[....] Starting enhanced syslogd: rsyslogd[   12.765892] audit: type=1400 audit(1515861718.294:5): avc:  denied  { syslog } for  pid=3516 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   19.642799] audit: type=1400 audit(1515861725.171:6): avc:  denied  { map } for  pid=3655 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.62' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
[   25.904902] audit: type=1400 audit(1515861731.433:7): avc:  denied  { map } for  pid=3670 comm="syzkaller789509" path="/root/syzkaller789509833" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   26.284567] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
[   26.634958] 
[   26.636622] ============================================
[   26.642050] WARNING: possible recursive locking detected
[   26.647469] 4.15.0-rc7-next-20180112+ #96 Not tainted
[   26.652631] --------------------------------------------
[   26.658050] syzkaller789509/3670 is trying to acquire lock:
[   26.663726]  (_xmit_ETHER#2){+.-.}, at: [<00000000b974b47e>] sch_direct_xmit+0x361/0x1140
[   26.672030] 
[   26.672030] but task is already holding lock:
[   26.677970]  (_xmit_ETHER#2){+.-.}, at: [<00000000b974b47e>] sch_direct_xmit+0x361/0x1140
[   26.686265] 
[   26.686265] other info that might help us debug this:
[   26.692904]  Possible unsafe locking scenario:
[   26.692904] 
[   26.698929]        CPU0
[   26.701482]        ----
[   26.704042]   lock(_xmit_ETHER#2);
[   26.707550]   lock(_xmit_ETHER#2);
[   26.711060] 
[   26.711060]  *** DEADLOCK ***
[   26.711060] 
[   26.717090]  May be due to missing lock nesting notation
[   26.717090] 
[   26.723983] 8 locks held by syzkaller789509/3670:
[   26.728797]  #0:  (&tfile->napi_mutex){+.+.}, at: [<0000000098f8daf3>] tun_get_user+0xe6c/0x3940
[   26.737697]  #1:  (rcu_read_lock){....}, at: [<000000005bf864be>] netif_receive_skb_internal+0xa2/0x670
[   26.747207]  #2:  (k-slock-AF_INET){+...}, at: [<00000000a211977f>] icmp_send+0x758/0x19b0
[   26.755586]  #3:  (rcu_read_lock_bh){....}, at: [<000000007acffca1>] ip_finish_output2+0x2aa/0x14f0
[   26.764753]  #4:  (rcu_read_lock_bh){....}, at: [<00000000fd99e19a>] __dev_queue_xmit+0x2d8/0x2b50
[   26.773824]  #5:  (_xmit_ETHER#2){+.-.}, at: [<00000000b974b47e>] sch_direct_xmit+0x361/0x1140
[   26.782548]  #6:  (rcu_read_lock_bh){....}, at: [<000000007acffca1>] ip_finish_output2+0x2aa/0x14f0
[   26.791710]  #7:  (rcu_read_lock_bh){....}, at: [<00000000fd99e19a>] __dev_queue_xmit+0x2d8/0x2b50
[   26.800780] 
[   26.800780] stack backtrace:
[   26.805247] CPU: 0 PID: 3670 Comm: syzkaller789509 Not tainted 4.15.0-rc7-next-20180112+ #96
[   26.813787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.823110] Call Trace:
[   26.825675]  dump_stack+0x194/0x257
[   26.829272]  ? arch_local_irq_restore+0x53/0x53
[   26.833914]  __lock_acquire+0xe8f/0x3e00
[   26.837945]  ? print_lockdep_cache.isra.31+0x109/0x109
[   26.843198]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.848362]  ? __kernel_text_address+0xd/0x40
[   26.852828]  ? unwind_get_return_address+0x61/0xa0
[   26.857733]  ? __save_stack_trace+0x7e/0xd0
[   26.862035]  ? print_lockdep_cache.isra.31+0x109/0x109
[   26.867282]  ? save_stack_trace+0x1a/0x20
[   26.871413]  ? save_trace+0xe0/0x2b0
[   26.875102]  ? __lock_acquire+0x36c0/0x3e00
[   26.879402]  ? skb_network_protocol+0xef/0x4b0
[   26.883955]  ? check_noncircular+0x20/0x20
[   26.888162]  ? netif_skb_features+0x5ff/0x9b0
[   26.892626]  ? dev_get_by_index_rcu+0x320/0x320
[   26.897270]  ? __skb_gso_segment+0x810/0x810
[   26.901651]  lock_acquire+0x1d5/0x580
[   26.905423]  ? lock_acquire+0x1d5/0x580
[   26.909371]  ? sch_direct_xmit+0x361/0x1140
[   26.913665]  ? validate_xmit_skb+0x50d/0xaf0
[   26.918051]  ? lock_release+0xa40/0xa40
[   26.921997]  ? netif_skb_features+0x9b0/0x9b0
[   26.926484]  ? pfifo_fast_dequeue+0x20e/0x870
[   26.930953]  _raw_spin_lock+0x2a/0x40
[   26.934725]  ? sch_direct_xmit+0x361/0x1140
[   26.939025]  sch_direct_xmit+0x361/0x1140
[   26.943160]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   26.948147]  ? pfifo_fast_reset+0x490/0x490
[   26.952438]  ? __lock_is_held+0xb6/0x140
[   26.956470]  __qdisc_run+0x57d/0x19c0
[   26.960249]  ? sch_direct_xmit+0x1140/0x1140
[   26.964631]  ? lock_release+0xa40/0xa40
[   26.968581]  ? __dev_queue_xmit+0x2d8/0x2b50
[   26.972960]  ? pfifo_fast_enqueue+0x2a0/0x420
[   26.977428]  __dev_queue_xmit+0xb62/0x2b50
[   26.981641]  ? netdev_pick_tx+0x300/0x300
[   26.985773]  ? find_held_lock+0x35/0x1d0
[   26.989812]  ? lock_downgrade+0x980/0x980
[   26.993934]  ? check_noncircular+0x20/0x20
[   26.998140]  ? __local_bh_enable_ip+0x121/0x230
[   27.002788]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   27.007777]  ? __neigh_create+0x1657/0x1d90
[   27.012073]  ? __local_bh_enable_ip+0x121/0x230
[   27.016718]  ? _raw_write_unlock_bh+0x30/0x40
[   27.021187]  ? __neigh_create+0xc06/0x1d90
[   27.025413]  ? print_irqtrace_events+0x270/0x270
[   27.030143]  ? ip_finish_output2+0x8c6/0x14f0
[   27.034609]  ? lock_downgrade+0x980/0x980
[   27.038733]  ? lock_release+0xa40/0xa40
[   27.042676]  ? mark_held_locks+0xaf/0x100
[   27.046796]  ? memcpy+0x45/0x50
[   27.050052]  dev_queue_xmit+0x17/0x20
[   27.053830]  ? dev_queue_xmit+0x17/0x20
[   27.057776]  neigh_resolve_output+0x5e2/0xa00
[   27.062247]  ? ether_setup+0x2d0/0x2d0
[   27.066113]  ? __neigh_event_send+0x1040/0x1040
[   27.070765]  ? ip_finish_output+0x864/0xd10
[   27.075055]  ? ip_mc_output+0x271/0x1350
[   27.079088]  ip_finish_output2+0x8c6/0x14f0
[   27.083379]  ? __local_bh_enable_ip+0x121/0x230
[   27.088023]  ? ip_copy_metadata+0xac0/0xac0
[   27.092315]  ? check_noncircular+0x20/0x20
[   27.096520]  ? ipt_do_table+0xdd3/0x13b0
[   27.100562]  ? ipv4_mtu+0x347/0x4c0
[   27.104159]  ? rt_cpu_seq_show+0x2c0/0x2c0
[   27.108365]  ? find_held_lock+0x35/0x1d0
[   27.112397]  ip_finish_output+0x864/0xd10
[   27.116520]  ? ip_finish_output+0x864/0xd10
[   27.120818]  ? ip_fragment.constprop.47+0x200/0x200
[   27.125807]  ? iptable_mangle_hook+0xaf/0x4a0
[   27.130286]  ? nf_hook_slow+0xd3/0x1a0
[   27.134156]  ip_mc_output+0x271/0x1350
[   27.138021]  ? ip_queue_xmit+0x18e0/0x18e0
[   27.142231]  ? lock_downgrade+0x980/0x980
[   27.146353]  ? nf_hook_slow+0xd3/0x1a0
[   27.150212]  ? __ip_local_out+0x494/0x7a0
[   27.154331]  ? ip_copy_addrs+0xe0/0xe0
[   27.158189]  ? skb_copy_ubufs+0x1910/0x1910
[   27.162482]  ? ip_fragment.constprop.47+0x200/0x200
[   27.167474]  ? __ip_select_ident+0x168/0x270
[   27.171858]  ? ip_idents_reserve+0x2a0/0x2a0
[   27.176238]  ip_local_out+0x95/0x160
[   27.179923]  iptunnel_xmit+0x556/0x810
[   27.183782]  ip_tunnel_xmit+0x1780/0x3650
[   27.187904]  ? ip_md_tunnel_xmit+0x14d0/0x14d0
[   27.192459]  ? lock_downgrade+0x980/0x980
[   27.196579]  ? pvclock_read_flags+0x160/0x160
[   27.201046]  ? mark_held_locks+0xaf/0x100
[   27.205173]  ? ktime_get_with_offset+0x188/0x420
[   27.209902]  ? kvm_clock_get_cycles+0x25/0x30
[   27.214369]  ? do_gettimeofday+0x190/0x190
[   27.218575]  __gre_xmit+0x546/0x8b0
[   27.222176]  erspan_xmit+0x7eb/0x2430
[   27.225957]  ? gretap_fb_dev_create+0x250/0x250
[   27.230609]  ? __lock_is_held+0xb6/0x140
[   27.234644]  dev_hard_start_xmit+0x24e/0xac0
[   27.239027]  ? validate_xmit_skb_list+0x120/0x120
[   27.243842]  ? __skb_gso_segment+0x810/0x810
[   27.248233]  ? lock_acquire+0x1d5/0x580
[   27.252177]  ? lock_acquire+0x1d5/0x580
[   27.256139]  ? sch_direct_xmit+0x361/0x1140
[   27.260433]  ? validate_xmit_skb+0x50d/0xaf0
[   27.264814]  ? lock_release+0xa40/0xa40
[   27.268762]  ? netif_skb_features+0x9b0/0x9b0
[   27.273226]  ? pfifo_fast_dequeue+0x20e/0x870
[   27.277693]  sch_direct_xmit+0x40d/0x1140
[   27.281813]  ? pfifo_fast_reset+0x490/0x490
[   27.286111]  ? __lock_is_held+0xb6/0x140
[   27.290147]  __qdisc_run+0x57d/0x19c0
[   27.293928]  ? sch_direct_xmit+0x1140/0x1140
[   27.298306]  ? lock_release+0xa40/0xa40
[   27.302258]  ? __dev_queue_xmit+0x2d8/0x2b50
[   27.306648]  ? pfifo_fast_enqueue+0x2a0/0x420
[   27.311114]  __dev_queue_xmit+0xb62/0x2b50
[   27.315321]  ? netdev_pick_tx+0x300/0x300
[   27.319443]  ? find_held_lock+0x35/0x1d0
[   27.323482]  ? lock_downgrade+0x980/0x980
[   27.327600]  ? check_noncircular+0x20/0x20
[   27.331805]  ? __local_bh_enable_ip+0x121/0x230
[   27.336444]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   27.341434]  ? __neigh_create+0x1657/0x1d90
[   27.345725]  ? __local_bh_enable_ip+0x121/0x230
[   27.350366]  ? _raw_write_unlock_bh+0x30/0x40
[   27.354836]  ? __neigh_create+0xc06/0x1d90
[   27.359043]  ? print_irqtrace_events+0x270/0x270
[   27.363790]  ? ip_finish_output2+0x8c6/0x14f0
[   27.368278]  ? lock_downgrade+0x980/0x980
[   27.372400]  ? lock_release+0xa40/0xa40
[   27.376349]  ? mark_held_locks+0xaf/0x100
[   27.380469]  ? memcpy+0x45/0x50
[   27.383738]  dev_queue_xmit+0x17/0x20
[   27.387538]  ? dev_queue_xmit+0x17/0x20
[   27.391511]  neigh_resolve_output+0x5e2/0xa00
[   27.396005]  ? ether_setup+0x2d0/0x2d0
[   27.399897]  ? __neigh_event_send+0x1040/0x1040
[   27.404564]  ? tun_get_user+0x2760/0x3940
[   27.408711]  ? tun_chr_write_iter+0xb9/0x160
[   27.413111]  ip_finish_output2+0x8c6/0x14f0
[   27.417408]  ? __local_bh_enable_ip+0x121/0x230
[   27.422057]  ? ip_copy_metadata+0xac0/0xac0
[   27.426361]  ? check_noncircular+0x20/0x20
[   27.430567]  ? ipt_do_table+0xdd3/0x13b0
[   27.434600]  ? ipv4_mtu+0x347/0x4c0
[   27.438196]  ? rt_cpu_seq_show+0x2c0/0x2c0
[   27.442400]  ? find_held_lock+0x35/0x1d0
[   27.446432]  ip_finish_output+0x864/0xd10
[   27.450557]  ? ip_finish_output+0x864/0xd10
[   27.454855]  ? ip_fragment.constprop.47+0x200/0x200
[   27.459840]  ? iptable_mangle_hook+0xaf/0x4a0
[   27.464306]  ? nf_hook_slow+0xd3/0x1a0
[   27.468813]  ip_mc_output+0x271/0x1350
[   27.472677]  ? ip_queue_xmit+0x18e0/0x18e0
[   27.476891]  ? lock_downgrade+0x980/0x980
[   27.481019]  ? nf_hook_slow+0xd3/0x1a0
[   27.484885]  ? __ip_local_out+0x494/0x7a0
[   27.489012]  ? ip_copy_addrs+0xe0/0xe0
[   27.492875]  ? dst_release+0x3a/0x90
[   27.496558]  ? __ip_make_skb+0xfd1/0x1850
[   27.500676]  ? ip_fragment.constprop.47+0x200/0x200
[   27.505661]  ip_local_out+0x95/0x160
[   27.509350]  ip_send_skb+0x3c/0xc0
[   27.512861]  ip_push_pending_frames+0x64/0x80
[   27.517325]  icmp_push_reply+0x395/0x4f0
[   27.521361]  icmp_send+0x1136/0x19b0
[   27.525052]  ? icmp_route_lookup.constprop.24+0x1360/0x1360
[   27.530732]  ? check_noncircular+0x20/0x20
[   27.534955]  ? __lock_acquire+0x664/0x3e00
[   27.539160]  ? __debug_object_init+0x235/0x1040
[   27.543799]  ? __is_insn_slot_addr+0x1fc/0x330
[   27.548362]  ? find_held_lock+0x35/0x1d0
[   27.552394]  ? lock_downgrade+0x980/0x980
[   27.556512]  ? lock_release+0xa40/0xa40
[   27.560454]  ip_options_compile+0xc21/0x1a50
[   27.564833]  ? ip_forward+0x1cd0/0x1cd0
[   27.568780]  ? ip_route_input_rcu+0x3180/0x3180
[   27.573420]  ip_rcv_finish+0x80f/0x1e30
[   27.577365]  ? inet_del_offload+0x40/0x40
[   27.581483]  ? ip_rcv+0xf22/0x1840
[   27.584994]  ? lock_downgrade+0x980/0x980
[   27.589116]  ? nf_nat_ipv4_in+0x1cd/0x270
[   27.593244]  ? iptable_nat_ipv4_fn+0x40/0x40
[   27.597628]  ? nf_hook_slow+0xd3/0x1a0
[   27.601492]  ip_rcv+0xc5a/0x1840
[   27.604827]  ? ip_local_deliver+0x6e0/0x6e0
[   27.609119]  ? inet_del_offload+0x40/0x40
[   27.613242]  ? ip_local_deliver+0x6e0/0x6e0
[   27.617536]  __netif_receive_skb_core+0x1a41/0x3460
[   27.622524]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.627690]  ? nf_ingress+0x9f0/0x9f0
[   27.631464]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.636630]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.641792]  ? check_noncircular+0x20/0x20
[   27.645995]  ? check_noncircular+0x20/0x20
[   27.650201]  ? lock_downgrade+0x980/0x980
[   27.654326]  ? lock_release+0xa40/0xa40
[   27.658271]  ? mark_held_locks+0xaf/0x100
[   27.662390]  ? print_irqtrace_events+0x270/0x270
[   27.667118]  ? lock_downgrade+0x980/0x980
[   27.671247]  ? pvclock_read_flags+0x160/0x160
[   27.675712]  ? mark_held_locks+0xaf/0x100
[   27.679838]  ? lock_acquire+0x1d5/0x580
[   27.683785]  ? lock_acquire+0x1d5/0x580
[   27.687740]  ? netif_receive_skb_internal+0xa2/0x670
[   27.692816]  ? ktime_get_with_offset+0x2c1/0x420
[   27.697543]  ? lock_release+0xa40/0xa40
[   27.701489]  ? do_gettimeofday+0x190/0x190
[   27.705697]  __netif_receive_skb+0x2c/0x1b0
[   27.709989]  ? __netif_receive_skb+0x2c/0x1b0
[   27.714457]  netif_receive_skb_internal+0x10b/0x670
[   27.719443]  ? dev_cpu_dead+0xb00/0xb00
[   27.723399]  ? net_rx_action+0x1910/0x1910
[   27.727603]  ? eth_type_trans+0x2b2/0x710
[   27.731723]  ? eth_gro_receive+0x820/0x820
[   27.735946]  napi_gro_frags+0x58a/0xaf0
[   27.739890]  ? napi_gro_receive+0x500/0x500
[   27.744186]  ? tun_get_user+0x2737/0x3940
[   27.748304]  tun_get_user+0x2760/0x3940
[   27.752251]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.757418]  ? do_huge_pmd_anonymous_page+0xb1e/0x1b00
[   27.762667]  ? tun_build_skb.isra.49+0x1810/0x1810
[   27.767569]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.772727]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.777886]  ? trace_hardirqs_on+0xd/0x10
[   27.782008]  ? find_held_lock+0x35/0x1d0
[   27.786053]  ? tun_get+0x1ab/0x2e0
[   27.789566]  ? lock_release+0xa40/0xa40
[   27.793510]  ? __lock_is_held+0xb6/0x140
[   27.797545]  ? tun_get+0x1d4/0x2e0
[   27.801056]  ? tun_do_read+0x2600/0x2600
[   27.805088]  ? __check_object_size+0x8b/0x530
[   27.809554]  ? rcu_note_context_switch+0x710/0x710
[   27.814457]  tun_chr_write_iter+0xb9/0x160
[   27.818663]  do_iter_readv_writev+0x525/0x7f0
[   27.823130]  ? vfs_dedupe_file_range+0x8f0/0x8f0
[   27.827862]  ? rw_verify_area+0xe5/0x2b0
[   27.831892]  do_iter_write+0x154/0x540
[   27.835753]  ? dup_iter+0x260/0x260
[   27.839357]  vfs_writev+0x18a/0x340
[   27.842956]  ? __fget_light+0x297/0x380
[   27.846901]  ? vfs_iter_write+0xb0/0xb0
[   27.850845]  ? up_read+0x1a/0x40
[   27.854189]  ? __do_page_fault+0x3d6/0xc90
[   27.858394]  ? mm_fault_error+0x2c0/0x2c0
[   27.862513]  ? __fdget_pos+0x130/0x190
[   27.866465]  ? __fdget_raw+0x20/0x20
[   27.870152]  ? __do_page_fault+0xc90/0xc90
[   27.874364]  do_writev+0xfc/0x2a0
[   27.877786]  ? do_writev+0xfc/0x2a0
[   27.881381]  ? vfs_writev+0x340/0x340
[   27.885168]  ? entry_SYSCALL_64_fastpath+0x5/0xa0
[   27.889989]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   27.894979]  SyS_writev+0x27/0x30
[   27.898845]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   27.903583] RIP: 0033:0x444f50
[   27.906743] RSP: 002b:00007ffe878695e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   27.914419] RAX: ffffffffffffffda RBX: 00000000004a6852 RCX: 0000000000444f50
[   27.921660] RDX: 0000000000000001 RSI: 00007ffe87869620 RDI: 0000000000000003
[   27.928900] RBP: 00007ffe87869718 R08: 0000000000000023 R09: 0000000000000000
[   27.936141] R10: 0000000000000000 R11: 00000000000002