[....] Starting enhanced syslogd: rsyslogd[ 12.620076] audit: type=1400 audit(1514724665.949:5): avc: denied { syslog } for pid=3342 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.246041] audit: type=1400 audit(1514724671.575:6): avc: denied { map } for pid=3481 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.61' (ECDSA) to the list of known hosts. executing program [ 24.429809] audit: type=1400 audit(1514724677.759:7): avc: denied { map } for pid=3495 comm="syzkaller246415" path="/root/syzkaller246415126" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 24.434813] [ 24.434823] ============================= [ 24.434825] WARNING: suspicious RCU usage [ 24.434831] 4.15.0-rc5+ #171 Not tainted [ 24.434833] ----------------------------- [ 24.434838] ./include/linux/rcupdate.h:302 Illegal context switch in RCU read-side critical section! [ 24.434840] [ 24.434840] other info that might help us debug this: [ 24.434840] [ 24.434844] [ 24.434844] rcu_scheduler_active = 2, debug_locks = 1 [ 24.434849] 2 locks held by syzkaller246415/3495: [ 24.434851] #0: (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: [<0000000085c20885>] xfrm_netlink_rcv+0x60/0x90 [ 24.434879] #1: (rcu_read_lock){....}, at: [<00000000bee17d16>] xfrm_state_get_afinfo+0x62/0x280 [ 24.434895] [ 24.434895] stack backtrace: [ 24.434902] CPU: 1 PID: 3495 Comm: syzkaller246415 Not tainted 4.15.0-rc5+ #171 [ 24.434906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.434909] Call Trace: [ 24.434922] dump_stack+0x194/0x257 [ 24.434935] ? arch_local_irq_restore+0x53/0x53 [ 24.434963] lockdep_rcu_suspicious+0x123/0x170 [ 24.434977] ___might_sleep+0x385/0x470 [ 24.434985] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 24.435011] __might_sleep+0x95/0x190 [ 24.435028] kmem_cache_alloc_trace+0x298/0x750 [ 24.435057] __request_module+0x2e1/0xc20 [ 24.435062] ? check_noncircular+0x20/0x20 [ 24.435072] ? __xfrm_init_state+0xa61/0xdd0 [ 24.435082] ? free_modprobe_argv+0xa0/0xa0 [ 24.435091] ? check_noncircular+0x20/0x20 [ 24.435097] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.435114] ? check_noncircular+0x20/0x20 [ 24.435120] ? lock_acquire+0x1d5/0x580 [ 24.435134] ? find_held_lock+0x35/0x1d0 [ 24.435143] ? check_noncircular+0x20/0x20 [ 24.435161] ? lock_acquire+0x1d5/0x580 [ 24.435166] ? lock_acquire+0x1d5/0x580 [ 24.435173] ? xfrm_state_get_afinfo+0x62/0x280 [ 24.435200] ? __lock_is_held+0xb6/0x140 [ 24.435225] ? rcu_read_lock_held+0xa9/0xc0 [ 24.435233] ? xfrm_state_get_afinfo+0x138/0x280 [ 24.435241] ? xfrm_state_find+0x3210/0x3210 [ 24.435264] __xfrm_init_state+0xa61/0xdd0 [ 24.435282] ? xfrm_get_mode.part.29+0x260/0x260 [ 24.435288] ? xfrm_find_algo+0x1c4/0x270 [ 24.435300] ? xfrm_add_sa+0x11e1/0x33e0 [ 24.435316] xfrm_add_sa+0x1a09/0x33e0 [ 24.435343] ? xfrm_send_state_notify+0x1c50/0x1c50 [ 24.435353] ? nla_parse+0x29a/0x3d0 [ 24.435367] ? nla_validate+0x1c0/0x1c0 [ 24.435381] ? __netlink_ns_capable+0xe1/0x120 [ 24.435392] ? xfrm_send_state_notify+0x1c50/0x1c50 [ 24.435401] xfrm_user_rcv_msg+0x422/0x860 [ 24.435408] ? xfrm_user_rcv_msg+0x422/0x860 [ 24.435423] ? xfrm_dump_sa_done+0xe0/0xe0 [ 24.435431] ? lock_downgrade+0x980/0x980 [ 24.435448] ? lock_release+0xa40/0xa40 [ 24.435500] ? netlink_tap_init_net+0x350/0x350 [ 24.435514] netlink_rcv_skb+0x224/0x470 [ 24.435523] ? xfrm_dump_sa_done+0xe0/0xe0 [ 24.435533] ? netlink_ack+0xa10/0xa10 [ 24.435548] ? netlink_skb_destructor+0x1d0/0x1d0 [ 24.435568] xfrm_netlink_rcv+0x6f/0x90 [ 24.435577] netlink_unicast+0x4c4/0x6b0 [ 24.435594] ? netlink_attachskb+0x8a0/0x8a0 [ 24.435611] ? security_netlink_send+0x81/0xb0 [ 24.435624] netlink_sendmsg+0xa4a/0xe60 [ 24.435644] ? netlink_unicast+0x6b0/0x6b0 [ 24.435658] ? security_socket_sendmsg+0x89/0xb0 [ 24.435666] ? netlink_unicast+0x6b0/0x6b0 [ 24.435679] sock_sendmsg+0xca/0x110 [ 24.435691] ___sys_sendmsg+0x767/0x8b0 [ 24.435707] ? copy_msghdr_from_user+0x590/0x590 [ 24.435728] ? __do_page_fault+0x5f7/0xc90 [ 24.435738] ? lock_downgrade+0x980/0x980 [ 24.435759] ? __fget_light+0x297/0x380 [ 24.435770] ? fget_raw+0x20/0x20 [ 24.435780] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 24.435786] ? vmacache_find+0x5f/0x280 [ 24.435804] ? up_read+0x1a/0x40 [ 24.435813] ? __do_page_fault+0x3d6/0xc90 [ 24.435819] ? get_unused_fd_flags+0x190/0x190 [ 24.435838] ? __fdget+0x18/0x20 [ 24.435854] __sys_sendmsg+0xe5/0x210 [ 24.435859] ? __sys_sendmsg+0xe5/0x210 [ 24.435870] ? SyS_shutdown+0x290/0x290 [ 24.435882] ? __do_page_fault+0xc90/0xc90 [ 24.435896] ? fd_install+0x4d/0x60 [ 24.435922] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.435938] SyS_sendmsg+0x2d/0x50 [ 24.435950] entry_SYSCALL_64_fastpath+0x23/0x9a [ 24.435956] RIP: 0033:0x4400c9 [ 24.435959] RSP: 002b:00007ffe9973f518 EFLAGS: 00000203 ORIG_RAX: 000000000000002e [ 24.435967] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00000000004400c9 [ 24.435971] RDX: 0000000000000000 RSI: 0000000020004000 RDI: 0000000000000003 [ 24.435974] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 24.435978] R10: 0000000000000000 R11: 0000000000000203 R12: 0000000000401a30 [ 24.435983] R13: 0000000000401ac0 R14: 0000000000000000 R15: 0000000000000000 [ 24.436032] BUG: sleeping function called from invalid context at mm/slab.h:419 [ 24.436036] in_atomic(): 1, irqs_disabled(): 0, pid: 3495, name: syzkaller246415 [ 24.436040] 2 locks held by syzkaller246415/3495: [ 24.436042] #0: (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: [<0000000085c20885>] xfrm_netlink_rcv+0x60/0x90 [ 24.436058] #1: (rcu_read_lock){....}, at: [<00000000bee17d16>] xfrm_state_get_afinfo+0x62/0x280 [ 24.436076] CPU: 1 PID: 3495 Comm: syzkaller246415 Not tainted 4.15.0-rc5+ #171 [ 24.436079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.436081] Call Trace: [ 24.436089] dump_stack+0x194/0x257 [ 24.436102] ? arch_local_irq_restore+0x53/0x53 [ 24.436110] ? print_lock+0x9f/0xa2 [ 24.436118] ? lockdep_print_held_locks+0xc4/0x130 [ 24.436135] ___might_sleep+0x2b2/0x470 [ 24.436143] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 24.436166] __might_sleep+0x95/0x190 [ 24.436180] kmem_cache_alloc_trace+0x298/0x750 [ 24.436206] __request_module+0x2e1/0xc20 [ 24.436212] ? check_noncircular+0x20/0x20 [ 24.436221] ? __xfrm_init_state+0xa61/0xdd0 [ 24.436231] ? free_modprobe_argv+0xa0/0xa0 [ 24.436241] ? check_noncircular+0x20/0x20 [ 24.436247] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.436264] ? check_noncircular+0x20/0x20 [ 24.436269] ? lock_acquire+0x1d5/0x580 [ 24.436283] ? find_held_lock+0x35/0x1d0 [ 24.436291] ? check_noncircular+0x20/0x20 [ 24.436309] ? lock_acquire+0x1d5/0x580 [ 24.436315] ? lock_acquire+0x1d5/0x580 [ 24.436322] ? xfrm_state_get_afinfo+0x62/0x280 [ 24.436348] ? __lock_is_held+0xb6/0x140 [ 24.436372] ? rcu_read_lock_held+0xa9/0xc0 [ 24.436379] ? xfrm_state_get_afinfo+0x138/0x280 [ 24.436387] ? xfrm_state_find+0x3210/0x3210 [ 24.436410] __xfrm_init_state+0xa61/0xdd0 [ 24.436428] ? xfrm_get_mode.part.29+0x260/0x260 [ 24.436434] ? xfrm_find_algo+0x1c4/0x270 [ 24.436450] ? xfrm_add_sa+0x11e1/0x33e0 [ 24.436466] xfrm_add_sa+0x1a09/0x33e0 [ 24.436492] ? xfrm_send_state_notify+0x1c50/0x1c50 [ 24.436500] ? nla_parse+0x29a/0x3d0 [ 24.436514] ? nla_validate+0x1c0/0x1c0 [ 24.436526] ? __netlink_ns_capable+0xe1/0x120 [ 24.436537] ? xfrm_send_state_notify+0x1c50/0x1c50 [ 24.436546] xfrm_user_rcv_msg+0x422/0x860 [ 24.436553] ? xfrm_user_rcv_msg+0x422/0x860 [ 24.436567] ? xfrm_dump_sa_done+0xe0/0xe0 [ 24.436576] ? lock_downgrade+0x980/0x980 [ 24.436589] ? lock_release+0xa40/0xa40 [ 24.436640] ? netlink_tap_init_net+0x350/0x350 [ 24.436654] netlink_rcv_skb+0x224/0x470 [ 24.436663] ? xfrm_dump_sa_done+0xe0/0xe0 [ 24.436673] ? netlink_ack+0xa10/0xa10 [ 24.436688] ? netlink_skb_destructor+0x1d0/0x1d0 [ 24.436707] xfrm_netlink_rcv+0x6f/0x90 [ 24.436717] netlink_unicast+0x4c4/0x6b0 [ 24.436734] ? netlink_attachskb+0x8a0/0x8a0 [ 24.436749] ? security_netlink_send+0x81/0xb0 [ 24.436762] netlink_sendmsg+0xa4a/0xe60 [ 24.436781] ? netlink_unicast+0x6b0/0x6b0 [ 24.436796] ? security_socket_sendmsg+0x89/0xb0 [ 24.436804] ? netlink_unicast+0x6b0/0x6b0 [ 24.436814] sock_sendmsg+0xca/0x110 [ 24.436826] ___sys_sendmsg+0x767/0x8b0 [ 24.436842] ? copy_msghdr_from_user+0x590/0x590 [ 24.436862] ? __do_page_fault+0x5f7/0xc90 [ 24.436871] ? lock_downgrade+0x980/0x980 [ 24.436889] ? __fget_light+0x297/0x380 [ 24.436899] ? fget_raw+0x20/0x20 [ 24.436908] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 24.436913] ? vmacache_find+0x5f/0x280 [ 24.436931] ? up_read+0x1a/0x40 [ 24.436939] ? __do_page_fault+0x3d6/0xc90 [ 24.436945] ? get_unused_fd_flags+0x190/0x190 [ 24.436964] ? __fdget+0x18/0x20 [ 24.436979] __sys_sendmsg+0xe5/0x210 [ 24.436985] ? __sys_sendmsg+0xe5/0x210 [ 24.436996] ? SyS_shutdown+0x290/0x290 [ 24.437010] ? __do_page_fault+0xc90/0xc90 [ 24.437024] ? fd_install+0x4d/0x60 [ 24.437050] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.437067] SyS_sendmsg+0x2d/0x50 [ 24.437077] entry_SYSCALL_64_fastpath+0x23/0x9a [ 24.437082] RIP: 0033:0x4400c9 [ 24.437085] RSP: 002b:00007ffe9973f518 EFLAGS: 00000203 ORIG_RAX: 000000000000002e [ 24.437092] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00000000004400c9 [ 24.437096] RDX: 0000000000000000 RSI: 0000000020004000 RDI: 0000000000000003 [ 24.437100] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 24.437104] R10: 0000000000000000 R11: 0000000000000203 R12: 0000000000401a30 [ 24.437108] R13: 0000000000401ac0 R14: 0000000000000000 R15: 0000000000000000 [ 24.437439] BUG: scheduling while atomic: syzkaller246415/3495/0x00000002 [ 24.437444] 2 locks held by syzkaller246415/3495: [ 24.437446] #0: (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: [<0000000085c20885>] xfrm_netlink_rcv+0x60/0x90 [ 24.437462] #1: (rcu_read_lock){....}, at: [<00000000bee17d16>] xfrm_state_get_afinfo+0x62/0x280 [ 24.437477] Modules linked in: [ 24.437483] Kernel panic - not syncing: scheduling while atomic [ 24.437483] [ 24.437490] CPU: 1 PID: 3495 Comm: syzkaller246415 Tainted: G W 4.15.0-rc5+ #171 [ 24.437494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.437495] Call Trace: [ 24.437503] dump_stack+0x194/0x257 [ 24.437516] ? arch_local_irq_restore+0x53/0x53 [ 24.437528] ? print_modules+0x194/0x30b [ 24.437536] ? printk+0xaa/0xca [ 24.437546] ? vsnprintf+0x1ed/0x1900 [ 24.437562] panic+0x1e4/0x41c [ 24.437571] ? refcount_error_report+0x214/0x214 [ 24.437586] ? print_lock+0x9f/0xa2 [ 24.437606] __schedule_bug+0x11f/0x130 [ 24.437616] __schedule+0x131c/0x2060 [ 24.437635] ? __sched_text_start+0x8/0x8 [ 24.437656] ? __lock_is_held+0xb6/0x140 [ 24.437681] ? check_noncircular+0x20/0x20 [ 24.437696] ? check_noncircular+0x20/0x20 [ 24.437710] schedule+0xf5/0x430 [ 24.437722] ? __schedule+0x2060/0x2060 [ 24.437738] ? print_irqtrace_events+0x270/0x270 [ 24.437757] ? wait_for_completion_killable+0x3f1/0x820 [ 24.437766] ? lock_downgrade+0x980/0x980 [ 24.437779] schedule_timeout+0x1a3/0x230 [ 24.437788] ? usleep_range+0x190/0x190 [ 24.437800] ? mark_held_locks+0xaf/0x100 [ 24.437810] ? _raw_spin_unlock_irq+0x27/0x70 [ 24.437821] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.437837] wait_for_completion_killable+0x3f9/0x820 [ 24.437852] ? wait_for_completion_interruptible_timeout+0x820/0x820 [ 24.437865] ? __lockdep_init_map+0xe4/0x650 [ 24.437878] ? mark_held_locks+0xaf/0x100 [ 24.437889] ? wake_up_q+0xe0/0xe0 [ 24.437898] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.437907] ? trace_hardirqs_on+0xd/0x10 [ 24.437917] ? queue_work_on+0x106/0x1c0 [ 24.437930] call_usermodehelper_exec+0x2c1/0x480 [ 24.437939] ? usermodehelper_read_lock_wait+0x230/0x230 [ 24.437945] ? dec_ucount+0x1e0/0x1e0 [ 24.437965] ? memcpy+0x45/0x50 [ 24.437982] __request_module+0x41a/0xc20 [ 24.437988] ? check_noncircular+0x20/0x20 [ 24.437997] ? __xfrm_init_state+0xa61/0xdd0 [ 24.438010] ? free_modprobe_argv+0xa0/0xa0 [ 24.438019] ? check_noncircular+0x20/0x20 [ 24.438025] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.438042] ? check_noncircular+0x20/0x20 [ 24.438048] ? lock_acquire+0x1d5/0x580 [ 24.438062] ? find_held_lock+0x35/0x1d0 [ 24.438070] ? check_noncircular+0x20/0x20 [ 24.438088] ? lock_acquire+0x1d5/0x580 [ 24.438093] ? lock_acquire+0x1d5/0x580 [ 24.438100] ? xfrm_state_get_afinfo+0x62/0x280 [ 24.438126] ? __lock_is_held+0xb6/0x140 [ 24.438150] ? rcu_read_lock_held+0xa9/0xc0 [ 24.438157] ? xfrm_state_get_afinfo+0x138/0x280 [ 24.438165] ? xfrm_state_find+0x3210/0x3210 [ 24.438188] __xfrm_init_state+0xa61/0xdd0 [ 24.438206] ? xfrm_get_mode.part.29+0x260/0x260 [ 24.438211] ? xfrm_find_algo+0x1c4/0x270 [ 24.438223] ? xfrm_add_sa+0x11e1/0x33e0 [ 24.438239] xfrm_add_sa+0x1a09/0x33e0 [ 24.438265] ? xfrm_send_state_notify+0x1c50/0x1c50 [ 24.438273] ? nla_parse+0x29a/0x3d0 [ 24.438287] ? nla_validate+0x1c0/0x1c0 [ 24.438298] ? __netlink_ns_capable+0xe1/0x120 [ 24.438310] ? xfrm_send_state_notify+0x1c50/0x1c50 [ 24.438318] xfrm_user_rcv_msg+0x422/0x860 [ 24.438326] ? xfrm_user_rcv_msg+0x422/0x860 [ 24.438341] ? xfrm_dump_sa_done+0xe0/0xe0 [ 24.438349] ? lock_downgrade+0x980/0x980 [ 24.438361] ? lock_release+0xa40/0xa40 [ 24.438412] ? netlink_tap_init_net+0x350/0x350 [ 24.438427] netlink_rcv_skb+0x224/0x470 [ 24.438439] ? xfrm_dump_sa_done+0xe0/0xe0 [ 24.438450] ? netlink_ack+0xa10/0xa10 [ 24.438464] ? netlink_skb_destructor+0x1d0/0x1d0 [ 24.438483] xfrm_netlink_rcv+0x6f/0x90 [ 24.438493] netlink_unicast+0x4c4/0x6b0 [ 24.438510] ? netlink_attachskb+0x8a0/0x8a0 [ 24.438525] ? security_netlink_send+0x81/0xb0 [ 24.438538] netlink_sendmsg+0xa4a/0xe60 [ 24.438557] ? netlink_unicast+0x6b0/0x6b0 [ 24.438571] ? security_socket_sendmsg+0x89/0xb0 [ 24.438579] ? netlink_unicast+0x6b0/0x6b0 [ 24.438590] sock_sendmsg+0xca/0x110 [ 24.438602] ___sys_sendmsg+0x767/0x8b0 [ 24.438618] ? copy_msghdr_from_user+0x590/0x590 [ 24.438637] ? __do_page_fault+0x5f7/0xc90 [ 24.438646] ? lock_downgrade+0x980/0x980 [ 24.438664] ? __fget_light+0x297/0x380 [ 24.438674] ? fget_raw+0x20/0x20 [ 24.438683] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 24.438688] ? vmacache_find+0x5f/0x280 [ 24.438706] ? up_read+0x1a/0x40 [ 24.438715] ? __do_page_fault+0x3d6/0xc90 [ 24.438721] ? get_unused_fd_flags+0x190/0x190 [ 24.438739] ? __fdget+0x18/0x20 [ 24.438754] __sys_sendmsg+0xe5/0x210 [ 24.438760] ? __sys_sendmsg+0xe5/0x210 [ 24.438771] ? SyS_shutdown+0x290/0x290 [ 24.438782] ? __do_page_fault+0xc90/0xc90 [ 24.438796] ? fd_install+0x4d/0x60 [ 24.438821] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.438838] SyS_sendmsg+0x2d/0x50 [ 24.438849] entry_SYSCALL_64_fastpath+0x23/0x9a [ 24.438853] RIP: 0033:0x4400c9 [ 24.438857] RSP: 002b:00007ffe9973f518 EFLAGS: 00000203 ORIG_RAX: 000000000000002e [ 24.438864] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00000000004400c9 [ 24.438868] RDX: 0000000000000000 RSI: 0000000020004000 RDI: 0000000000000003 [ 24.438871] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 24.438875] R10: 0000000000000000 R11: 0000000000000203 R12: 0000000000401a30 [ 24.438879] R13: 0000000000401ac0 R14: 0000000000000000 R15: 0000000000000000 [ 24.456268] Dumping ftrace buffer: [ 24.456333] (ftrace buffer empty) [ 24.456336] Kernel Offset: disabled [ 25.862426] Rebooting in 86400 seconds..