[....] Starting enhanced syslogd: rsyslogd[ 12.599807] audit: type=1400 audit(1515863991.816:5): avc: denied { syslog } for pid=3500 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Starting mcstransd:
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 19.545809] audit: type=1400 audit(1515863998.762:6): avc: denied { map } for pid=3641 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.2' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
[ 25.755492] audit: type=1400 audit(1515864004.972:7): avc: denied { map } for pid=3655 comm="syzkaller933393" path="/root/syzkaller933393991" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[ 26.140644] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
[ 26.484294]
[ 26.485936] ============================================
[ 26.491352] WARNING: possible recursive locking detected
[ 26.496770] 4.15.0-rc7+ #187 Not tainted
[ 26.500799] --------------------------------------------
[ 26.506215] syzkaller933393/3655 is trying to acquire lock:
[ 26.511890] (_xmit_ETHER#2){+.-.}, at: [<00000000b0458497>] sch_direct_xmit+0x361/0x1140
[ 26.520186]
[ 26.520186] but task is already holding lock:
[ 26.526123] (_xmit_ETHER#2){+.-.}, at: [<00000000b0458497>] sch_direct_xmit+0x361/0x1140
[ 26.534449]
[ 26.534449] other info that might help us debug this:
[ 26.541091] Possible unsafe locking scenario:
[ 26.541091]
[ 26.547115] CPU0
[ 26.549665] ----
[ 26.552213] lock(_xmit_ETHER#2);
[ 26.555722] lock(_xmit_ETHER#2);
[ 26.559230]
[ 26.559230] *** DEADLOCK ***
[ 26.559230]
[ 26.565260] May be due to missing lock nesting notation
[ 26.565260]
[ 26.572158] 8 locks held by syzkaller933393/3655:
[ 26.576967] #0: (&tfile->napi_mutex){+.+.}, at: [<00000000dbfb1cd0>] tun_get_user+0xe6c/0x3940
[ 26.585868] #1: (rcu_read_lock){....}, at: [<000000005a6b6a38>] netif_receive_skb_internal+0xa2/0x670
[ 26.595395] #2: (k-slock-AF_INET){+...}, at: [<00000000e26b5ebe>] icmp_send+0x758/0x19b0
[ 26.603787] #3: (rcu_read_lock_bh){....}, at: [<00000000a632d416>] ip_finish_output2+0x2aa/0x14f0
[ 26.612947] #4: (rcu_read_lock_bh){....}, at: [<000000008495645d>] __dev_queue_xmit+0x2d8/0x2b50
[ 26.622023] #5: (_xmit_ETHER#2){+.-.}, at: [<00000000b0458497>] sch_direct_xmit+0x361/0x1140
[ 26.630754] #6: (rcu_read_lock_bh){....}, at: [<00000000a632d416>] ip_finish_output2+0x2aa/0x14f0
[ 26.639912] #7: (rcu_read_lock_bh){....}, at: [<000000008495645d>] __dev_queue_xmit+0x2d8/0x2b50
[ 26.648982]
[ 26.648982] stack backtrace:
[ 26.653451] CPU: 1 PID: 3655 Comm: syzkaller933393 Not tainted 4.15.0-rc7+ #187
[ 26.664251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 26.673576] Call Trace:
[ 26.676138] dump_stack+0x194/0x257
[ 26.679740] ? arch_local_irq_restore+0x53/0x53
[ 26.684384] __lock_acquire+0xe8f/0x3e00
[ 26.688417] ? print_lockdep_cache.isra.31+0x109/0x109
[ 26.693673] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 26.698837] ? __kernel_text_address+0xd/0x40
[ 26.703302] ? unwind_get_return_address+0x61/0xa0
[ 26.708205] ? __save_stack_trace+0x7e/0xd0
[ 26.712509] ? print_lockdep_cache.isra.31+0x109/0x109
[ 26.717757] ? save_stack_trace+0x1a/0x20
[ 26.721877] ? save_trace+0xe0/0x2b0
[ 26.725565] ? __lock_acquire+0x36c0/0x3e00
[ 26.729858] ? skb_network_protocol+0xef/0x4b0
[ 26.734420] ? check_noncircular+0x20/0x20
[ 26.738625] ? netif_skb_features+0x5ff/0x9b0
[ 26.743092] ? dev_get_by_index_rcu+0x320/0x320
[ 26.747732] ? __skb_gso_segment+0x810/0x810
[ 26.752120] lock_acquire+0x1d5/0x580
[ 26.755894] ? lock_acquire+0x1d5/0x580
[ 26.759843] ? sch_direct_xmit+0x361/0x1140
[ 26.764139] ? validate_xmit_skb+0x50d/0xaf0
[ 26.768519] ? lock_release+0xa40/0xa40
[ 26.772462] ? netif_skb_features+0x9b0/0x9b0
[ 26.776930] ? pfifo_fast_dequeue+0x20e/0x870
[ 26.781400] _raw_spin_lock+0x2a/0x40
[ 26.785169] ? sch_direct_xmit+0x361/0x1140
[ 26.789460] sch_direct_xmit+0x361/0x1140
[ 26.793579] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 26.798566] ? pfifo_fast_reset+0x490/0x490
[ 26.802858] ? __lock_is_held+0xb6/0x140
[ 26.806891] __qdisc_run+0x57d/0x19c0
[ 26.810666] ? sch_direct_xmit+0x1140/0x1140
[ 26.815053] ? lock_release+0xa40/0xa40
[ 26.818998] ? __dev_queue_xmit+0x2d8/0x2b50
[ 26.823385] ? pfifo_fast_enqueue+0x2a0/0x420
[ 26.827851] __dev_queue_xmit+0xb62/0x2b50
[ 26.832059] ? netdev_pick_tx+0x300/0x300
[ 26.836180] ? find_held_lock+0x35/0x1d0
[ 26.840216] ? lock_downgrade+0x980/0x980
[ 26.844336] ? check_noncircular+0x20/0x20
[ 26.848543] ? __local_bh_enable_ip+0x121/0x230
[ 26.853184] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 26.858171] ? __neigh_create+0x1657/0x1d90
[ 26.862465] ? __local_bh_enable_ip+0x121/0x230
[ 26.867109] ? _raw_write_unlock_bh+0x30/0x40
[ 26.871580] ? __neigh_create+0xc06/0x1d90
[ 26.875790] ? print_irqtrace_events+0x270/0x270
[ 26.880529] ? ip_finish_output2+0x8c6/0x14f0
[ 26.884998] ? lock_downgrade+0x980/0x980
[ 26.889127] ? lock_release+0xa40/0xa40
[ 26.893074] ? mark_held_locks+0xaf/0x100
[ 26.897198] ? memcpy+0x45/0x50
[ 26.900453] dev_queue_xmit+0x17/0x20
[ 26.904227] ? dev_queue_xmit+0x17/0x20
[ 26.908174] neigh_resolve_output+0x5e2/0xa00
[ 26.912641] ? ether_setup+0x2d0/0x2d0
[ 26.916509] ? __neigh_event_send+0x1040/0x1040
[ 26.921150] ? ip_finish_output+0x864/0xd10
[ 26.925442] ? ip_mc_output+0x271/0x1350
[ 26.929482] ? ip_local_out+0x95/0x160
[ 26.933343] ip_finish_output2+0x8c6/0x14f0
[ 26.937639] ? ip_copy_metadata+0xac0/0xac0
[ 26.941932] ? check_noncircular+0x20/0x20
[ 26.946137] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 26.951140] ? ipt_do_table+0xd0a/0x1330
[ 26.955175] ? trace_hardirqs_on+0xd/0x10
[ 26.959295] ? __local_bh_enable_ip+0x121/0x230
[ 26.963944] ? ipt_do_table+0xd75/0x1330
[ 26.967981] ? ipv4_mtu+0x347/0x4c0
[ 26.971582] ? rt_cpu_seq_show+0x2c0/0x2c0
[ 26.975791] ? find_held_lock+0x35/0x1d0
[ 26.979830] ip_finish_output+0x864/0xd10
[ 26.983949] ? ip_finish_output+0x864/0xd10
[ 26.988243] ? ip_fragment.constprop.47+0x200/0x200
[ 26.993228] ? iptable_mangle_hook+0xaf/0x4a0
[ 26.997696] ? nf_hook_slow+0xd3/0x1a0
[ 27.001555] ip_mc_output+0x271/0x1350
[ 27.005417] ? ip_queue_xmit+0x18e0/0x18e0
[ 27.009633] ? lock_downgrade+0x980/0x980
[ 27.013763] ? nf_hook_slow+0xd3/0x1a0
[ 27.017621] ? __ip_local_out+0x494/0x7a0
[ 27.021738] ? ip_copy_addrs+0xe0/0xe0
[ 27.025598] ? skb_copy_ubufs+0x1910/0x1910
[ 27.029892] ? ip_fragment.constprop.47+0x200/0x200
[ 27.034881] ? __ip_select_ident+0x168/0x270
[ 27.039260] ? ip_idents_reserve+0x2a0/0x2a0
[ 27.043647] ip_local_out+0x95/0x160
[ 27.047334] iptunnel_xmit+0x556/0x810
[ 27.051194] ip_tunnel_xmit+0x1780/0x3650
[ 27.055315] ? ip_md_tunnel_xmit+0x14d0/0x14d0
[ 27.059871] ? lock_downgrade+0x980/0x980
[ 27.063993] ? pvclock_read_flags+0x160/0x160
[ 27.068466] ? mark_held_locks+0xaf/0x100
[ 27.072586] ? ktime_get_with_offset+0x188/0x420
[ 27.077319] ? kvm_clock_get_cycles+0x25/0x30
[ 27.081786] ? do_gettimeofday+0x190/0x190
[ 27.085993] __gre_xmit+0x546/0x8b0
[ 27.089595] erspan_xmit+0x7eb/0x2430
[ 27.093365] ? gretap_fb_dev_create+0x250/0x250
[ 27.098021] ? __lock_is_held+0xb6/0x140
[ 27.102061] dev_hard_start_xmit+0x24e/0xac0
[ 27.106451] ? validate_xmit_skb_list+0x120/0x120
[ 27.111264] ? __skb_gso_segment+0x810/0x810
[ 27.115643] ? lock_acquire+0x1d5/0x580
[ 27.119596] ? lock_acquire+0x1d5/0x580
[ 27.123539] ? sch_direct_xmit+0x361/0x1140
[ 27.127833] ? validate_xmit_skb+0x50d/0xaf0
[ 27.132214] ? lock_release+0xa40/0xa40
[ 27.136162] ? netif_skb_features+0x9b0/0x9b0
[ 27.140628] ? pfifo_fast_dequeue+0x20e/0x870
[ 27.145095] sch_direct_xmit+0x40d/0x1140
[ 27.149224] ? pfifo_fast_reset+0x490/0x490
[ 27.153520] ? __lock_is_held+0xb6/0x140
[ 27.157556] __qdisc_run+0x57d/0x19c0
[ 27.161331] ? sch_direct_xmit+0x1140/0x1140
[ 27.165710] ? lock_release+0xa40/0xa40
[ 27.169657] ? __dev_queue_xmit+0x2d8/0x2b50
[ 27.174042] ? pfifo_fast_enqueue+0x2a0/0x420
[ 27.178521] __dev_queue_xmit+0xb62/0x2b50
[ 27.182736] ? netdev_pick_tx+0x300/0x300
[ 27.186864] ? find_held_lock+0x35/0x1d0
[ 27.190899] ? lock_downgrade+0x980/0x980
[ 27.195025] ? check_noncircular+0x20/0x20
[ 27.199245] ? __local_bh_enable_ip+0x121/0x230
[ 27.203886] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 27.208886] ? __neigh_create+0x1657/0x1d90
[ 27.213189] ? __local_bh_enable_ip+0x121/0x230
[ 27.217839] ? _raw_write_unlock_bh+0x30/0x40
[ 27.222308] ? __neigh_create+0xc06/0x1d90
[ 27.226526] ? print_irqtrace_events+0x270/0x270
[ 27.231253] ? ip_finish_output2+0x8c6/0x14f0
[ 27.235719] ? lock_downgrade+0x980/0x980
[ 27.239837] ? lock_release+0xa40/0xa40
[ 27.243781] ? mark_held_locks+0xaf/0x100
[ 27.247912] ? memcpy+0x45/0x50
[ 27.251172] dev_queue_xmit+0x17/0x20
[ 27.254945] ? dev_queue_xmit+0x17/0x20
[ 27.258891] neigh_resolve_output+0x5e2/0xa00
[ 27.263356] ? ether_setup+0x2d0/0x2d0
[ 27.267214] ? __neigh_event_send+0x1040/0x1040
[ 27.271854] ? tun_get_user+0x2760/0x3940
[ 27.275971] ? tun_chr_write_iter+0xb9/0x160
[ 27.280352] ? do_iter_readv_writev+0x525/0x7f0
[ 27.284993] ip_finish_output2+0x8c6/0x14f0
[ 27.289290] ? mark_held_locks+0x10/0x100
[ 27.293409] ? ip_copy_metadata+0xac0/0xac0
[ 27.297702] ? check_noncircular+0x20/0x20
[ 27.301907] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 27.306896] ? ipt_do_table+0xd0a/0x1330
[ 27.310930] ? trace_hardirqs_on+0xd/0x10
[ 27.315054] ? __local_bh_enable_ip+0x121/0x230
[ 27.319695] ? ipt_do_table+0xd75/0x1330
[ 27.323747] ? ipv4_mtu+0x347/0x4c0
[ 27.327346] ? rt_cpu_seq_show+0x2c0/0x2c0
[ 27.332143] ? find_held_lock+0x35/0x1d0
[ 27.336185] ip_finish_output+0x864/0xd10
[ 27.340306] ? ip_finish_output+0x864/0xd10
[ 27.344601] ? ip_fragment.constprop.47+0x200/0x200
[ 27.349588] ? iptable_mangle_hook+0xaf/0x4a0
[ 27.354057] ? nf_hook_slow+0xd3/0x1a0
[ 27.357916] ip_mc_output+0x271/0x1350
[ 27.361775] ? ip_queue_xmit+0x18e0/0x18e0
[ 27.365995] ? lock_downgrade+0x980/0x980
[ 27.370120] ? nf_hook_slow+0xd3/0x1a0
[ 27.373977] ? __ip_local_out+0x494/0x7a0
[ 27.378100] ? ip_copy_addrs+0xe0/0xe0
[ 27.381959] ? dst_release+0x3a/0x90
[ 27.385645] ? __ip_make_skb+0xfd1/0x1850
[ 27.389774] ? ip_fragment.constprop.47+0x200/0x200
[ 27.394771] ip_local_out+0x95/0x160
[ 27.398458] ip_send_skb+0x3c/0xc0
[ 27.401976] ip_push_pending_frames+0x64/0x80
[ 27.406444] icmp_push_reply+0x395/0x4f0
[ 27.410478] icmp_send+0x1136/0x19b0
[ 27.414167] ? icmp_route_lookup.constprop.24+0x1360/0x1360
[ 27.419857] ? check_noncircular+0x20/0x20
[ 27.424064] ? __lock_acquire+0x664/0x3e00
[ 27.428275] ? __debug_object_init+0x235/0x1040
[ 27.432916] ? __is_insn_slot_addr+0x1fc/0x330
[ 27.437472] ? find_held_lock+0x35/0x1d0
[ 27.441506] ? lock_downgrade+0x980/0x980
[ 27.445625] ? lock_release+0xa40/0xa40
[ 27.449570] ip_options_compile+0xc21/0x1a50
[ 27.453950] ? ip_forward+0x1cd0/0x1cd0
[ 27.457899] ? ip_route_input_rcu+0x3180/0x3180
[ 27.462550] ip_rcv_finish+0x80f/0x1e30
[ 27.466508] ? inet_del_offload+0x40/0x40
[ 27.470635] ? ip_rcv+0xf22/0x1840
[ 27.474163] ? lock_downgrade+0x980/0x980
[ 27.478285] ? nf_nat_ipv4_in+0x1cd/0x270
[ 27.482402] ? iptable_nat_ipv4_fn+0x40/0x40
[ 27.486788] ? nf_hook_slow+0xd3/0x1a0
[ 27.490648] ip_rcv+0xc5a/0x1840
[ 27.493987] ? ip_local_deliver+0x6e0/0x6e0
[ 27.498294] ? inet_del_offload+0x40/0x40
[ 27.502413] ? ip_local_deliver+0x6e0/0x6e0
[ 27.506710] __netif_receive_skb_core+0x1a41/0x3460
[ 27.511700] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 27.516861] ? nf_ingress+0x9f0/0x9f0
[ 27.520644] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 27.525804] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 27.530963] ? check_noncircular+0x20/0x20
[ 27.535168] ? check_noncircular+0x20/0x20
[ 27.539375] ? lock_release+0xa40/0xa40
[ 27.543322] ? _raw_spin_unlock_irqrestore+0x31/0xba
[ 27.548398] ? print_irqtrace_events+0x270/0x270
[ 27.553126] ? lock_downgrade+0x980/0x980
[ 27.557248] ? pvclock_read_flags+0x160/0x160
[ 27.561712] ? mark_held_locks+0xaf/0x100
[ 27.565833] ? lock_acquire+0x1d5/0x580
[ 27.569779] ? lock_acquire+0x1d5/0x580
[ 27.573726] ? netif_receive_skb_internal+0xa2/0x670
[ 27.578803] ? ktime_get_with_offset+0x2c1/0x420
[ 27.583528] ? lock_release+0xa40/0xa40
[ 27.587473] ? do_gettimeofday+0x190/0x190
[ 27.591681] __netif_receive_skb+0x2c/0x1b0
[ 27.595982] ? __netif_receive_skb+0x2c/0x1b0
[ 27.600452] netif_receive_skb_internal+0x10b/0x670
[ 27.605449] ? dev_cpu_dead+0xb00/0xb00
[ 27.609404] ? net_rx_action+0x1910/0x1910
[ 27.613611] ? eth_type_trans+0x2b2/0x710
[ 27.617730] ? eth_gro_receive+0x820/0x820
[ 27.621948] napi_gro_frags+0x58a/0xaf0
[ 27.625894] ? napi_gro_receive+0x500/0x500
[ 27.630192] ? tun_get_user+0x2737/0x3940
[ 27.634313] tun_get_user+0x2760/0x3940
[ 27.638266] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 27.643437] ? do_huge_pmd_anonymous_page+0xb21/0x1b00
[ 27.648692] ? tun_build_skb.isra.49+0x1810/0x1810
[ 27.653596] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 27.658765] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 27.663926] ? avc_has_extended_perms+0x12c0/0x12c0
[ 27.668915] ? find_held_lock+0x35/0x1d0
[ 27.672948] ? tun_get+0x1ab/0x2e0
[ 27.676459] ? lock_release+0xa40/0xa40
[ 27.680410] ? __lock_is_held+0xb6/0x140
[ 27.684453] ? tun_get+0x1d4/0x2e0
[ 27.687966] ? tun_do_read+0x2600/0x2600
[ 27.691998] ? __check_object_size+0x25d/0x4f0
[ 27.696557] ? rcu_note_context_switch+0x710/0x710
[ 27.701480] tun_chr_write_iter+0xb9/0x160
[ 27.705706] do_iter_readv_writev+0x525/0x7f0
[ 27.710192] ? vfs_dedupe_file_range+0x8f0/0x8f0
[ 27.714924] ? rw_verify_area+0xe5/0x2b0
[ 27.718959] do_iter_write+0x154/0x540
[ 27.722828] ? dup_iter+0x260/0x260
[ 27.726429] vfs_writev+0x18a/0x340
[ 27.730031] ? __fget_light+0x297/0x380
[ 27.733987] ? vfs_iter_write+0xb0/0xb0
[ 27.737946] ? up_read+0x1a/0x40
[ 27.741287] ? __do_page_fault+0x3d6/0xc90
[ 27.745494] ? mm_fault_error+0x2c0/0x2c0
[ 27.749625] ? __fdget_pos+0x130/0x190
[ 27.753485] ? __fdget_raw+0x20/0x20
[ 27.757170] ? __do_page_fault+0xc90/0xc90
[ 27.761379] do_writev+0xfc/0x2a0
[ 27.764803] ? do_writev+0xfc/0x2a0
[ 27.768402] ? vfs_writev+0x340/0x340
[ 27.772176] ? entry_SYSCALL_64_fastpath+0x5/0x9a
[ 27.776991] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 27.781982] SyS_writev+0x27/0x30
[ 27.785408] entry_SYSCALL_64_fastpath+0x23/0x9a
[ 27.790136] RIP: 0033:0x444f50
[ 27.793297] RSP: 002b:00007ffe39ff41a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 27.800976] RAX: ffffffffffffffda RBX: 00000000004a6852 RCX: 0000000000444f50
[ 27.808239] RDX: 0000000000000001 RSI: 00007ffe39ff41e0 RDI: 0000000000000003
[ 27.815480] RBP: 00007ffe39ff42d8 R08: 0000000000000023 R09: 0000000000000000
[ 27.822723] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe39ff42d8
[ 27.829968] R13: 0000000000402520 R14: 0000000000000000 R15: 0000000000000000
[