[....] Starting enhanced syslogd: rsyslogd[ 13.380443] audit: type=1400 audit(1515862691.374:5): avc: denied { syslog } for pid=3505 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Starting mcstransd:
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 19.885756] audit: type=1400 audit(1515862697.879:6): avc: denied { map } for pid=3646 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
[ 26.138050] audit: type=1400 audit(1515862704.131:7): avc: denied { map } for pid=3660 comm="syzkaller397540" path="/root/syzkaller397540375" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[ 26.518217] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
[ 26.843486]
[ 26.845121] ============================================
[ 26.850532] WARNING: possible recursive locking detected
[ 26.855946] 4.15.0-rc7+ #187 Not tainted
[ 26.859967] --------------------------------------------
[ 26.865396] syzkaller397540/3660 is trying to acquire lock:
[ 26.871066] (_xmit_ETHER#2){+.-.}, at: [<00000000f9d3fe4e>] sch_direct_xmit+0x361/0x1140
[ 26.879354]
[ 26.879354] but task is already holding lock:
[ 26.885285] (_xmit_ETHER#2){+.-.}, at: [<00000000f9d3fe4e>] sch_direct_xmit+0x361/0x1140
[ 26.893568]
[ 26.893568] other info that might help us debug this:
[ 26.900194] Possible unsafe locking scenario:
[ 26.900194]
[ 26.906212] CPU0
[ 26.908757] ----
[ 26.911301] lock(_xmit_ETHER#2);
[ 26.914813] lock(_xmit_ETHER#2);
[ 26.918317]
[ 26.918317] *** DEADLOCK ***
[ 26.918317]
[ 26.924337] May be due to missing lock nesting notation
[ 26.924337]
[ 26.931228] 8 locks held by syzkaller397540/3660:
[ 26.936031] #0: (&tfile->napi_mutex){+.+.}, at: [<0000000074031e79>] tun_get_user+0xe6c/0x3940
[ 26.944955] #1: (rcu_read_lock){....}, at: [<00000000018bd884>] netif_receive_skb_internal+0xa2/0x670
[ 26.954457] #2: (k-slock-AF_INET){+...}, at: [<000000006c9689ca>] icmp_send+0x758/0x19b0
[ 26.962835] #3: (rcu_read_lock_bh){....}, at: [<0000000008d1d1e5>] ip_finish_output2+0x2aa/0x14f0
[ 26.971993] #4: (rcu_read_lock_bh){....}, at: [<00000000271e2cd2>] __dev_queue_xmit+0x2d8/0x2b50
[ 26.981070] #5: (_xmit_ETHER#2){+.-.}, at: [<00000000f9d3fe4e>] sch_direct_xmit+0x361/0x1140
[ 26.989793] #6: (rcu_read_lock_bh){....}, at: [<0000000008d1d1e5>] ip_finish_output2+0x2aa/0x14f0
[ 26.998944] #7: (rcu_read_lock_bh){....}, at: [<00000000271e2cd2>] __dev_queue_xmit+0x2d8/0x2b50
[ 27.008013]
[ 27.008013] stack backtrace:
[ 27.012479] CPU: 1 PID: 3660 Comm: syzkaller397540 Not tainted 4.15.0-rc7+ #187
[ 27.019893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 27.029210] Call Trace:
[ 27.031765] dump_stack+0x194/0x257
[ 27.035360] ? arch_local_irq_restore+0x53/0x53
[ 27.039996] __lock_acquire+0xe8f/0x3e00
[ 27.044040] ? print_lockdep_cache.isra.31+0x109/0x109
[ 27.049293] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 27.054456] ? __kernel_text_address+0xd/0x40
[ 27.058917] ? __save_stack_trace+0x7e/0xd0
[ 27.063204] ? print_lockdep_cache.isra.31+0x109/0x109
[ 27.068446] ? save_stack_trace+0x1a/0x20
[ 27.072558] ? save_trace+0xe0/0x2b0
[ 27.076241] ? __lock_acquire+0x36c0/0x3e00
[ 27.080533] ? skb_network_protocol+0xef/0x4b0
[ 27.085081] ? check_noncircular+0x20/0x20
[ 27.089280] ? netif_skb_features+0x5ff/0x9b0
[ 27.093740] ? dev_get_by_index_rcu+0x320/0x320
[ 27.098372] ? __skb_gso_segment+0x810/0x810
[ 27.102747] lock_acquire+0x1d5/0x580
[ 27.106512] ? lock_acquire+0x1d5/0x580
[ 27.110451] ? sch_direct_xmit+0x361/0x1140
[ 27.114745] ? validate_xmit_skb+0x50d/0xaf0
[ 27.119119] ? lock_release+0xa40/0xa40
[ 27.123057] ? netif_skb_features+0x9b0/0x9b0
[ 27.127515] ? pfifo_fast_dequeue+0x20e/0x870
[ 27.131976] _raw_spin_lock+0x2a/0x40
[ 27.135741] ? sch_direct_xmit+0x361/0x1140
[ 27.140027] sch_direct_xmit+0x361/0x1140
[ 27.144140] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 27.149119] ? pfifo_fast_reset+0x490/0x490
[ 27.153403] ? __lock_is_held+0xb6/0x140
[ 27.157429] __qdisc_run+0x57d/0x19c0
[ 27.161194] ? sch_direct_xmit+0x1140/0x1140
[ 27.165567] ? lock_release+0xa40/0xa40
[ 27.169507] ? __dev_queue_xmit+0x2d8/0x2b50
[ 27.173887] ? pfifo_fast_enqueue+0x2a0/0x420
[ 27.178346] __dev_queue_xmit+0xb62/0x2b50
[ 27.182547] ? netdev_pick_tx+0x300/0x300
[ 27.186672] ? check_noncircular+0x20/0x20
[ 27.190870] ? __local_bh_enable_ip+0x121/0x230
[ 27.195501] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 27.200482] ? __neigh_create+0x1657/0x1d90
[ 27.204773] ? __local_bh_enable_ip+0x121/0x230
[ 27.209407] ? _raw_write_unlock_bh+0x30/0x40
[ 27.213865] ? __neigh_create+0xc06/0x1d90
[ 27.218066] ? print_irqtrace_events+0x270/0x270
[ 27.222789] ? ip_finish_output2+0x8c6/0x14f0
[ 27.227246] ? lock_downgrade+0x980/0x980
[ 27.231359] ? lock_release+0xa40/0xa40
[ 27.235295] ? mark_held_locks+0xaf/0x100
[ 27.239409] ? memcpy+0x45/0x50
[ 27.242653] dev_queue_xmit+0x17/0x20
[ 27.246419] ? dev_queue_xmit+0x17/0x20
[ 27.250355] neigh_resolve_output+0x5e2/0xa00
[ 27.254819] ? ether_setup+0x2d0/0x2d0
[ 27.258671] ? __neigh_event_send+0x1040/0x1040
[ 27.263304] ? ip_finish_output+0x864/0xd10
[ 27.267587] ? ip_mc_output+0x271/0x1350
[ 27.271610] ? ip_local_out+0x95/0x160
[ 27.275460] ip_finish_output2+0x8c6/0x14f0
[ 27.279747] ? mark_held_locks+0x10/0x100
[ 27.283865] ? ip_copy_metadata+0xac0/0xac0
[ 27.288151] ? check_noncircular+0x20/0x20
[ 27.292358] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 27.297337] ? ipt_do_table+0xd0a/0x1330
[ 27.301361] ? trace_hardirqs_on+0xd/0x10
[ 27.305472] ? __local_bh_enable_ip+0x121/0x230
[ 27.310103] ? ipt_do_table+0xd75/0x1330
[ 27.314129] ? ipv4_mtu+0x347/0x4c0
[ 27.317720] ? rt_cpu_seq_show+0x2c0/0x2c0
[ 27.321921] ? find_held_lock+0x35/0x1d0
[ 27.325949] ip_finish_output+0x864/0xd10
[ 27.330059] ? ip_finish_output+0x864/0xd10
[ 27.334349] ? ip_fragment.constprop.47+0x200/0x200
[ 27.339328] ? iptable_mangle_hook+0xaf/0x4a0
[ 27.343791] ? nf_hook_slow+0xd3/0x1a0
[ 27.347643] ip_mc_output+0x271/0x1350
[ 27.351511] ? ip_queue_xmit+0x18e0/0x18e0
[ 27.355713] ? lock_downgrade+0x980/0x980
[ 27.359827] ? nf_hook_slow+0xd3/0x1a0
[ 27.363680] ? __ip_local_out+0x494/0x7a0
[ 27.367791] ? ip_copy_addrs+0xe0/0xe0
[ 27.371644] ? skb_copy_ubufs+0x1910/0x1910
[ 27.375931] ? ip_fragment.constprop.47+0x200/0x200
[ 27.380912] ? __ip_select_ident+0x168/0x270
[ 27.385283] ? ip_idents_reserve+0x2a0/0x2a0
[ 27.389654] ip_local_out+0x95/0x160
[ 27.393335] iptunnel_xmit+0x556/0x810
[ 27.397187] ip_tunnel_xmit+0x1780/0x3650
[ 27.401300] ? ip_md_tunnel_xmit+0x14d0/0x14d0
[ 27.405845] ? lock_downgrade+0x980/0x980
[ 27.409958] ? pvclock_read_flags+0x160/0x160
[ 27.414421] ? mark_held_locks+0xaf/0x100
[ 27.418534] ? ktime_get_with_offset+0x188/0x420
[ 27.423256] ? kvm_clock_get_cycles+0x25/0x30
[ 27.427716] ? do_gettimeofday+0x190/0x190
[ 27.431921] __gre_xmit+0x546/0x8b0
[ 27.435515] erspan_xmit+0x7eb/0x2430
[ 27.439279] ? gretap_fb_dev_create+0x250/0x250
[ 27.443912] ? __lock_is_held+0xb6/0x140
[ 27.447945] dev_hard_start_xmit+0x24e/0xac0
[ 27.452317] ? validate_xmit_skb_list+0x120/0x120
[ 27.457129] ? __skb_gso_segment+0x810/0x810
[ 27.461502] ? lock_acquire+0x1d5/0x580
[ 27.465440] ? lock_acquire+0x1d5/0x580
[ 27.469379] ? sch_direct_xmit+0x361/0x1140
[ 27.473663] ? validate_xmit_skb+0x50d/0xaf0
[ 27.478039] ? lock_release+0xa40/0xa40
[ 27.481978] ? netif_skb_features+0x9b0/0x9b0
[ 27.486447] ? pfifo_fast_dequeue+0x20e/0x870
[ 27.490913] sch_direct_xmit+0x40d/0x1140
[ 27.495030] ? pfifo_fast_reset+0x490/0x490
[ 27.499316] ? __lock_is_held+0xb6/0x140
[ 27.503342] __qdisc_run+0x57d/0x19c0
[ 27.507109] ? sch_direct_xmit+0x1140/0x1140
[ 27.511482] ? lock_release+0xa40/0xa40
[ 27.515420] ? __dev_queue_xmit+0x2d8/0x2b50
[ 27.519796] ? pfifo_fast_enqueue+0x2a0/0x420
[ 27.524257] __dev_queue_xmit+0xb62/0x2b50
[ 27.528460] ? netdev_pick_tx+0x300/0x300
[ 27.532574] ? find_held_lock+0x35/0x1d0
[ 27.536603] ? lock_downgrade+0x980/0x980
[ 27.540718] ? check_noncircular+0x20/0x20
[ 27.544919] ? __local_bh_enable_ip+0x121/0x230
[ 27.549552] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 27.554541] ? __neigh_create+0x1657/0x1d90
[ 27.558829] ? __local_bh_enable_ip+0x121/0x230
[ 27.563464] ? _raw_write_unlock_bh+0x30/0x40
[ 27.567923] ? __neigh_create+0xc06/0x1d90
[ 27.572126] ? print_irqtrace_events+0x270/0x270
[ 27.576863] ? ip_finish_output2+0x8c6/0x14f0
[ 27.581323] ? lock_downgrade+0x980/0x980
[ 27.585435] ? lock_release+0xa40/0xa40
[ 27.589372] ? mark_held_locks+0xaf/0x100
[ 27.593488] ? memcpy+0x45/0x50
[ 27.596740] dev_queue_xmit+0x17/0x20
[ 27.600506] ? dev_queue_xmit+0x17/0x20
[ 27.604458] neigh_resolve_output+0x5e2/0xa00
[ 27.608917] ? ether_setup+0x2d0/0x2d0
[ 27.612777] ? __neigh_event_send+0x1040/0x1040
[ 27.617422] ? tun_get_user+0x2760/0x3940
[ 27.621534] ? tun_chr_write_iter+0xb9/0x160
[ 27.625912] ? do_iter_readv_writev+0x525/0x7f0
[ 27.630552] ip_finish_output2+0x8c6/0x14f0
[ 27.634839] ? mark_held_locks+0x10/0x100
[ 27.638961] ? ip_copy_metadata+0xac0/0xac0
[ 27.643244] ? check_noncircular+0x20/0x20
[ 27.647441] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 27.652423] ? ipt_do_table+0xd0a/0x1330
[ 27.656454] ? trace_hardirqs_on+0xd/0x10
[ 27.660566] ? __local_bh_enable_ip+0x121/0x230
[ 27.665198] ? ipt_do_table+0xd75/0x1330
[ 27.669227] ? ipv4_mtu+0x347/0x4c0
[ 27.672825] ? rt_cpu_seq_show+0x2c0/0x2c0
[ 27.677031] ? find_held_lock+0x35/0x1d0
[ 27.681067] ip_finish_output+0x864/0xd10
[ 27.685181] ? ip_finish_output+0x864/0xd10
[ 27.689467] ? ip_fragment.constprop.47+0x200/0x200
[ 27.694452] ? iptable_mangle_hook+0xaf/0x4a0
[ 27.698918] ? nf_hook_slow+0xd3/0x1a0
[ 27.702773] ip_mc_output+0x271/0x1350
[ 27.706636] ? ip_queue_xmit+0x18e0/0x18e0
[ 27.710858] ? lock_downgrade+0x980/0x980
[ 27.715001] ? nf_hook_slow+0xd3/0x1a0
[ 27.718871] ? __ip_local_out+0x494/0x7a0
[ 27.723009] ? ip_copy_addrs+0xe0/0xe0
[ 27.726873] ? dst_release+0x3a/0x90
[ 27.730561] ? __ip_make_skb+0xfd1/0x1850
[ 27.734681] ? ip_fragment.constprop.47+0x200/0x200
[ 27.739665] ip_local_out+0x95/0x160
[ 27.743345] ip_send_skb+0x3c/0xc0
[ 27.746856] ip_push_pending_frames+0x64/0x80
[ 27.751327] icmp_push_reply+0x395/0x4f0
[ 27.755366] icmp_send+0x1136/0x19b0
[ 27.759055] ? icmp_route_lookup.constprop.24+0x1360/0x1360
[ 27.764732] ? check_noncircular+0x20/0x20
[ 27.768966] ? __lock_acquire+0x664/0x3e00
[ 27.773169] ? __debug_object_init+0x235/0x1040
[ 27.777814] ? __is_insn_slot_addr+0x1fc/0x330
[ 27.782369] ? find_held_lock+0x35/0x1d0
[ 27.786398] ? lock_downgrade+0x980/0x980
[ 27.790515] ? lock_release+0xa40/0xa40
[ 27.794457] ip_options_compile+0xc21/0x1a50
[ 27.798833] ? ip_forward+0x1cd0/0x1cd0
[ 27.802776] ? ip_route_input_rcu+0x3180/0x3180
[ 27.807414] ip_rcv_finish+0x80f/0x1e30
[ 27.811361] ? inet_del_offload+0x40/0x40
[ 27.815472] ? ip_rcv+0xf22/0x1840
[ 27.818980] ? lock_downgrade+0x980/0x980
[ 27.823903] ? nf_nat_ipv4_in+0x1cd/0x270
[ 27.828020] ? iptable_nat_ipv4_fn+0x40/0x40
[ 27.832408] ? nf_hook_slow+0xd3/0x1a0
[ 27.836264] ip_rcv+0xc5a/0x1840
[ 27.839600] ? ip_local_deliver+0x6e0/0x6e0
[ 27.843890] ? inet_del_offload+0x40/0x40
[ 27.848003] ? ip_local_deliver+0x6e0/0x6e0
[ 27.852306] __netif_receive_skb_core+0x1a41/0x3460
[ 27.857288] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 27.862445] ? nf_ingress+0x9f0/0x9f0
[ 27.866215] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 27.871369] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 27.876523] ? check_noncircular+0x20/0x20
[ 27.880724] ? check_noncircular+0x20/0x20
[ 27.884925] ? lock_release+0xa40/0xa40
[ 27.888870] ? _raw_spin_unlock_irqrestore+0x31/0xba
[ 27.893942] ? print_irqtrace_events+0x270/0x270
[ 27.898666] ? lock_downgrade+0x980/0x980
[ 27.902781] ? pvclock_read_flags+0x160/0x160
[ 27.907240] ? mark_held_locks+0xaf/0x100
[ 27.911352] ? lock_acquire+0x1d5/0x580
[ 27.915288] ? lock_acquire+0x1d5/0x580
[ 27.919227] ? netif_receive_skb_internal+0xa2/0x670
[ 27.924298] ? ktime_get_with_offset+0x2c1/0x420
[ 27.929193] ? lock_release+0xa40/0xa40
[ 27.933136] ? do_gettimeofday+0x190/0x190
[ 27.937338] __netif_receive_skb+0x2c/0x1b0
[ 27.941624] ? __netif_receive_skb+0x2c/0x1b0
[ 27.946087] netif_receive_skb_internal+0x10b/0x670
[ 27.951078] ? dev_cpu_dead+0xb00/0xb00
[ 27.955027] ? net_rx_action+0x1910/0x1910
[ 27.959224] ? eth_type_trans+0x2b2/0x710
[ 27.963335] ? eth_gro_receive+0x820/0x820
[ 27.967536] napi_gro_frags+0x58a/0xaf0
[ 27.971480] ? napi_gro_receive+0x500/0x500
[ 27.975774] ? tun_get_user+0x2737/0x3940
[ 27.979888] tun_get_user+0x2760/0x3940
[ 27.983833] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 27.988989] ? do_huge_pmd_anonymous_page+0xb21/0x1b00
[ 27.994242] ? tun_build_skb.isra.49+0x1810/0x1810
[ 27.999145] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 28.004301] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 28.009460] ? find_held_lock+0x35/0x1d0
[ 28.013490] ? tun_get+0x1ab/0x2e0
[ 28.016996] ? lock_release+0xa40/0xa40
[ 28.020939] ? __lock_is_held+0xb6/0x140
[ 28.024965] ? tun_get+0x1d4/0x2e0
[ 28.028471] ? tun_do_read+0x2600/0x2600
[ 28.032496] ? __check_object_size+0x25d/0x4f0
[ 28.037041] ? rcu_note_context_switch+0x710/0x710
[ 28.041937] tun_chr_write_iter+0xb9/0x160
[ 28.046137] do_iter_readv_writev+0x525/0x7f0
[ 28.050600] ? vfs_dedupe_file_range+0x8f0/0x8f0
[ 28.055324] ? rw_verify_area+0xe5/0x2b0
[ 28.059354] do_iter_write+0x154/0x540
[ 28.063219] ? dup_iter+0x260/0x260
[ 28.066826] vfs_writev+0x18a/0x340
[ 28.070423] ? __fget_light+0x297/0x380
[ 28.074364] ? vfs_iter_write+0xb0/0xb0
[ 28.078301] ? up_read+0x1a/0x40
[ 28.081636] ? __do_page_fault+0x3d6/0xc90
[ 28.085837] ? mm_fault_error+0x2c0/0x2c0
[ 28.089951] ? __fdget_pos+0x130/0x190
[ 28.093801] ? __fdget_raw+0x20/0x20
[ 28.097478] ? __do_page_fault+0xc90/0xc90
[ 28.101676] do_writev+0xfc/0x2a0
[ 28.105093] ? do_writev+0xfc/0x2a0
[ 28.108684] ? vfs_writev+0x340/0x340
[ 28.112456] ? entry_SYSCALL_64_fastpath+0x5/0x9a
[ 28.117276] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 28.122264] SyS_writev+0x27/0x30
[ 28.125684] entry_SYSCALL_64_fastpath+0x23/0x9a
[ 28.130415] RIP: 0033:0x444f50
[ 28.133571] RSP: 002b:00007ffd438c8fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 28.141241] RAX: ffffffffffffffda RBX: 00000000004a6852 RCX: 0000000000444f50
[ 28.1484