[....] Starting enhanced syslogd: rsyslogd[   12.330788] audit: type=1400 audit(1515865363.704:5): avc:  denied  { syslog } for  pid=3488 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   17.095547] audit: type=1400 audit(1515865368.469:6): avc:  denied  { map } for  pid=3628 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
[   23.287344] audit: type=1400 audit(1515865374.660:7): avc:  denied  { map } for  pid=3642 comm="syzkaller026001" path="/root/syzkaller026001399" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   23.624481] ip (3708) used greatest stack depth: 16768 bytes left
[   23.656513] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
[   23.976207] 
[   23.977845] ============================================
[   23.983263] WARNING: possible recursive locking detected
[   23.988681] 4.15.0-rc7-mm1+ #56 Not tainted
[   23.992970] --------------------------------------------
[   23.998387] syzkaller026001/3642 is trying to acquire lock:
[   24.004063]  (_xmit_ETHER#2){+.-.}, at: [<00000000338fb4c4>] sch_direct_xmit+0x361/0x1140
[   24.012356] 
[   24.012356] but task is already holding lock:
[   24.018299]  (_xmit_ETHER#2){+.-.}, at: [<00000000338fb4c4>] sch_direct_xmit+0x361/0x1140
[   24.026588] 
[   24.026588] other info that might help us debug this:
[   24.033227]  Possible unsafe locking scenario:
[   24.033227] 
[   24.039271]        CPU0
[   24.041821]        ----
[   24.044372]   lock(_xmit_ETHER#2);
[   24.047879]   lock(_xmit_ETHER#2);
[   24.051389] 
[   24.051389]  *** DEADLOCK ***
[   24.051389] 
[   24.057413]  May be due to missing lock nesting notation
[   24.057413] 
[   24.064305] 8 locks held by syzkaller026001/3642:
[   24.069111]  #0:  (&tfile->napi_mutex){+.+.}, at: [<00000000e12fe9ad>] tun_get_user+0xe6c/0x3940
[   24.078014]  #1:  (rcu_read_lock){....}, at: [<00000000a1fd07aa>] netif_receive_skb_internal+0xa2/0x670
[   24.087533]  #2:  (k-slock-AF_INET){+...}, at: [<00000000b0acae74>] icmp_send+0x758/0x19b0
[   24.095914]  #3:  (rcu_read_lock_bh){....}, at: [<00000000cd57f86f>] ip_finish_output2+0x2aa/0x14f0
[   24.105072]  #4:  (rcu_read_lock_bh){....}, at: [<000000006bd9fa77>] __dev_queue_xmit+0x2d8/0x2b50
[   24.114141]  #5:  (_xmit_ETHER#2){+.-.}, at: [<00000000338fb4c4>] sch_direct_xmit+0x361/0x1140
[   24.122878]  #6:  (rcu_read_lock_bh){....}, at: [<00000000cd57f86f>] ip_finish_output2+0x2aa/0x14f0
[   24.132036]  #7:  (rcu_read_lock_bh){....}, at: [<000000006bd9fa77>] __dev_queue_xmit+0x2d8/0x2b50
[   24.141105] 
[   24.141105] stack backtrace:
[   24.145574] CPU: 0 PID: 3642 Comm: syzkaller026001 Not tainted 4.15.0-rc7-mm1+ #56
[   24.153245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   24.162581] Call Trace:
[   24.165141]  dump_stack+0x194/0x257
[   24.168746]  ? arch_local_irq_restore+0x53/0x53
[   24.173385]  __lock_acquire+0xe8f/0x3e00
[   24.177415]  ? print_lockdep_cache.isra.31+0x109/0x109
[   24.182666]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   24.187835]  ? __kernel_text_address+0xd/0x40
[   24.192303]  ? unwind_get_return_address+0x61/0xa0
[   24.197204]  ? __save_stack_trace+0x7e/0xd0
[   24.201497]  ? print_lockdep_cache.isra.31+0x109/0x109
[   24.206751]  ? save_stack_trace+0x1a/0x20
[   24.210867]  ? save_trace+0xe0/0x2b0
[   24.214553]  ? __lock_acquire+0x36c0/0x3e00
[   24.218847]  ? skb_network_protocol+0xef/0x4b0
[   24.223403]  ? check_noncircular+0x20/0x20
[   24.227608]  ? netif_skb_features+0x5ff/0x9b0
[   24.232072]  ? dev_get_by_index_rcu+0x320/0x320
[   24.236710]  ? __skb_gso_segment+0x810/0x810
[   24.241093]  lock_acquire+0x1d5/0x580
[   24.244864]  ? lock_acquire+0x1d5/0x580
[   24.248807]  ? sch_direct_xmit+0x361/0x1140
[   24.253099]  ? validate_xmit_skb+0x50d/0xaf0
[   24.257485]  ? lock_release+0xa40/0xa40
[   24.261429]  ? netif_skb_features+0x9b0/0x9b0
[   24.265895]  ? pfifo_fast_dequeue+0x20e/0x870
[   24.270363]  _raw_spin_lock+0x2a/0x40
[   24.274142]  ? sch_direct_xmit+0x361/0x1140
[   24.278433]  sch_direct_xmit+0x361/0x1140
[   24.282549]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   24.287536]  ? pfifo_fast_reset+0x490/0x490
[   24.291829]  ? __lock_is_held+0xb6/0x140
[   24.295879]  __qdisc_run+0x57d/0x19c0
[   24.299650]  ? sch_direct_xmit+0x1140/0x1140
[   24.304029]  ? lock_release+0xa40/0xa40
[   24.307975]  ? __dev_queue_xmit+0x2d8/0x2b50
[   24.312364]  ? pfifo_fast_enqueue+0x2a0/0x420
[   24.316829]  __dev_queue_xmit+0xb62/0x2b50
[   24.321038]  ? netdev_pick_tx+0x300/0x300
[   24.325158]  ? find_held_lock+0x35/0x1d0
[   24.329202]  ? lock_downgrade+0x980/0x980
[   24.333320]  ? check_noncircular+0x20/0x20
[   24.337526]  ? __local_bh_enable_ip+0x121/0x230
[   24.342179]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   24.347181]  ? __neigh_create+0x1657/0x1d90
[   24.351474]  ? __local_bh_enable_ip+0x121/0x230
[   24.356114]  ? _raw_write_unlock_bh+0x30/0x40
[   24.360583]  ? __neigh_create+0xc06/0x1d90
[   24.364793]  ? print_irqtrace_events+0x270/0x270
[   24.369519]  ? ip_finish_output2+0x8c6/0x14f0
[   24.373982]  ? lock_downgrade+0x980/0x980
[   24.378761]  ? lock_release+0xa40/0xa40
[   24.382705]  ? mark_held_locks+0xaf/0x100
[   24.386825]  ? memcpy+0x45/0x50
[   24.390080]  dev_queue_xmit+0x17/0x20
[   24.393849]  ? dev_queue_xmit+0x17/0x20
[   24.397798]  neigh_resolve_output+0x5e2/0xa00
[   24.402266]  ? ether_setup+0x2d0/0x2d0
[   24.406133]  ? __neigh_event_send+0x1040/0x1040
[   24.410772]  ? ip_finish_output+0x864/0xd10
[   24.415062]  ? ip_mc_output+0x271/0x1350
[   24.419093]  ip_finish_output2+0x8c6/0x14f0
[   24.423388]  ? __local_bh_enable_ip+0x121/0x230
[   24.428029]  ? ip_copy_metadata+0xac0/0xac0
[   24.432319]  ? check_noncircular+0x20/0x20
[   24.436521]  ? ipt_do_table+0xdd3/0x13b0
[   24.440558]  ? ipv4_mtu+0x347/0x4c0
[   24.444155]  ? rt_cpu_seq_show+0x2c0/0x2c0
[   24.448369]  ? find_held_lock+0x35/0x1d0
[   24.452399]  ip_finish_output+0x864/0xd10
[   24.456517]  ? ip_finish_output+0x864/0xd10
[   24.460806]  ? ip_fragment.constprop.47+0x200/0x200
[   24.465788]  ? iptable_mangle_hook+0xaf/0x4a0
[   24.470256]  ? nf_hook_slow+0xd3/0x1a0
[   24.474120]  ip_mc_output+0x271/0x1350
[   24.477977]  ? ip_queue_xmit+0x18e0/0x18e0
[   24.482185]  ? lock_downgrade+0x980/0x980
[   24.486304]  ? nf_hook_slow+0xd3/0x1a0
[   24.490163]  ? __ip_local_out+0x494/0x7a0
[   24.494282]  ? ip_copy_addrs+0xe0/0xe0
[   24.498138]  ? skb_copy_ubufs+0x1910/0x1910
[   24.502431]  ? ip_fragment.constprop.47+0x200/0x200
[   24.507416]  ? __ip_select_ident+0x168/0x270
[   24.511792]  ? ip_idents_reserve+0x2a0/0x2a0
[   24.516172]  ip_local_out+0x95/0x160
[   24.519857]  iptunnel_xmit+0x556/0x810
[   24.523716]  ip_tunnel_xmit+0x1780/0x3650
[   24.527835]  ? ip_md_tunnel_xmit+0x14d0/0x14d0
[   24.532385]  ? lock_downgrade+0x980/0x980
[   24.536503]  ? pvclock_read_flags+0x160/0x160
[   24.540969]  ? mark_held_locks+0xaf/0x100
[   24.545085]  ? ktime_get_with_offset+0x188/0x420
[   24.549813]  ? kvm_clock_get_cycles+0x25/0x30
[   24.554279]  ? do_gettimeofday+0x190/0x190
[   24.558482]  __gre_xmit+0x546/0x8b0
[   24.562080]  erspan_xmit+0x7eb/0x2430
[   24.565849]  ? gretap_fb_dev_create+0x250/0x250
[   24.570488]  ? __lock_is_held+0xb6/0x140
[   24.574521]  dev_hard_start_xmit+0x24e/0xac0
[   24.578899]  ? validate_xmit_skb_list+0x120/0x120
[   24.583709]  ? __skb_gso_segment+0x810/0x810
[   24.588094]  ? lock_acquire+0x1d5/0x580
[   24.592039]  ? lock_acquire+0x1d5/0x580
[   24.595986]  ? sch_direct_xmit+0x361/0x1140
[   24.600279]  ? validate_xmit_skb+0x50d/0xaf0
[   24.604656]  ? lock_release+0xa40/0xa40
[   24.608599]  ? netif_skb_features+0x9b0/0x9b0
[   24.613062]  ? pfifo_fast_dequeue+0x20e/0x870
[   24.617529]  sch_direct_xmit+0x40d/0x1140
[   24.621647]  ? pfifo_fast_reset+0x490/0x490
[   24.625938]  ? __lock_is_held+0xb6/0x140
[   24.629970]  __qdisc_run+0x57d/0x19c0
[   24.633740]  ? sch_direct_xmit+0x1140/0x1140
[   24.638117]  ? lock_release+0xa40/0xa40
[   24.642059]  ? __dev_queue_xmit+0x2d8/0x2b50
[   24.646438]  ? pfifo_fast_enqueue+0x2a0/0x420
[   24.650903]  __dev_queue_xmit+0xb62/0x2b50
[   24.655107]  ? netdev_pick_tx+0x300/0x300
[   24.659231]  ? check_noncircular+0x20/0x20
[   24.663435]  ? __local_bh_enable_ip+0x121/0x230
[   24.668072]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   24.673063]  ? __neigh_create+0x1657/0x1d90
[   24.677355]  ? __local_bh_enable_ip+0x121/0x230
[   24.681997]  ? _raw_write_unlock_bh+0x30/0x40
[   24.686466]  ? __neigh_create+0xc06/0x1d90
[   24.690671]  ? print_irqtrace_events+0x270/0x270
[   24.695396]  ? ip_finish_output2+0x8c6/0x14f0
[   24.699861]  ? lock_downgrade+0x980/0x980
[   24.703978]  ? lock_release+0xa40/0xa40
[   24.707920]  ? mark_held_locks+0xaf/0x100
[   24.712041]  ? memcpy+0x45/0x50
[   24.715293]  dev_queue_xmit+0x17/0x20
[   24.719061]  ? dev_queue_xmit+0x17/0x20
[   24.723014]  neigh_resolve_output+0x5e2/0xa00
[   24.727482]  ? ether_setup+0x2d0/0x2d0
[   24.731340]  ? __neigh_event_send+0x1040/0x1040
[   24.735982]  ? tun_get_user+0x2760/0x3940
[   24.740102]  ? tun_chr_write_iter+0xb9/0x160
[   24.744485]  ip_finish_output2+0x8c6/0x14f0
[   24.748776]  ? __local_bh_enable_ip+0x121/0x230
[   24.753416]  ? ip_copy_metadata+0xac0/0xac0
[   24.757706]  ? check_noncircular+0x20/0x20
[   24.761908]  ? ipt_do_table+0xdd3/0x13b0
[   24.765940]  ? ipv4_mtu+0x347/0x4c0
[   24.769539]  ? rt_cpu_seq_show+0x2c0/0x2c0
[   24.773742]  ? find_held_lock+0x35/0x1d0
[   24.777774]  ip_finish_output+0x864/0xd10
[   24.781890]  ? ip_finish_output+0x864/0xd10
[   24.786182]  ? ip_fragment.constprop.47+0x200/0x200
[   24.791164]  ? iptable_mangle_hook+0xaf/0x4a0
[   24.795645]  ? nf_hook_slow+0xd3/0x1a0
[   24.799507]  ip_mc_output+0x271/0x1350
[   24.803374]  ? ip_queue_xmit+0x18e0/0x18e0
[   24.807576]  ? lock_downgrade+0x980/0x980
[   24.811698]  ? nf_hook_slow+0xd3/0x1a0
[   24.815554]  ? __ip_local_out+0x494/0x7a0
[   24.819673]  ? ip_copy_addrs+0xe0/0xe0
[   24.823529]  ? dst_release+0x3a/0x90
[   24.827212]  ? __ip_make_skb+0xfd1/0x1850
[   24.831329]  ? ip_fragment.constprop.47+0x200/0x200
[   24.836314]  ip_local_out+0x95/0x160
[   24.839998]  ip_send_skb+0x3c/0xc0
[   24.843511]  ip_push_pending_frames+0x64/0x80
[   24.847976]  icmp_push_reply+0x395/0x4f0
[   24.852009]  icmp_send+0x1136/0x19b0
[   24.855702]  ? icmp_route_lookup.constprop.24+0x1360/0x1360
[   24.861387]  ? check_noncircular+0x20/0x20
[   24.865593]  ? __lock_acquire+0x664/0x3e00
[   24.869797]  ? __debug_object_init+0x235/0x1040
[   24.874436]  ? __is_insn_slot_addr+0x1fc/0x330
[   24.878992]  ? find_held_lock+0x35/0x1d0
[   24.883030]  ? lock_downgrade+0x980/0x980
[   24.887154]  ? lock_release+0xa40/0xa40
[   24.891097]  ip_options_compile+0xc21/0x1a50
[   24.895478]  ? ip_forward+0x1cd0/0x1cd0
[   24.899423]  ? ip_route_input_rcu+0x3180/0x3180
[   24.904060]  ip_rcv_finish+0x80f/0x1e30
[   24.908007]  ? inet_del_offload+0x40/0x40
[   24.912132]  ? ip_rcv+0xf22/0x1840
[   24.915644]  ? lock_downgrade+0x980/0x980
[   24.919760]  ? nf_nat_ipv4_in+0x1cd/0x270
[   24.923884]  ? iptable_nat_ipv4_fn+0x40/0x40
[   24.928266]  ? nf_hook_slow+0xd3/0x1a0
[   24.932128]  ip_rcv+0xc5a/0x1840
[   24.935470]  ? ip_local_deliver+0x6e0/0x6e0
[   24.939763]  ? inet_del_offload+0x40/0x40
[   24.943880]  ? ip_local_deliver+0x6e0/0x6e0
[   24.948171]  __netif_receive_skb_core+0x1a41/0x3460
[   24.953158]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   24.958320]  ? nf_ingress+0x9f0/0x9f0
[   24.962095]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   24.967255]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   24.972416]  ? check_noncircular+0x20/0x20
[   24.976619]  ? check_noncircular+0x20/0x20
[   24.980822]  ? lock_downgrade+0x980/0x980
[   24.984940]  ? lock_release+0xa40/0xa40
[   24.988883]  ? mark_held_locks+0xaf/0x100
[   24.993003]  ? print_irqtrace_events+0x270/0x270
[   24.997735]  ? lock_downgrade+0x980/0x980
[   25.001865]  ? pvclock_read_flags+0x160/0x160
[   25.006338]  ? mark_held_locks+0xaf/0x100
[   25.010465]  ? lock_acquire+0x1d5/0x580
[   25.014418]  ? lock_acquire+0x1d5/0x580
[   25.018361]  ? netif_receive_skb_internal+0xa2/0x670
[   25.023433]  ? ktime_get_with_offset+0x2c1/0x420
[   25.028160]  ? lock_release+0xa40/0xa40
[   25.032103]  ? do_gettimeofday+0x190/0x190
[   25.036309]  __netif_receive_skb+0x2c/0x1b0
[   25.040599]  ? __netif_receive_skb+0x2c/0x1b0
[   25.045066]  netif_receive_skb_internal+0x10b/0x670
[   25.050052]  ? dev_cpu_dead+0xb00/0xb00
[   25.053997]  ? net_rx_action+0x1910/0x1910
[   25.058208]  ? eth_type_trans+0x2b2/0x710
[   25.062326]  ? eth_gro_receive+0x820/0x820
[   25.066533]  napi_gro_frags+0x58a/0xaf0
[   25.070478]  ? napi_gro_receive+0x500/0x500
[   25.074772]  ? tun_get_user+0x2737/0x3940
[   25.078919]  tun_get_user+0x2760/0x3940
[   25.082865]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   25.088029]  ? do_huge_pmd_anonymous_page+0xb1e/0x1b00
[   25.093282]  ? tun_build_skb.isra.49+0x1810/0x1810
[   25.098182]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   25.103342]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   25.108501]  ? trace_hardirqs_on+0xd/0x10
[   25.112621]  ? find_held_lock+0x35/0x1d0
[   25.116652]  ? tun_get+0x1ab/0x2e0
[   25.120161]  ? lock_release+0xa40/0xa40
[   25.124103]  ? __lock_is_held+0xb6/0x140
[   25.128140]  ? tun_get+0x1d4/0x2e0
[   25.131648]  ? tun_do_read+0x2600/0x2600
[   25.135681]  ? __check_object_size+0x8b/0x530
[   25.140150]  ? rcu_note_context_switch+0x710/0x710
[   25.145065]  tun_chr_write_iter+0xb9/0x160
[   25.149271]  do_iter_readv_writev+0x525/0x7f0
[   25.153739]  ? vfs_dedupe_file_range+0x8f0/0x8f0
[   25.158462]  ? rw_verify_area+0xe5/0x2b0
[   25.162499]  do_iter_write+0x154/0x540
[   25.166358]  ? dup_iter+0x260/0x260
[   25.169955]  vfs_writev+0x18a/0x340
[   25.173548]  ? __fget_light+0x297/0x380
[   25.177490]  ? vfs_iter_write+0xb0/0xb0
[   25.181434]  ? up_read+0x1a/0x40
[   25.184769]  ? __do_page_fault+0x3d6/0xc90
[   25.188973]  ? mm_fault_error+0x2c0/0x2c0
[   25.193093]  ? __fdget_pos+0x130/0x190
[   25.196949]  ? __fdget_raw+0x20/0x20
[   25.200631]  ? __do_page_fault+0xc90/0xc90
[   25.204837]  do_writev+0xfc/0x2a0
[   25.208258]  ? do_writev+0xfc/0x2a0
[   25.211864]  ? vfs_writev+0x340/0x340
[   25.215636]  ? entry_SYSCALL_64_fastpath+0x5/0xa0
[   25.220449]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   25.225433]  SyS_writev+0x27/0x30
[   25.228855]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   25.233577] RIP: 0033:0x444f50
[   25.236745] RSP: 002b:00007fff4f669868 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   25.244421] RAX: ffffffffffffffda RBX: 00000000004a6852 RCX: 0000000000444f50
[   25.251663] RDX: 0000000000000001 RSI: 00007fff4f6698a0 RDI: 0000000000000003
[   25.258902] RBP: 00007fff4f669998 R08: 0000000000000023 R09: 0000000000000000
[   25.266144] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff4f669998
[   25.273392] R13: 0000000000402520 R14: 0000000000000000 R15: 0000000000000000
[