[....] Starting enhanced syslogd: rsyslogd[ 12.913895] audit: type=1400 audit(1515998687.822:5): avc: denied { syslog } for pid=3499 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.329627] audit: type=1400 audit(1515998694.238:6): avc: denied { map } for pid=3639 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts. 2018/01/15 06:45:00 fuzzer started [ 25.542202] audit: type=1400 audit(1515998700.450:7): avc: denied { map } for pid=3650 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/01/15 06:45:00 dialing manager at 10.128.0.26:39331 [ 29.042213] can: request_module (can-proto-0) failed. [ 29.051552] can: request_module (can-proto-0) failed. 2018/01/15 06:45:04 kcov=true, comps=true [ 29.511398] audit: type=1400 audit(1515998704.420:8): avc: denied { map } for pid=3650 comm="syz-fuzzer" path="/sys/kernel/debug/kcov" dev="debugfs" ino=8902 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2018/01/15 06:45:06 executing program 0: 2018/01/15 06:45:06 executing program 7: 2018/01/15 06:45:06 executing program 1: 2018/01/15 06:45:06 executing program 2: 2018/01/15 06:45:06 executing program 3: 2018/01/15 06:45:06 executing program 4: 2018/01/15 06:45:06 executing program 5: 2018/01/15 06:45:06 executing program 6: [ 31.830121] audit: type=1400 audit(1515998706.738:9): avc: denied { map } for pid=3650 comm="syz-fuzzer" path="/root/syzkaller-shm244634399" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 34.048680] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 36.676425] audit: type=1400 audit(1515998711.585:10): avc: denied { sys_admin } for pid=3695 comm="syz-executor7" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/01/15 06:45:11 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000ca1000-0x78)={0x2, 0x78, 0x8e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000f32000)='/dev/sequencer\x00', 0xf063c5ad5636be54, 0x0) ioctl$EVIOCGID(r0, 0x80084502, &(0x7f00008bf000)=""/111) r1 = syz_open_procfs(0x0, &(0x7f00002e9000)='task\x00') getdents(r1, &(0x7f0000825000-0xa7)=""/96, 0x60) getdents(r1, &(0x7f0000eee000)=""/36, 0x24) [ 36.847519] audit: type=1400 audit(1515998711.756:11): avc: denied { sys_chroot } for pid=4776 comm="syz-executor7" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/01/15 06:45:11 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000002000-0x18)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000001a000-0x20)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1, 0x0}) r1 = memfd_create(&(0x7f00001f3000-0x8)='proclo}\x00', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000012000)="ca", 0x1}], 0x1, 0x0) lseek(r1, 0xfffffffffffffffc, 0x4) close(r0) 2018/01/15 06:45:11 executing program 7: r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000d3a000-0x10)='/selinux/policy\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffff9c, 0x84, 0x73, &(0x7f00005b2000)={0x0, 0x18, 0x30, 0x7, 0x4}, &(0x7f00008b5000)=0x18) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x1) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000001000-0x3b)={r1, 0x33, "d16b16df53e9eabe9a1e25ec2d4cb3589dd203deaf56952b3747320a37a8c47a86b5495b4dab56199d45738adf6a6a11f11eec"}, &(0x7f0000998000-0x4)=0x3b) socket$key(0xf, 0x3, 0x2) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000fdf000)={r1, @in6={{0xa, 0x0, 0x501, @loopback={0x0, 0x1}, 0xfffffffffffffffc}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x3f, 0x1, 0x2, 0xe, 0x8}, &(0x7f0000000000)=0xa0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r2 = socket(0x100000000000000, 0x7, 0x5ea1112f) getsockopt$ax25_buf(r0, 0x101, 0x19, &(0x7f0000817000-0x7)=""/7, &(0x7f0000ce7000)=0x7) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000c24000)=[@in={0x2, 0x0, @multicast1=0xe0000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @in6={0xa, 0x1, 0xca5, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}, 0x1}, @in={0x2, 0x2, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @in={0x2, 0x1, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @in={0x2, 0x1, @remote={0xac, 0x14, 0x0, 0xbb}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @in={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @in={0x2, 0x3, @multicast1=0xe0000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @in6={0xa, 0x0, 0x4, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, 0x7fff}, @in={0x2, 0x1, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @in6={0xa, 0x2, 0x5, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, 0x4}], 0xc4) write(r2, &(0x7f0000647000)="1c0000002000af0000000000000001050a000000000400010007109b", 0x1c) sendmsg$nl_route(r2, &(0x7f0000400000+0x38a)={&(0x7f0000205000-0xc)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000068000)={&(0x7f0000998000)=@ipv6_getnetconf={0x4c, 0x52, 0x210, 0x6, 0x0, {0xa}, [@NETCONFA_FORWARDING={0x8, 0x2, 0xff}, @NETCONFA_FORWARDING={0x8, 0x2, 0x78}, @NETCONFA_FORWARDING={0x8, 0x2, 0x0}, @NETCONFA_RP_FILTER={0x8, 0x3, 0x5}, @NETCONFA_FORWARDING={0x8, 0x2, 0x1ff}, @NETCONFA_FORWARDING={0x8, 0x2, 0x6}, @NETCONFA_PROXY_NEIGH={0x8, 0x5, 0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40}, 0x40080) [ 37.016346] audit: type=1400 audit(1515998711.923:12): avc: denied { net_admin } for pid=4807 comm="syz-executor7" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/01/15 06:45:12 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00005a8000)='/dev/sequencer2\x00', 0x8002, 0x0) write$sndseq(r0, &(0x7f000000a000)=[{0x40081, 0x80000006, 0x0, 0x0, @time={0x77359400, 0x0}, {0x0, 0x0}, {0x0, 0x0}, @time=@time={0x0, 0x0}}], 0x1c) setsockopt(r0, 0x2, 0x8, &(0x7f00000ba000)="d544182dda0fe332f22679c554ac774d212a8ac72e0183e182359e3528f282eef6c53a8770e563cf94a7a3ee6ad0dd720d371784c918b9c0a86b3c31eafb947f8b5b32fc99657bbca0e0187b25ae5e8594d5d755194986188f66efb2abb3c1bede8bdda6ed1b6b0a30aed19a9ece", 0x6e) 2018/01/15 06:45:12 executing program 6: mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x6, 0x84) getsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000003000-0x4)=0x0, &(0x7f0000005000)=0x4) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000008000-0x8)={0x0, 0x5}, &(0x7f0000007000)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000004000-0x108)={r1, @in={{0x2, 0x1, @empty=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x6, 0x5, 0x1000, 0x7, 0x3f, 0x20, 0x2, 0x7fff, 0x5, 0xffffffff80000001, 0x5, 0x7, 0xfffffffffffffffd, 0xa0, 0x1400000000]}, &(0x7f0000004000-0x4)=0x108) 2018/01/15 06:45:12 executing program 1: r0 = semget$private(0x0, 0x1, 0x2) semctl$IPC_RMID(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000dcc000-0x1)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = inotify_init() inotify_rm_watch(r1, 0x0) 2018/01/15 06:45:12 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tun(&(0x7f00002d2000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000410000-0x4)=0x101) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000533000)={@generic="02000000040000000004008000e9bc22", @ifru_settings={0x10001, 0x0, @fr=&(0x7f0000013000-0x18)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000dd6000-0x8)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_dev$tun(&(0x7f0000b1f000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFINDEX(r2, 0x400454da, &(0x7f000053b000)=0x8000201) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000928000-0x28)={@generic="60dcbcd18c7fdaf73dddacf950e344ba", @ifru_map={0x2951, 0x0, 0x0, 0x0, 0x0, 0x0}}) r4 = socket$netlink(0x10, 0x3, 0x0) writev(r4, &(0x7f0000406000)=[{&(0x7f000043c000-0x39)="390000001300094700bb61e1c3e800000700000001000000000000000000800019001a000000000006280ff4000000fd17e9ff800000f60005", 0x39}], 0x1) syz_open_pts(r3, 0x103) 2018/01/15 06:45:12 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) unshare(0x8000000) semget(0x0, 0xa, 0xfffffffffffffffe) r0 = syz_open_procfs(0x0, &(0x7f000073a000)='setgroups\x00') perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x40000000df, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x7, r0, 0x0) semtimedop(0x0, &(0x7f000000c000)=[{0x0, 0x6c, 0x1800}, {0x0, 0x7fffffff, 0x0}], 0x2, &(0x7f0000006000-0x10)={0x0, 0x0}) unshare(0xc000000) 2018/01/15 06:45:12 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = gettid() ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000b8f000-0x20)={@generic="77b14ead82b75aa6994439732da6f654", @ifru_flags=0xb36b09b978960a4c}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000029000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r3, 0x5452, &(0x7f0000b38000)=0x3c) fcntl$setsig(r3, 0xa, 0x12) poll(&(0x7f0000d2b000)=[{r4, 0x0, 0x0}], 0x1, 0xfffffffffffffff8) r5 = dup2(r3, r4) fcntl$setown(r5, 0x8, r2) syz_open_dev$dspn(&(0x7f00005e9000)='/dev/dsp#\x00', 0x200, 0x80000) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r5, 0x84, 0x8, &(0x7f00007d8000)=0x0, &(0x7f0000de7000-0x4)=0x4) openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000ab5000-0x16)='/selinux/checkreqprot\x00', 0x0, 0x0) tkill(r2, 0x16) writev(r0, &(0x7f0000eb5000-0x10)=[{&(0x7f0000a43000-0x39)="3900000010000938c5bb61e119050921071c005e02000500ed0001078000801419001a0004000a00f00c00da000608c30300800000011e3ab2", 0x39}], 0x1) 2018/01/15 06:45:12 executing program 2: ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000b9b000-0x4)=0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(r0, &(0x7f0000000000)="6e65782f666901000000000008b1ee19c315486baf3beb6821e30730d90944d5724dd9c1222775d24fbd4de97de2771756cf57bea913a4b8a13d56a3991eb2f09f63ecbc0ede") mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000002000-0x110)={{0x5, 0x4, 0x8, 0x6, "e372cc48df946f89db01469eeb11600b4cc3b66f01862d7f8e436bb8dce915cba64e85a27788a24409e2e2fc", 0x8000}, 0x0, 0x0, 0x9, r0, 0x10001, 0x20000000, "dd3b5c29a8ea8a45c41a7271bb2ab0db6808eae20bb7d064baa78157a4c00fc1bedaafc03817f0fa7a1445fd7b1454539250c00dcf21d84f584a7da836ef223c", &(0x7f0000000000)='cpusetvboxnet1\x00', 0xf, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0x4, 0x1f, 0x3, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) ioctl$DRM_IOCTL_ADD_CTX(r1, 0xc0086420, &(0x7f0000000000)={0x0, 0x0}) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_SWITCH_CTX(r1, 0x40086424, &(0x7f0000002000)={r2, 0x2}) getsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000000)=0x0, &(0x7f0000632000-0x4)=0x4) 2018/01/15 06:45:12 executing program 3: mmap(&(0x7f0000000000/0xb21000)=nil, 0xb21000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) mmap(&(0x7f0000b21000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$audion(&(0x7f0000b22000-0xc)='/dev/audio#\x00', 0x8, 0x2a4002) connect$nfc_llcp(r1, &(0x7f0000321000-0x60)={0x27, 0x2, 0x400, 0x3, 0xffffffffffffffe1, 0x4, "cbbf53c1ce6c5860d11488de889c6c98821994df950654cfddb5fa295d3d87586a872df33c04c8e15d10e99d513ca284c6509f9a0f7211d36e5cf2f9303f73", 0x1c0}, 0x60) unshare(0x20100) mmap(&(0x7f0000b22000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) connect$netlink(r1, &(0x7f0000b23000-0xc)=@proc={0x10, 0x0, 0x3, 0x0}, 0xc) sendto$inet(r0, &(0x7f0000107000)="32000000180025ffff0700a20d0914040a01008000000002000000001600070009006e10ffffffffffff81eea4d40456d718", 0x32, 0x0, 0x0, 0x0) mmap(&(0x7f0000b23000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000b23000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000b23000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r2 = add_key(&(0x7f00002f4000-0x5)='ceph\x00', &(0x7f0000b23000)={0x73, 0x79, 0x7a, 0x3, 0x0}, &(0x7f0000420000)="c02ab34fc2232ef05321b1a8ddd1d6fa5d", 0x11, 0xffffffffffffffff) mmap(&(0x7f0000b23000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000b23000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000b24000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000b24000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000b25000-0x4)=0x0) perf_event_open(&(0x7f0000b24000)={0x0, 0x78, 0x0, 0x7, 0x4, 0x3, 0x0, 0x5, 0x60190, 0x0, 0x24, 0x0, 0x1, 0x1, 0x3, 0x10001, 0xfb1, 0x7, 0x2, 0x7fff, 0x728, 0x4, 0x7, 0x1, 0x817b3d5, 0x401, 0xd6b, 0x9, 0x0, 0x7, 0x9, 0x8ade, 0x1, 0x7, 0x9ce0, 0x10000, 0x10001, 0xfff, 0x0, 0x101, 0x0, @perf_config_ext={0x0, 0x6}, 0x20000, 0x9, 0x1, 0x7, 0x7d29, 0x4, 0x2, 0x0}, r3, 0xc658, r1, 0x0) mmap(&(0x7f0000b23000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r4 = request_key(&(0x7f0000b23000)='rxrpc\x00', &(0x7f0000b24000-0x5)={0x73, 0x79, 0x7a, 0x2, 0x0}, &(0x7f0000b23000)='@\x00', 0xfffffffffffffffd) keyctl$link(0x8, r2, r4) 2018/01/15 06:45:12 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000aae000)='/dev/mixer\x00', 0x400, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_mreqn(r0, 0x0, 0x0, &(0x7f0000efb000-0xc)={@multicast2=0x0, @broadcast=0x0, 0x0}, &(0x7f00004e6000-0x4)=0xc) sendmsg$nl_xfrm(r1, &(0x7f0000004000)={&(0x7f0000770000)={0x10, 0x0, 0x0, 0x0}, 0xc, &(0x7f0000005000-0x10)={&(0x7f00007b5000-0x150)=@newsa={0x144, 0x10, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, {{@in6=@local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0xaa}, @in6=@loopback={0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {@in6=@ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0xff, 0xff], @loopback=0x7f000001}, 0x2, 0x33}, @in=@multicast2=0xe0000002, {0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0}, 0xffffffffffffffff, 0xffffffffffffffff, 0x10000000000a, 0x0, 0x0, 0x0}, [@offload={0xc, 0x1c, {r2, 0x3}}, @algo_auth={0x48, 0x1, {{'digest_null\x00'}, 0x0, ""}}]}, 0x144}, 0x1, 0x0, 0x0, 0x0}, 0x0) 2018/01/15 06:45:12 executing program 2: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_udp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)=0x0) r0 = socket$inet(0x2, 0x80003, 0x2) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x200, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) execveat(r1, &(0x7f0000001000)='./file0\x00', &(0x7f0000002000-0x20)=[&(0x7f0000002000-0x1)='\x00', &(0x7f0000002000-0x2)='%\x00', &(0x7f0000000000)='wlan0\x00', &(0x7f0000001000-0x7)="237b1247504c00"], &(0x7f0000000000)=[&(0x7f0000000000)='bdev%vmnet1(%vboxnet0.}@{ppp0\x00', &(0x7f0000002000-0xc)='GPLsecurity\x00'], 0x0) setsockopt$inet_int(r0, 0x0, 0x8000000d1, &(0x7f0000322000)=0x0, 0x1) 2018/01/15 06:45:12 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) munlockall() mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000003000-0xc)='/dev/rfkill\x00', 0x101000, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0, 0x0}, &(0x7f0000003000-0x4)=0x8) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) openat$selinux_load(0xffffffffffffff9c, &(0x7f0000012000)='/selinux/load\x00', 0x2, 0x0) symlink(&(0x7f0000012000)='./file0\x00', &(0x7f0000001000)='./file0\x00') mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x2, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000b26000)="", &(0x7f0000eaa000-0x4)=0x0, &(0x7f0000bf3000-0x4)=0x0, &(0x7f00003b9000-0xcd)="") ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa02, &(0x7f00000c1000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) [ 38.045130] audit: type=1400 audit(1515998712.953:13): avc: denied { net_raw } for pid=4843 comm="syz-executor2" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 38.080099] [ 38.080111] ============================= [ 38.080113] WARNING: suspicious RCU usage [ 38.080121] 4.15.0-rc7+ #262 Not tainted [ 38.080124] ----------------------------- [ 38.080131] ./include/linux/rcupdate.h:302 Illegal context switch in RCU read-side critical section! [ 38.080133] [ 38.080133] other info that might help us debug this: [ 38.080133] [ 38.080139] [ 38.080139] rcu_scheduler_active = 2, debug_locks = 1 [ 38.080146] 2 locks held by syz-executor0/4844: [ 38.080149] #0: (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: [<00000000b32bcaa8>] xfrm_netlink_rcv+0x60/0x90 [ 38.080179] #1: (rcu_read_lock){....}, at: [<0000000040e8dc35>] xfrm_state_get_afinfo+0x62/0x280 [ 38.080208] [ 38.080208] stack backtrace: [ 38.080215] CPU: 1 PID: 4844 Comm: syz-executor0 Not tainted 4.15.0-rc7+ #262 [ 38.080221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.080224] Call Trace: [ 38.080238] dump_stack+0x194/0x257 [ 38.080256] ? arch_local_irq_restore+0x53/0x53 [ 38.080292] lockdep_rcu_suspicious+0x123/0x170 [ 38.080308] ___might_sleep+0x385/0x470 [ 38.080320] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 38.080331] ? format_decode+0x10a/0x830 [ 38.080357] __might_sleep+0x95/0x190 [ 38.080376] kmem_cache_alloc_trace+0x298/0x750 [ 38.080409] __request_module+0x2e1/0xc20 [ 38.080415] ? check_noncircular+0x20/0x20 [ 38.080428] ? __xfrm_init_state+0xa61/0xdd0 [ 38.080441] ? free_modprobe_argv+0xa0/0xa0 [ 38.080458] ? trace_event_raw_event_lock+0x340/0x340 [ 38.080475] ? check_noncircular+0x20/0x20 [ 38.080482] ? lock_acquire+0x1d5/0x580 [ 38.080500] ? find_held_lock+0x35/0x1d0 [ 38.080510] ? check_noncircular+0x20/0x20 [ 38.080533] ? lock_acquire+0x1d5/0x580 [ 38.080540] ? lock_acquire+0x1d5/0x580 [ 38.080549] ? xfrm_state_get_afinfo+0x62/0x280 [ 38.080583] ? __lock_is_held+0xb6/0x140 [ 38.080613] ? rcu_read_lock_held+0xa9/0xc0 [ 38.080623] ? xfrm_state_get_afinfo+0x138/0x280 [ 38.080634] ? xfrm_state_find+0x3210/0x3210 [ 38.080663] __xfrm_init_state+0xa61/0xdd0 [ 38.080690] ? xfrm_get_mode.part.29+0x260/0x260 [ 38.080698] ? xfrm_find_algo+0x1c4/0x270 [ 38.080716] ? xfrm_add_sa+0x11e1/0x33e0 [ 38.080735] xfrm_add_sa+0x1a09/0x33e0 [ 38.080765] ? xfrm_send_state_notify+0x1c50/0x1c50 [ 38.080777] ? nla_parse+0x29a/0x3d0 [ 38.080794] ? nla_validate+0x1c0/0x1c0 [ 38.080811] ? __netlink_ns_capable+0xe1/0x120 [ 38.080825] ? xfrm_send_state_notify+0x1c50/0x1c50 [ 38.080834] xfrm_user_rcv_msg+0x422/0x860 [ 38.080843] ? xfrm_user_rcv_msg+0x422/0x860 [ 38.080861] ? xfrm_dump_sa_done+0xe0/0xe0 [ 38.080880] ? netlink_deliver_tap+0x148/0xcf0 [ 38.080893] ? lock_downgrade+0x980/0x980 [ 38.080954] ? netlink_deliver_tap+0x171/0xcf0 [ 38.080980] netlink_rcv_skb+0x224/0x470 [ 38.080990] ? xfrm_dump_sa_done+0xe0/0xe0 [ 38.081007] ? netlink_ack+0xa10/0xa10 [ 38.081030] ? netlink_skb_destructor+0x1d0/0x1d0 [ 38.081057] xfrm_netlink_rcv+0x6f/0x90 [ 38.081069] netlink_unicast+0x4ee/0x700 [ 38.081092] ? netlink_attachskb+0x8a0/0x8a0 [ 38.081113] ? security_netlink_send+0x81/0xb0 [ 38.081129] netlink_sendmsg+0xa4a/0xe60 [ 38.081153] ? netlink_unicast+0x700/0x700 [ 38.081171] ? security_socket_sendmsg+0x89/0xb0 [ 38.081180] ? netlink_unicast+0x700/0x700 [ 38.081195] sock_sendmsg+0xca/0x110 [ 38.081216] ___sys_sendmsg+0x767/0x8b0 [ 38.081237] ? copy_msghdr_from_user+0x590/0x590 [ 38.081265] ? lock_downgrade+0x980/0x980 [ 38.081291] ? __fget_light+0x297/0x380 [ 38.081303] ? fget_raw+0x20/0x20 [ 38.081317] ? schedule+0xf5/0x430 [ 38.081333] ? __fget_light+0x297/0x380 [ 38.081346] ? fget_raw+0x20/0x20 [ 38.081355] ? __schedule+0x2060/0x2060 [ 38.081378] ? __fdget+0x18/0x20 [ 38.081397] __sys_sendmsg+0xe5/0x210 [ 38.081403] ? __sys_sendmsg+0xe5/0x210 [ 38.081416] ? SyS_shutdown+0x290/0x290 [ 38.081470] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 38.081491] SyS_sendmsg+0x2d/0x50 [ 38.081506] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 38.081512] RIP: 0033:0x452cf9 [ 38.081517] RSP: 002b:00007ff2c8913c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e [ 38.081526] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452cf9 [ 38.081530] RDX: 0000000000000000 RSI: 0000000020004000 RDI: 0000000000000014 [ 38.081534] RBP: 00000000000000ec R08: 0000000000000000 R09: 0000000000000000 [ 38.081539] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006ef6c0 [ 38.081543] R13: 00000000ffffffff R14: 00007ff2c89146d4 R15: 0000000000000000 [ 38.081685] BUG: sleeping function called from invalid context at mm/slab.h:419 [ 38.081690] in_atomic(): 1, irqs_disabled(): 0, pid: 4844, name: syz-executor0 [ 38.081695] 2 locks held by syz-executor0/4844: [ 38.081698] #0: (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: [<00000000b32bcaa8>] xfrm_netlink_rcv+0x60/0x90 [ 38.081716] #1: (rcu_read_lock){....}, at: [<0000000040e8dc35>] xfrm_state_get_afinfo+0x62/0x280 [ 38.081738] CPU: 1 PID: 4844 Comm: syz-executor0 Not tainted 4.15.0-rc7+ #262 [ 38.081743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.081745] Call Trace: [ 38.081755] dump_stack+0x194/0x257 [ 38.081770] ? arch_local_irq_restore+0x53/0x53 [ 38.081779] ? print_lock+0x9f/0xa2 [ 38.081789] ? lockdep_print_held_locks+0xc4/0x130 [ 38.081811] ___might_sleep+0x2b2/0x470 [ 38.081821] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 38.081832] ? format_decode+0x10a/0x830 [ 38.081855] __might_sleep+0x95/0x190 [ 38.081873] kmem_cache_alloc_trace+0x298/0x750 [ 38.081906] __request_module+0x2e1/0xc20 [ 38.081913] ? check_noncircular+0x20/0x20 [ 38.081925] ? __xfrm_init_state+0xa61/0xdd0 [ 38.081937] ? free_modprobe_argv+0xa0/0xa0 [ 38.081955] ? trace_event_raw_event_lock+0x340/0x340 [ 38.081975] ? check_noncircular+0x20/0x20 [ 38.081983] ? lock_acquire+0x1d5/0x580 [ 38.082006] ? find_held_lock+0x35/0x1d0 [ 38.082017] ? check_noncircular+0x20/0x20 [ 38.082041] ? lock_acquire+0x1d5/0x580 [ 38.082049] ? lock_acquire+0x1d5/0x580 [ 38.082058] ? xfrm_state_get_afinfo+0x62/0x280 [ 38.082092] ? __lock_is_held+0xb6/0x140 [ 38.082125] ? rcu_read_lock_held+0xa9/0xc0 [ 38.082135] ? xfrm_state_get_afinfo+0x138/0x280 [ 38.082146] ? xfrm_state_find+0x3210/0x3210 [ 38.082177] __xfrm_init_state+0xa61/0xdd0 [ 38.082206] ? xfrm_get_mode.part.29+0x260/0x260 [ 38.082212] ? xfrm_find_algo+0x1c4/0x270 [ 38.082225] ? xfrm_add_sa+0x11e1/0x33e0 [ 38.082243] xfrm_add_sa+0x1a09/0x33e0 [ 38.082269] ? xfrm_send_state_notify+0x1c50/0x1c50 [ 38.082278] ? nla_parse+0x29a/0x3d0 [ 38.082291] ? nla_validate+0x1c0/0x1c0 [ 38.082304] ? __netlink_ns_capable+0xe1/0x120 [ 38.082315] ? xfrm_send_state_notify+0x1c50/0x1c50 [ 38.082322] xfrm_user_rcv_msg+0x422/0x860 [ 38.082329] ? xfrm_user_rcv_msg+0x422/0x860 [ 38.082345] ? xfrm_dump_sa_done+0xe0/0xe0 [ 38.082360] ? netlink_deliver_tap+0x148/0xcf0 [ 38.082370] ? lock_downgrade+0x980/0x980 [ 38.082423] ? netlink_deliver_tap+0x171/0xcf0 [ 38.082448] netlink_rcv_skb+0x224/0x470 [ 38.082457] ? xfrm_dump_sa_done+0xe0/0xe0 [ 38.082468] ? netlink_ack+0xa10/0xa10 [ 38.082488] ? netlink_skb_destructor+0x1d0/0x1d0 [ 38.082511] xfrm_netlink_rcv+0x6f/0x90 [ 38.082522] netlink_unicast+0x4ee/0x700 [ 38.082539] ? netlink_attachskb+0x8a0/0x8a0 [ 38.082556] ? security_netlink_send+0x81/0xb0 [ 38.082572] netlink_sendmsg+0xa4a/0xe60 [ 38.082595] ? netlink_unicast+0x700/0x700 [ 38.082612] ? security_socket_sendmsg+0x89/0xb0 [ 38.082621] ? netlink_unicast+0x700/0x700 [ 38.082635] sock_sendmsg+0xca/0x110 [ 38.082648] ___sys_sendmsg+0x767/0x8b0 [ 38.082668] ? copy_msghdr_from_user+0x590/0x590 [ 38.082694] ? lock_downgrade+0x980/0x980 [ 38.082720] ? __fget_light+0x297/0x380 [ 38.082731] ? fget_raw+0x20/0x20 [ 38.082745] ? schedule+0xf5/0x430 [ 38.082762] ? __fget_light+0x297/0x380 [ 38.082773] ? fget_raw+0x20/0x20 [ 38.082779] ? __schedule+0x2060/0x2060 [ 38.082800] ? __fdget+0x18/0x20 [ 38.082817] __sys_sendmsg+0xe5/0x210 [ 38.082823] ? __sys_sendmsg+0xe5/0x210 [ 38.082836] ? SyS_shutdown+0x290/0x290 [ 38.082891] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 38.082912] SyS_sendmsg+0x2d/0x50 [ 38.082928] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 38.082935] RIP: 0033:0x452cf9 [ 38.082940] RSP: 002b:00007ff2c8913c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e [ 38.082949] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452cf9 [ 38.082954] RDX: 0000000000000000 RSI: 0000000020004000 RDI: 0000000000000014 [ 38.082958] RBP: 00000000000000ec R08: 0000000000000000 R09: 0000000000000000 [ 38.082963] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006ef6c0 [ 38.082968] R13: 00000000ffffffff R14: 00007ff2c89146d4 R15: 0000000000000000 [ 38.083480] BUG: scheduling while atomic: syz-executor0/4844/0x00000002 [ 38.083486] 2 locks held by syz-executor0/4844: [ 38.083489] #0: (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: [<00000000b32bcaa8>] xfrm_netlink_rcv+0x60/0x90 [ 38.083513] #1: (rcu_read_lock){....}, at: [<0000000040e8dc35>] xfrm_state_get_afinfo+0x62/0x280 [ 38.083534] Modules linked in: [ 38.083541] Kernel panic - not syncing: scheduling while atomic [ 38.083541] [ 38.083548] CPU: 1 PID: 4844 Comm: syz-executor0 Tainted: G W 4.15.0-rc7+ #262 [ 38.083552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.083555] Call Trace: [ 38.083566] dump_stack+0x194/0x257 [ 38.083580] ? arch_local_irq_restore+0x53/0x53 [ 38.083593] ? print_modules+0x194/0x30b [ 38.083600] ? printk+0xaa/0xca [ 38.083612] ? vsnprintf+0x1ed/0x1900 [ 38.083630] panic+0x1e4/0x41c [ 38.083640] ? refcount_error_report+0x214/0x214 [ 38.083661] ? print_lock+0x9f/0xa2 [ 38.083687] __schedule_bug+0x11f/0x130 [ 38.083699] __schedule+0x131c/0x2060 [ 38.083707] ? trace_event_raw_event_lock+0x340/0x340 [ 38.083713] ? perf_trace_lock+0xd6/0x900 [ 38.083731] ? __sched_text_start+0x8/0x8 [ 38.083755] ? perf_trace_lock+0xd6/0x900 [ 38.083762] ? __lock_is_held+0xb6/0x140 [ 38.083781] ? trace_event_raw_event_lock+0x340/0x340 [ 38.083798] ? check_noncircular+0x20/0x20 [ 38.083816] ? check_noncircular+0x20/0x20 [ 38.083833] schedule+0xf5/0x430 [ 38.083847] ? __schedule+0x2060/0x2060 [ 38.083869] ? print_irqtrace_events+0x270/0x270 [ 38.083893] ? wait_for_completion_killable+0x3f1/0x820 [ 38.083905] ? lock_downgrade+0x980/0x980 [ 38.083920] schedule_timeout+0x1a3/0x230 [ 38.083932] ? usleep_range+0x190/0x190 [ 38.083947] ? mark_held_locks+0xaf/0x100 [ 38.083960] ? _raw_spin_unlock_irq+0x27/0x70 [ 38.083974] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 38.083994] wait_for_completion_killable+0x3f9/0x820 [ 38.084018] ? wait_for_completion_interruptible_timeout+0x820/0x820 [ 38.084035] ? __lockdep_init_map+0xe4/0x650 [ 38.084051] ? mark_held_locks+0xaf/0x100 [ 38.084066] ? wake_up_q+0xe0/0xe0 [ 38.084076] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 38.084088] ? trace_hardirqs_on+0xd/0x10 [ 38.084096] ? queue_work_on+0x106/0x1c0 [ 38.084113] call_usermodehelper_exec+0x2c1/0x480 [ 38.084123] ? usermodehelper_read_lock_wait+0x230/0x230 [ 38.084131] ? dec_ucount+0x1e0/0x1e0 [ 38.084160] ? memcpy+0x45/0x50 [ 38.084183] __request_module+0x41a/0xc20 [ 38.084190] ? check_noncircular+0x20/0x20 [ 38.084209] ? __xfrm_init_state+0xa61/0xdd0 [ 38.084222] ? free_modprobe_argv+0xa0/0xa0 [ 38.084241] ? trace_event_raw_event_lock+0x340/0x340 [ 38.084259] ? check_noncircular+0x20/0x20 [ 38.084265] ? lock_acquire+0x1d5/0x580 [ 38.084283] ? find_held_lock+0x35/0x1d0 [ 38.084294] ? check_noncircular+0x20/0x20 [ 38.084318] ? lock_acquire+0x1d5/0x580 [ 38.084326] ? lock_acquire+0x1d5/0x580 [ 38.084336] ? xfrm_state_get_afinfo+0x62/0x280 [ 38.084372] ? __lock_is_held+0xb6/0x140 [ 38.084405] ? rcu_read_lock_held+0xa9/0xc0 [ 38.084414] ? xfrm_state_get_afinfo+0x138/0x280 [ 38.084425] ? xfrm_state_find+0x3210/0x3210 [ 38.084456] __xfrm_init_state+0xa61/0xdd0 [ 38.084481] ? xfrm_get_mode.part.29+0x260/0x260 [ 38.084487] ? xfrm_find_algo+0x1c4/0x270 [ 38.084503] ? xfrm_add_sa+0x11e1/0x33e0 [ 38.084523] xfrm_add_sa+0x1a09/0x33e0 [ 38.084557] ? xfrm_send_state_notify+0x1c50/0x1c50 [ 38.084566] ? nla_parse+0x29a/0x3d0 [ 38.084579] ? nla_validate+0x1c0/0x1c0 [ 38.084592] ? __netlink_ns_capable+0xe1/0x120 [ 38.084602] ? xfrm_send_state_notify+0x1c50/0x1c50 [ 38.084610] xfrm_user_rcv_msg+0x422/0x860 [ 38.084617] ? xfrm_user_rcv_msg+0x422/0x860 [ 38.084631] ? xfrm_dump_sa_done+0xe0/0xe0 [ 38.084650] ? netlink_deliver_tap+0x148/0xcf0 [ 38.084660] ? lock_downgrade+0x980/0x980 [ 38.084711] ? netlink_deliver_tap+0x171/0xcf0 [ 38.084734] netlink_rcv_skb+0x224/0x470 [ 38.084743] ? xfrm_dump_sa_done+0xe0/0xe0 [ 38.084754] ? netlink_ack+0xa10/0xa10 [ 38.084771] ? netlink_skb_destructor+0x1d0/0x1d0 [ 38.084795] xfrm_netlink_rcv+0x6f/0x90 [ 38.084806] netlink_unicast+0x4ee/0x700 [ 38.084827] ? netlink_attachskb+0x8a0/0x8a0 [ 38.084848] ? security_netlink_send+0x81/0xb0 [ 38.084863] netlink_sendmsg+0xa4a/0xe60 [ 38.084887] ? netlink_unicast+0x700/0x700 [ 38.084904] ? security_socket_sendmsg+0x89/0xb0 [ 38.084914] ? netlink_unicast+0x700/0x700 [ 38.084927] sock_sendmsg+0xca/0x110 [ 38.084942] ___sys_sendmsg+0x767/0x8b0 [ 38.084961] ? copy_msghdr_from_user+0x590/0x590 [ 38.084989] ? lock_downgrade+0x980/0x980 [ 38.085017] ? __fget_light+0x297/0x380 [ 38.085029] ? fget_raw+0x20/0x20 [ 38.085043] ? schedule+0xf5/0x430 [ 38.085062] ? __fget_light+0x297/0x380 [ 38.085074] ? fget_raw+0x20/0x20 [ 38.085080] ? __schedule+0x2060/0x2060 [ 38.085106] ? __fdget+0x18/0x20 [ 38.085126] __sys_sendmsg+0xe5/0x210 [ 38.085133] ? __sys_sendmsg+0xe5/0x210 [ 38.085145] ? SyS_shutdown+0x290/0x290 [ 38.085206] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 38.085228] SyS_sendmsg+0x2d/0x50 [ 38.085244] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 38.085250] RIP: 0033:0x452cf9 [ 38.085255] RSP: 002b:00007ff2c8913c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e [ 38.085264] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452cf9 [ 38.085269] RDX: 0000000000000000 RSI: 0000000020004000 RDI: 0000000000000014 [ 38.085273] RBP: 00000000000000ec R08: 0000000000000000 R09: 0000000000000000 [ 38.085277] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006ef6c0 [ 38.085282] R13: 00000000ffffffff R14: 00007ff2c89146d4 R15: 0000000000000000 [ 38.086149] Dumping ftrace buffer: [ 38.086180] (ftrace buffer empty) [ 38.086182] Kernel Offset: disabled [ 39.478080] Rebooting in 86400 seconds..