/0x2e0
[   25.921010]  ? perf_event_fork+0x30/0x30
[   25.925036]  ? lock_release+0xa40/0xa40
[   25.928973]  ? __lock_is_held+0xb6/0x140
[   25.933001]  ? tun_get+0x1d4/0x2e0
[   25.936506]  ? tun_chr_close+0x60/0x60
[   25.940361]  ? rcu_note_context_switch+0x710/0x710
[   25.945256]  ? vma_link+0xe9/0x170
[   25.948760]  tun_chr_write_iter+0xb9/0x160
[   25.952965]  do_iter_readv_writev+0x525/0x7f0
[   25.957427]  ? vfs_dedupe_file_range+0x8f0/0x8f0
[   25.962754]  ? rw_verify_area+0xe5/0x2b0
[   25.966780]  do_iter_write+0x154/0x540
[   25.970637]  ? iov_iter_get_pages+0x1150/0x1150
[   25.975277]  compat_writev+0x225/0x420
[   25.979129]  ? __fget_light+0x297/0x380
[   25.983067]  ? do_pwritev+0x1a0/0x1a0
[   25.987824]  ? find_held_lock+0x35/0x1d0
[   25.991854]  ? __do_page_fault+0x5f7/0xc90
[   25.996057]  ? __fdget_pos+0x130/0x190
[   25.999914]  ? __fdget_raw+0x20/0x20
[   26.003590]  ? down_read_trylock+0xdb/0x170
[   26.007875]  ? __do_page_fault+0x32d/0xc90
[   26.012077]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   26.016623]  do_compat_writev+0x115/0x220
[   26.020820]  ? do_compat_writev+0x115/0x220
[   26.025105]  ? compat_writev+0x420/0x420
[   26.029132]  compat_SyS_writev+0x26/0x30
[   26.033851]  ? compat_SyS_preadv2+0x90/0x90
[   26.038318]  do_fast_syscall_32+0x3ee/0xf9d
[   26.042603]  ? do_int80_syscall_32+0x9d0/0x9d0
[   26.047408]  ? kasan_check_read+0x11/0x20
[   26.052766]  ? syscall_return_slowpath+0x550/0x550
[   26.057660]  ? SyS_rt_sigaction+0x94/0x1b0
[   26.061860]  ? SyS_sigprocmask+0x4b0/0x4b0
[   26.066058]  ? SyS_read+0x184/0x220
[   26.069653]  ? retint_user+0x18/0x18
[   26.073333]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.078140]  entry_SYSENTER_compat+0x54/0x63
[   26.082512] RIP: 0023:0xf7fd9c79
[   26.085839] RSP: 002b:00000000ff9190b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000092
[   26.093510] RAX: ffffffffffffffda RBX