[   44.197925] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   44.628414] audit: type=1400 audit(1518103154.351:12): avc:  denied  { sys_chroot } for  pid=4205 comm="syz-executor0" capability=18  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   51.666858] IPVS: ftp: loaded support on port[0] = 21
[   51.710283] IPVS: ftp: loaded support on port[0] = 21
[   51.751611] IPVS: ftp: loaded support on port[0] = 21
[   51.794008] IPVS: ftp: loaded support on port[0] = 21
[   51.837485] IPVS: ftp: loaded support on port[0] = 21
[   51.866037] IPVS: ftp: loaded support on port[0] = 21
[   51.896572] IPVS: ftp: loaded support on port[0] = 21
[   51.925898] IPVS: ftp: loaded support on port[0] = 21
Warning: Permanently added '10.128.0.31' (ECDSA) to the list of known hosts.
[  478.203812] 
[  478.205496] ============================================
[  478.210925] WARNING: possible recursive locking detected
[  478.216363] 4.15.0+ #37 Not tainted
[  478.219971] --------------------------------------------
[  478.225401] syzkaller163597/27635 is trying to acquire lock:
[  478.231177]  (sk_lock-AF_PPPOX){+.+.}, at: [<0000000011240b7f>] pppol2tp_session_free+0x88/0x1d0
[  478.240100] 
[  478.240100] but task is already holding lock:
[  478.246054]  (sk_lock-AF_PPPOX){+.+.}, at: [<000000009bf8de9a>] pppol2tp_connect+0x14e/0x1550
[  478.254714] 
[  478.254714] other info that might help us debug this:
[  478.261363]  Possible unsafe locking scenario:
[  478.261363] 
[  478.267403]        CPU0
[  478.269969]        ----
[  478.272532]   lock(sk_lock-AF_PPPOX);
[  478.276318]   lock(sk_lock-AF_PPPOX);
[  478.280103] 
[  478.280103]  *** DEADLOCK ***
[  478.280103] 
[  478.286147]  May be due to missing lock nesting notation
[  478.286147] 
[  478.293061] 1 lock held by syzkaller163597/27635:
[  478.297882]  #0:  (sk_lock-AF_PPPOX){+.+.}, at: [<000000009bf8de9a>] pppol2tp_connect+0x14e/0x1550
[  478.306981] 
[  478.306981] stack backtrace:
[  478.311466] CPU: 1 PID: 27635 Comm: syzkaller163597 Not tainted 4.15.0+ #37
[  478.318549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  478.327890] Call Trace:
[  478.330470]  dump_stack+0x194/0x257
[  478.334089]  ? arch_local_irq_restore+0x53/0x53
[  478.338757]  __lock_acquire+0xe8f/0x3e00
[  478.342812]  ? pppol2tp_session_prep+0x15c/0xa40
[  478.347566]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[  478.352748]  ? __lock_acquire+0x664/0x3e00
[  478.356981]  ? __lock_is_held+0xb6/0x140
[  478.361042]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[  478.366237]  ? lock_downgrade+0x980/0x980
[  478.370390]  ? check_noncircular+0x20/0x20
[  478.374618]  ? check_noncircular+0x20/0x20
[  478.378848]  ? find_held_lock+0x35/0x1d0
[  478.382907]  lock_acquire+0x1d5/0x580
[  478.386698]  ? lock_sock_nested+0xa3/0x110
[  478.390922]  ? lock_acquire+0x1d5/0x580
[  478.394887]  ? pppol2tp_session_free+0x88/0x1d0
[  478.399550]  ? lock_release+0xa40/0xa40
[  478.403514]  ? trace_event_raw_event_sched_switch+0x800/0x800
[  478.409386]  ? do_raw_spin_trylock+0x190/0x190
[  478.413958]  ? lock_sock_nested+0x44/0x110
[  478.418189]  lock_sock_nested+0xc2/0x110
[  478.422242]  ? pppol2tp_session_free+0x88/0x1d0
[  478.426901]  ? pppol2tp_recvmsg+0x350/0x350
[  478.431209]  pppol2tp_session_free+0x88/0x1d0
[  478.435700]  ? pppol2tp_recvmsg+0x350/0x350
[  478.440010]  l2tp_session_free+0x151/0x2b0
[  478.444235]  ? l2tp_tunnel_del_work+0x1d0/0x1d0
[  478.448893]  ? pppol2tp_connect+0x9a6/0x1550
[  478.453293]  ? trace_hardirqs_on+0xd/0x10
[  478.457433]  pppol2tp_connect+0xfb5/0x1550
[  478.461661]  ? pppol2tp_seq_show+0x1420/0x1420
[  478.466239]  ? selinux_socket_connect+0x311/0x730
[  478.471072]  ? lock_downgrade+0x980/0x980
[  478.475219]  ? selinux_socket_setsockopt+0x80/0x80
[  478.480150]  ? lock_release+0xa40/0xa40
[  478.484135]  ? trace_event_raw_event_sched_switch+0x800/0x800
[  478.490011]  ? __check_object_size+0x8b/0x530
[  478.494500]  ? handle_mm_fault+0x476/0x930
[  478.498735]  ? security_socket_connect+0x89/0xb0
[  478.503484]  SYSC_connect+0x213/0x4a0
[  478.507277]  ? SYSC_bind+0x410/0x410
[  478.510984]  ? do_page_fault+0xee/0x720
[  478.514946]  ? __do_page_fault+0xc90/0xc90
[  478.519171]  ? sock_map_fd+0x53/0x90
[  478.522877]  ? SyS_socket+0x12d/0x1d0
[  478.526667]  ? entry_SYSCALL_64_fastpath+0x5/0xa0
[  478.531504]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  478.536516]  SyS_connect+0x24/0x30
[  478.540057]  entry_SYSCALL_64_fastpath+0x29/0xa0
[  478.544798] RIP: 0033:0x440ca9
[  478.547975] RSP: 002b:00007ffe501872e8 EFLAGS: 00000206 ORIG_RAX: 000000000000002a
[  478.555674] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440ca9
[  478.562932] RDX: 000000000000002e RSI: 0000000020e77000 RDI: 0000000000000004
[  478.570192] RBP: 0000000000074be3 R08: 0000000000000000 R09: 0000000000000000
[  478.577458] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  478.584722] R13: 0000000000000003 R14: 00000000006cf050 R15: 00000000004a25db