[....] Starting enhanced syslogd: rsyslogd[ 12.330788] audit: type=1400 audit(1515865363.704:5): avc: denied { syslog } for pid=3488 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Starting mcstransd:
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 17.095547] audit: type=1400 audit(1515865368.469:6): avc: denied { map } for pid=3628 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
[ 23.287344] audit: type=1400 audit(1515865374.660:7): avc: denied { map } for pid=3642 comm="syzkaller026001" path="/root/syzkaller026001399" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[ 23.624481] ip (3708) used greatest stack depth: 16768 bytes left
[ 23.656513] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
[ 23.976207]
[ 23.977845] ============================================
[ 23.983263] WARNING: possible recursive locking detected
[ 23.988681] 4.15.0-rc7-mm1+ #56 Not tainted
[ 23.992970] --------------------------------------------
[ 23.998387] syzkaller026001/3642 is trying to acquire lock:
[ 24.004063] (_xmit_ETHER#2){+.-.}, at: [<00000000338fb4c4>] sch_direct_xmit+0x361/0x1140
[ 24.012356]
[ 24.012356] but task is already holding lock:
[ 24.018299] (_xmit_ETHER#2){+.-.}, at: [<00000000338fb4c4>] sch_direct_xmit+0x361/0x1140
[ 24.026588]
[ 24.026588] other info that might help us debug this:
[ 24.033227] Possible unsafe locking scenario:
[ 24.033227]
[ 24.039271] CPU0
[ 24.041821] ----
[ 24.044372] lock(_xmit_ETHER#2);
[ 24.047879] lock(_xmit_ETHER#2);
[ 24.051389]
[ 24.051389] *** DEADLOCK ***
[ 24.051389]
[ 24.057413] May be due to missing lock nesting notation
[ 24.057413]
[ 24.064305] 8 locks held by syzkaller026001/3642:
[ 24.069111] #0: (&tfile->napi_mutex){+.+.}, at: [<00000000e12fe9ad>] tun_get_user+0xe6c/0x3940
[ 24.078014] #1: (rcu_read_lock){....}, at: [<00000000a1fd07aa>] netif_receive_skb_internal+0xa2/0x670
[ 24.087533] #2: (k-slock-AF_INET){+...}, at: [<00000000b0acae74>] icmp_send+0x758/0x19b0
[ 24.095914] #3: (rcu_read_lock_bh){....}, at: [<00000000cd57f86f>] ip_finish_output2+0x2aa/0x14f0
[ 24.105072] #4: (rcu_read_lock_bh){....}, at: [<000000006bd9fa77>] __dev_queue_xmit+0x2d8/0x2b50
[ 24.114141] #5: (_xmit_ETHER#2){+.-.}, at: [<00000000338fb4c4>] sch_direct_xmit+0x361/0x1140
[ 24.122878] #6: (rcu_read_lock_bh){....}, at: [<00000000cd57f86f>] ip_finish_output2+0x2aa/0x14f0
[ 24.132036] #7: (rcu_read_lock_bh){....}, at: [<000000006bd9fa77>] __dev_queue_xmit+0x2d8/0x2b50
[ 24.141105]
[ 24.141105] stack backtrace:
[ 24.145574] CPU: 0 PID: 3642 Comm: syzkaller026001 Not tainted 4.15.0-rc7-mm1+ #56
[ 24.153245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 24.162581] Call Trace:
[ 24.165141] dump_stack+0x194/0x257
[ 24.168746] ? arch_local_irq_restore+0x53/0x53
[ 24.173385] __lock_acquire+0xe8f/0x3e00
[ 24.177415] ? print_lockdep_cache.isra.31+0x109/0x109
[ 24.182666] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 24.187835] ? __kernel_text_address+0xd/0x40
[ 24.192303] ? unwind_get_return_address+0x61/0xa0
[ 24.197204] ? __save_stack_trace+0x7e/0xd0
[ 24.201497] ? print_lockdep_cache.isra.31+0x109/0x109
[ 24.206751] ? save_stack_trace+0x1a/0x20
[ 24.210867] ? save_trace+0xe0/0x2b0
[ 24.214553] ? __lock_acquire+0x36c0/0x3e00
[ 24.218847] ? skb_network_protocol+0xef/0x4b0
[ 24.223403] ? check_noncircular+0x20/0x20
[ 24.227608] ? netif_skb_features+0x5ff/0x9b0
[ 24.232072] ? dev_get_by_index_rcu+0x320/0x320
[ 24.236710] ? __skb_gso_segment+0x810/0x810
[ 24.241093] lock_acquire+0x1d5/0x580
[ 24.244864] ? lock_acquire+0x1d5/0x580
[ 24.248807] ? sch_direct_xmit+0x361/0x1140
[ 24.253099] ? validate_xmit_skb+0x50d/0xaf0
[ 24.257485] ? lock_release+0xa40/0xa40
[ 24.261429] ? netif_skb_features+0x9b0/0x9b0
[ 24.265895] ? pfifo_fast_dequeue+0x20e/0x870
[ 24.270363] _raw_spin_lock+0x2a/0x40
[ 24.274142] ? sch_direct_xmit+0x361/0x1140
[ 24.278433] sch_direct_xmit+0x361/0x1140
[ 24.282549] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 24.287536] ? pfifo_fast_reset+0x490/0x490
[ 24.291829] ? __lock_is_held+0xb6/0x140
[ 24.295879] __qdisc_run+0x57d/0x19c0
[ 24.299650] ? sch_direct_xmit+0x1140/0x1140
[ 24.304029] ? lock_release+0xa40/0xa40
[ 24.307975] ? __dev_queue_xmit+0x2d8/0x2b50
[ 24.312364] ? pfifo_fast_enqueue+0x2a0/0x420
[ 24.316829] __dev_queue_xmit+0xb62/0x2b50
[ 24.321038] ? netdev_pick_tx+0x300/0x300
[ 24.325158] ? find_held_lock+0x35/0x1d0
[ 24.329202] ? lock_downgrade+0x980/0x980
[ 24.333320] ? check_noncircular+0x20/0x20
[ 24.337526] ? __local_bh_enable_ip+0x121/0x230
[ 24.342179] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 24.347181] ? __neigh_create+0x1657/0x1d90
[ 24.351474] ? __local_bh_enable_ip+0x121/0x230
[ 24.356114] ? _raw_write_unlock_bh+0x30/0x40
[ 24.360583] ? __neigh_create+0xc06/0x1d90
[ 24.364793] ? print_irqtrace_events+0x270/0x270
[ 24.369519] ? ip_finish_output2+0x8c6/0x14f0
[ 24.373982] ? lock_downgrade+0x980/0x980
[ 24.378761] ? lock_release+0xa40/0xa40
[ 24.382705] ? mark_held_locks+0xaf/0x100
[ 24.386825] ? memcpy+0x45/0x50
[ 24.390080] dev_queue_xmit+0x17/0x20
[ 24.393849] ? dev_queue_xmit+0x17/0x20
[ 24.397798] neigh_resolve_output+0x5e2/0xa00
[ 24.402266] ? ether_setup+0x2d0/0x2d0
[ 24.406133] ? __neigh_event_send+0x1040/0x1040
[ 24.410772] ? ip_finish_output+0x864/0xd10
[ 24.415062] ? ip_mc_output+0x271/0x1350
[ 24.419093] ip_finish_output2+0x8c6/0x14f0
[ 24.423388] ? __local_bh_enable_ip+0x121/0x230
[ 24.428029] ? ip_copy_metadata+0xac0/0xac0
[ 24.432319] ? check_noncircular+0x20/0x20
[ 24.436521] ? ipt_do_table+0xdd3/0x13b0
[ 24.440558] ? ipv4_mtu+0x347/0x4c0
[ 24.444155] ? rt_cpu_seq_show+0x2c0/0x2c0
[ 24.448369] ? find_held_lock+0x35/0x1d0
[ 24.452399] ip_finish_output+0x864/0xd10
[ 24.456517] ? ip_finish_output+0x864/0xd10
[ 24.460806] ? ip_fragment.constprop.47+0x200/0x200
[ 24.465788] ? iptable_mangle_hook+0xaf/0x4a0
[ 24.470256] ? nf_hook_slow+0xd3/0x1a0
[ 24.474120] ip_mc_output+0x271/0x1350
[ 24.477977] ? ip_queue_xmit+0x18e0/0x18e0
[ 24.482185] ? lock_downgrade+0x980/0x980
[ 24.486304] ? nf_hook_slow+0xd3/0x1a0
[ 24.490163] ? __ip_local_out+0x494/0x7a0
[ 24.494282] ? ip_copy_addrs+0xe0/0xe0
[ 24.498138] ? skb_copy_ubufs+0x1910/0x1910
[ 24.502431] ? ip_fragment.constprop.47+0x200/0x200
[ 24.507416] ? __ip_select_ident+0x168/0x270
[ 24.511792] ? ip_idents_reserve+0x2a0/0x2a0
[ 24.516172] ip_local_out+0x95/0x160
[ 24.519857] iptunnel_xmit+0x556/0x810
[ 24.523716] ip_tunnel_xmit+0x1780/0x3650
[ 24.527835] ? ip_md_tunnel_xmit+0x14d0/0x14d0
[ 24.532385] ? lock_downgrade+0x980/0x980
[ 24.536503] ? pvclock_read_flags+0x160/0x160
[ 24.540969] ? mark_held_locks+0xaf/0x100
[ 24.545085] ? ktime_get_with_offset+0x188/0x420
[ 24.549813] ? kvm_clock_get_cycles+0x25/0x30
[ 24.554279] ? do_gettimeofday+0x190/0x190
[ 24.558482] __gre_xmit+0x546/0x8b0
[ 24.562080] erspan_xmit+0x7eb/0x2430
[ 24.565849] ? gretap_fb_dev_create+0x250/0x250
[ 24.570488] ? __lock_is_held+0xb6/0x140
[ 24.574521] dev_hard_start_xmit+0x24e/0xac0
[ 24.578899] ? validate_xmit_skb_list+0x120/0x120
[ 24.583709] ? __skb_gso_segment+0x810/0x810
[ 24.588094] ? lock_acquire+0x1d5/0x580
[ 24.592039] ? lock_acquire+0x1d5/0x580
[ 24.595986] ? sch_direct_xmit+0x361/0x1140
[ 24.600279] ? validate_xmit_skb+0x50d/0xaf0
[ 24.604656] ? lock_release+0xa40/0xa40
[ 24.608599] ? netif_skb_features+0x9b0/0x9b0
[ 24.613062] ? pfifo_fast_dequeue+0x20e/0x870
[ 24.617529] sch_direct_xmit+0x40d/0x1140
[ 24.621647] ? pfifo_fast_reset+0x490/0x490
[ 24.625938] ? __lock_is_held+0xb6/0x140
[ 24.629970] __qdisc_run+0x57d/0x19c0
[ 24.633740] ? sch_direct_xmit+0x1140/0x1140
[ 24.638117] ? lock_release+0xa40/0xa40
[ 24.642059] ? __dev_queue_xmit+0x2d8/0x2b50
[ 24.646438] ? pfifo_fast_enqueue+0x2a0/0x420
[ 24.650903] __dev_queue_xmit+0xb62/0x2b50
[ 24.655107] ? netdev_pick_tx+0x300/0x300
[ 24.659231] ? check_noncircular+0x20/0x20
[ 24.663435] ? __local_bh_enable_ip+0x121/0x230
[ 24.668072] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 24.673063] ? __neigh_create+0x1657/0x1d90
[ 24.677355] ? __local_bh_enable_ip+0x121/0x230
[ 24.681997] ? _raw_write_unlock_bh+0x30/0x40
[ 24.686466] ? __neigh_create+0xc06/0x1d90
[ 24.690671] ? print_irqtrace_events+0x270/0x270
[ 24.695396] ? ip_finish_output2+0x8c6/0x14f0
[ 24.699861] ? lock_downgrade+0x980/0x980
[ 24.703978] ? lock_release+0xa40/0xa40
[ 24.707920] ? mark_held_locks+0xaf/0x100
[ 24.712041] ? memcpy+0x45/0x50
[ 24.715293] dev_queue_xmit+0x17/0x20
[ 24.719061] ? dev_queue_xmit+0x17/0x20
[ 24.723014] neigh_resolve_output+0x5e2/0xa00
[ 24.727482] ? ether_setup+0x2d0/0x2d0
[ 24.731340] ? __neigh_event_send+0x1040/0x1040
[ 24.735982] ? tun_get_user+0x2760/0x3940
[ 24.740102] ? tun_chr_write_iter+0xb9/0x160
[ 24.744485] ip_finish_output2+0x8c6/0x14f0
[ 24.748776] ? __local_bh_enable_ip+0x121/0x230
[ 24.753416] ? ip_copy_metadata+0xac0/0xac0
[ 24.757706] ? check_noncircular+0x20/0x20
[ 24.761908] ? ipt_do_table+0xdd3/0x13b0
[ 24.765940] ? ipv4_mtu+0x347/0x4c0
[ 24.769539] ? rt_cpu_seq_show+0x2c0/0x2c0
[ 24.773742] ? find_held_lock+0x35/0x1d0
[ 24.777774] ip_finish_output+0x864/0xd10
[ 24.781890] ? ip_finish_output+0x864/0xd10
[ 24.786182] ? ip_fragment.constprop.47+0x200/0x200
[ 24.791164] ? iptable_mangle_hook+0xaf/0x4a0
[ 24.795645] ? nf_hook_slow+0xd3/0x1a0
[ 24.799507] ip_mc_output+0x271/0x1350
[ 24.803374] ? ip_queue_xmit+0x18e0/0x18e0
[ 24.807576] ? lock_downgrade+0x980/0x980
[ 24.811698] ? nf_hook_slow+0xd3/0x1a0
[ 24.815554] ? __ip_local_out+0x494/0x7a0
[ 24.819673] ? ip_copy_addrs+0xe0/0xe0
[ 24.823529] ? dst_release+0x3a/0x90
[ 24.827212] ? __ip_make_skb+0xfd1/0x1850
[ 24.831329] ? ip_fragment.constprop.47+0x200/0x200
[ 24.836314] ip_local_out+0x95/0x160
[ 24.839998] ip_send_skb+0x3c/0xc0
[ 24.843511] ip_push_pending_frames+0x64/0x80
[ 24.847976] icmp_push_reply+0x395/0x4f0
[ 24.852009] icmp_send+0x1136/0x19b0
[ 24.855702] ? icmp_route_lookup.constprop.24+0x1360/0x1360
[ 24.861387] ? check_noncircular+0x20/0x20
[ 24.865593] ? __lock_acquire+0x664/0x3e00
[ 24.869797] ? __debug_object_init+0x235/0x1040
[ 24.874436] ? __is_insn_slot_addr+0x1fc/0x330
[ 24.878992] ? find_held_lock+0x35/0x1d0
[ 24.883030] ? lock_downgrade+0x980/0x980
[ 24.887154] ? lock_release+0xa40/0xa40
[ 24.891097] ip_options_compile+0xc21/0x1a50
[ 24.895478] ? ip_forward+0x1cd0/0x1cd0
[ 24.899423] ? ip_route_input_rcu+0x3180/0x3180
[ 24.904060] ip_rcv_finish+0x80f/0x1e30
[ 24.908007] ? inet_del_offload+0x40/0x40
[ 24.912132] ? ip_rcv+0xf22/0x1840
[ 24.915644] ? lock_downgrade+0x980/0x980
[ 24.919760] ? nf_nat_ipv4_in+0x1cd/0x270
[ 24.923884] ? iptable_nat_ipv4_fn+0x40/0x40
[ 24.928266] ? nf_hook_slow+0xd3/0x1a0
[ 24.932128] ip_rcv+0xc5a/0x1840
[ 24.935470] ? ip_local_deliver+0x6e0/0x6e0
[ 24.939763] ? inet_del_offload+0x40/0x40
[ 24.943880] ? ip_local_deliver+0x6e0/0x6e0
[ 24.948171] __netif_receive_skb_core+0x1a41/0x3460
[ 24.953158] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 24.958320] ? nf_ingress+0x9f0/0x9f0
[ 24.962095] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 24.967255] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 24.972416] ? check_noncircular+0x20/0x20
[ 24.976619] ? check_noncircular+0x20/0x20
[ 24.980822] ? lock_downgrade+0x980/0x980
[ 24.984940] ? lock_release+0xa40/0xa40
[ 24.988883] ? mark_held_locks+0xaf/0x100
[ 24.993003] ? print_irqtrace_events+0x270/0x270
[ 24.997735] ? lock_downgrade+0x980/0x980
[ 25.001865] ? pvclock_read_flags+0x160/0x160
[ 25.006338] ? mark_held_locks+0xaf/0x100
[ 25.010465] ? lock_acquire+0x1d5/0x580
[ 25.014418] ? lock_acquire+0x1d5/0x580
[ 25.018361] ? netif_receive_skb_internal+0xa2/0x670
[ 25.023433] ? ktime_get_with_offset+0x2c1/0x420
[ 25.028160] ? lock_release+0xa40/0xa40
[ 25.032103] ? do_gettimeofday+0x190/0x190
[ 25.036309] __netif_receive_skb+0x2c/0x1b0
[ 25.040599] ? __netif_receive_skb+0x2c/0x1b0
[ 25.045066] netif_receive_skb_internal+0x10b/0x670
[ 25.050052] ? dev_cpu_dead+0xb00/0xb00
[ 25.053997] ? net_rx_action+0x1910/0x1910
[ 25.058208] ? eth_type_trans+0x2b2/0x710
[ 25.062326] ? eth_gro_receive+0x820/0x820
[ 25.066533] napi_gro_frags+0x58a/0xaf0
[ 25.070478] ? napi_gro_receive+0x500/0x500
[ 25.074772] ? tun_get_user+0x2737/0x3940
[ 25.078919] tun_get_user+0x2760/0x3940
[ 25.082865] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 25.088029] ? do_huge_pmd_anonymous_page+0xb1e/0x1b00
[ 25.093282] ? tun_build_skb.isra.49+0x1810/0x1810
[ 25.098182] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 25.103342] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 25.108501] ? trace_hardirqs_on+0xd/0x10
[ 25.112621] ? find_held_lock+0x35/0x1d0
[ 25.116652] ? tun_get+0x1ab/0x2e0
[ 25.120161] ? lock_release+0xa40/0xa40
[ 25.124103] ? __lock_is_held+0xb6/0x140
[ 25.128140] ? tun_get+0x1d4/0x2e0
[ 25.131648] ? tun_do_read+0x2600/0x2600
[ 25.135681] ? __check_object_size+0x8b/0x530
[ 25.140150] ? rcu_note_context_switch+0x710/0x710
[ 25.145065] tun_chr_write_iter+0xb9/0x160
[ 25.149271] do_iter_readv_writev+0x525/0x7f0
[ 25.153739] ? vfs_dedupe_file_range+0x8f0/0x8f0
[ 25.158462] ? rw_verify_area+0xe5/0x2b0
[ 25.162499] do_iter_write+0x154/0x540
[ 25.166358] ? dup_iter+0x260/0x260
[ 25.169955] vfs_writev+0x18a/0x340
[ 25.173548] ? __fget_light+0x297/0x380
[ 25.177490] ? vfs_iter_write+0xb0/0xb0
[ 25.181434] ? up_read+0x1a/0x40
[ 25.184769] ? __do_page_fault+0x3d6/0xc90
[ 25.188973] ? mm_fault_error+0x2c0/0x2c0
[ 25.193093] ? __fdget_pos+0x130/0x190
[ 25.196949] ? __fdget_raw+0x20/0x20
[ 25.200631] ? __do_page_fault+0xc90/0xc90
[ 25.204837] do_writev+0xfc/0x2a0
[ 25.208258] ? do_writev+0xfc/0x2a0
[ 25.211864] ? vfs_writev+0x340/0x340
[ 25.215636] ? entry_SYSCALL_64_fastpath+0x5/0xa0
[ 25.220449] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 25.225433] SyS_writev+0x27/0x30
[ 25.228855] entry_SYSCALL_64_fastpath+0x29/0xa0
[ 25.233577] RIP: 0033:0x444f50
[ 25.236745] RSP: 002b:00007fff4f669868 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 25.244421] RAX: ffffffffffffffda RBX: 00000000004a6852 RCX: 0000000000444f50
[ 25.251663] RDX: 0000000000000001 RSI: 00007fff4f6698a0 RDI: 0000000000000003
[ 25.258902] RBP: 00007fff4f669998 R08: 0000000000000023 R09: 0000000000000000
[ 25.266144] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff4f669998
[ 25.273392] R13: 0000000000402520 R14: 0000000000000000 R15: 0000000000000000
[