[....] Starting enhanced syslogd: rsyslogd[ 12.744397] audit: type=1400 audit(1515613873.568:5): avc: denied { syslog } for pid=3340 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.848127] audit: type=1400 audit(1515613880.671:6): avc: denied { map } for pid=3480 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.7' (ECDSA) to the list of known hosts. [ 974.882672] audit: type=1400 audit(1515614835.706:7): avc: denied { map } for pid=3497 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/01/10 20:07:15 parsed 1 programs 2018/01/10 20:07:15 executed programs: 0 [ 975.010609] audit: type=1400 audit(1515614835.834:8): avc: denied { map } for pid=3497 comm="syz-execprog" path="/root/syzkaller-shm052124909" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 975.037531] audit: type=1400 audit(1515614835.860:9): avc: denied { sys_admin } for pid=3502 comm="syz-executor4" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 975.218374] audit: type=1400 audit(1515614836.042:10): avc: denied { sys_chroot } for pid=3509 comm="syz-executor3" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 result: failed=false hanged=false err=executor 1: not serving 2018/01/10 20:09:14 executed programs: 8 result: failed=false hanged=false err=executor 2: not serving result: failed=false hanged=false err=executor 5: not serving result: failed=false hanged=false err=executor 7: not serving result: failed=false hanged=false err=executor 0: not serving result: failed=false hanged=false err=executor 6: not serving result: failed=false hanged=false err=executor 4: not serving 2018/01/10 20:09:25 executed programs: 14 [ 1106.911109] INFO: task syz-executor3:3522 blocked for more than 120 seconds. [ 1106.918402] Not tainted 4.15.0-rc7+ #256 [ 1106.922994] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1106.930963] syz-executor3 D24272 3522 3509 0x00000004 [ 1106.936656] Call Trace: [ 1106.939292] __schedule+0x8eb/0x2060 [ 1106.943043] ? __sched_text_start+0x8/0x8 [ 1106.947224] ? check_noncircular+0x20/0x20 [ 1106.951465] ? check_noncircular+0x20/0x20 [ 1106.955737] ? find_held_lock+0x35/0x1d0 [ 1106.959823] schedule+0xf5/0x430 [ 1106.963216] ? __mutex_lock+0xaa8/0x1a80 [ 1106.967284] ? __schedule+0x2060/0x2060 [ 1106.971265] ? lock_release+0xa40/0xa40 [ 1106.975276] ? memset+0x31/0x40 [ 1106.978561] ? do_raw_spin_trylock+0x190/0x190 [ 1106.983145] ? debug_mutex_free_waiter+0x1b0/0x1b0 [ 1106.988072] ? mutex_destroy+0x1d0/0x1d0 [ 1106.992149] schedule_preempt_disabled+0x10/0x20 [ 1106.996905] __mutex_lock+0xaad/0x1a80 [ 1107.000799] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 1107.006053] ? snd_pcm_oss_write+0x22d/0x830 [ 1107.010494] ? mutex_lock_io_nested+0x1900/0x1900 [ 1107.015344] ? drop_futex_key_refs.isra.12+0x63/0xb0 [ 1107.020450] ? futex_wait+0x6a9/0x9a0 [ 1107.024269] ? futex_wait_setup+0x3d0/0x3d0 [ 1107.028600] ? hash_futex+0x15/0x210 [ 1107.032316] ? check_noncircular+0x20/0x20 [ 1107.036554] ? check_noncircular+0x20/0x20 [ 1107.040812] ? get_futex_key+0x1d50/0x1d50 [ 1107.045070] ? find_held_lock+0x35/0x1d0 [ 1107.049168] ? __check_object_size+0x25d/0x4f0 [ 1107.053754] ? rcu_note_context_switch+0x710/0x710 [ 1107.058695] mutex_lock_nested+0x16/0x20 [ 1107.062755] ? mutex_lock_nested+0x16/0x20 [ 1107.066996] snd_pcm_oss_write+0x22d/0x830 [ 1107.071236] ? _cond_resched+0x14/0x30 [ 1107.075128] ? __inode_security_revalidate+0xd9/0x130 [ 1107.080326] ? selinux_file_permission+0x82/0x460 [ 1107.085178] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 1107.090037] ? security_file_permission+0x89/0x1e0 [ 1107.094978] ? rw_verify_area+0xe5/0x2b0 [ 1107.099048] do_iter_write+0x3ca/0x540 [ 1107.102937] ? dup_iter+0x260/0x260 [ 1107.106584] vfs_writev+0x18a/0x340 [ 1107.110214] ? __fget_light+0x297/0x380 [ 1107.114198] ? vfs_iter_write+0xb0/0xb0 [ 1107.118179] ? get_unused_fd_flags+0x190/0x190 [ 1107.122765] ? may_open_dev+0xe0/0xe0 [ 1107.126582] ? rcu_pm_notify+0xc0/0xc0 [ 1107.130488] ? putname+0xee/0x130 [ 1107.133942] ? __fdget_raw+0x20/0x20 [ 1107.137659] ? kmem_cache_free+0x267/0x2a0 [ 1107.141908] do_writev+0xfc/0x2a0 [ 1107.145363] ? do_writev+0xfc/0x2a0 [ 1107.148999] ? vfs_writev+0x340/0x340 [ 1107.152872] ? entry_SYSCALL_64_fastpath+0x5/0x9a [ 1107.157724] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 1107.162754] SyS_writev+0x27/0x30 [ 1107.166216] entry_SYSCALL_64_fastpath+0x23/0x9a [ 1107.170997] RIP: 0033:0x452ac9 [ 1107.174195] RSP: 002b:00007f71e06cbc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000014 [ 1107.181909] RAX: ffffffffffffffda RBX: 000000000071bf58 RCX: 0000000000452ac9 [ 1107.189178] RDX: 0000000000000005 RSI: 0000000020d30fb0 RDI: 0000000000000000 [ 1107.196450] RBP: 00000000000003aa R08: 0000000000000000 R09: 0000000000000000 [ 1107.203720] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f3890 [ 1107.210991] R13: 00000000ffffffff R14: 00007f71e06cc6d4 R15: 0000000000000000 [ 1107.218292] [ 1107.218292] Showing all locks held in the system: [ 1107.224621] 3 locks held by kworker/u4:1/21: [ 1107.229046] #0: ((wq_completion)"%s""netns"){+.+.}, at: [<000000009d8b7ab1>] process_one_work+0xaaf/0x1b10 [ 1107.239042] #1: (net_cleanup_work){+.+.}, at: [<0000000057b0e500>] process_one_work+0xb01/0x1b10 [ 1107.248159] #2: (net_mutex){+.+.}, at: [<00000000272d2639>] cleanup_net+0x247/0xb50 [ 1107.256184] 2 locks held by khungtaskd/738: [ 1107.260501] #0: (rcu_read_lock){....}, at: [<00000000d3caa368>] watchdog+0x1c5/0xd60 [ 1107.268574] #1: (tasklist_lock){.+.+}, at: [<00000000ad265c79>] debug_show_all_locks+0xd3/0x400 [ 1107.277619] 2 locks held by getty/3465: [ 1107.281587] #0: (&tty->ldisc_sem){++++}, at: [<000000000cbb9a4f>] ldsem_down_read+0x37/0x40 [ 1107.290268] #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000751be7e4>] n_tty_read+0x2ef/0x1a00 [ 1107.299560] 2 locks held by getty/3466: [ 1107.303532] #0: (&tty->ldisc_sem){++++}, at: [<000000000cbb9a4f>] ldsem_down_read+0x37/0x40 [ 1107.312216] #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000751be7e4>] n_tty_read+0x2ef/0x1a00 [ 1107.321506] 2 locks held by getty/3467: [ 1107.325478] #0: (&tty->ldisc_sem){++++}, at: [<000000000cbb9a4f>] ldsem_down_read+0x37/0x40 [ 1107.334161] #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000751be7e4>] n_tty_read+0x2ef/0x1a00 [ 1107.343457] 2 locks held by getty/3468: [ 1107.347426] #0: (&tty->ldisc_sem){++++}, at: [<000000000cbb9a4f>] ldsem_down_read+0x37/0x40 [ 1107.356108] #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000751be7e4>] n_tty_read+0x2ef/0x1a00 [ 1107.365417] 2 locks held by getty/3469: [ 1107.369397] #0: (&tty->ldisc_sem){++++}, at: [<000000000cbb9a4f>] ldsem_down_read+0x37/0x40 [ 1107.378076] #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000751be7e4>] n_tty_read+0x2ef/0x1a00 [ 1107.387367] 2 locks held by getty/3470: [ 1107.391338] #0: (&tty->ldisc_sem){++++}, at: [<000000000cbb9a4f>] ldsem_down_read+0x37/0x40 [ 1107.400034] #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000751be7e4>] n_tty_read+0x2ef/0x1a00 [ 1107.409326] 2 locks held by getty/3471: [ 1107.413297] #0: (&tty->ldisc_sem){++++}, at: [<000000000cbb9a4f>] ldsem_down_read+0x37/0x40 [ 1107.421978] #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000751be7e4>] n_tty_read+0x2ef/0x1a00 [ 1107.431307] 1 lock held by syz-executor3/3522: [ 1107.435888] #0: (&runtime->oss.params_lock){+.+.}, at: [<00000000b64538d3>] snd_pcm_oss_write+0x22d/0x830 [ 1107.445789] 1 lock held by syz-executor1/3534: [ 1107.450368] #0: (net_mutex){+.+.}, at: [<00000000a3f02c40>] copy_net_ns+0x239/0x580 [ 1107.458358] 1 lock held by syz-executor2/3536: [ 1107.462933] #0: (net_mutex){+.+.}, at: [<00000000a3f02c40>] copy_net_ns+0x239/0x580 [ 1107.470921] 1 lock held by syz-executor7/3538: [ 1107.475498] #0: (net_mutex){+.+.}, at: [<00000000a3f02c40>] copy_net_ns+0x239/0x580 [ 1107.483493] 1 lock held by syz-executor0/3540: [ 1107.488072] #0: (net_mutex){+.+.}, at: [<00000000a3f02c40>] copy_net_ns+0x239/0x580 [ 1107.496064] 1 lock held by syz-executor5/3542: [ 1107.500646] #0: (net_mutex){+.+.}, at: [<00000000a3f02c40>] copy_net_ns+0x239/0x580 [ 1107.508635] 1 lock held by syz-executor6/3543: [ 1107.513214] #0: (net_mutex){+.+.}, at: [<00000000a3f02c40>] copy_net_ns+0x239/0x580 [ 1107.521203] 1 lock held by syz-executor4/3545: [ 1107.525778] #0: (net_mutex){+.+.}, at: [<00000000a3f02c40>] copy_net_ns+0x239/0x580 [ 1107.533766] [ 1107.535391] ============================================= [ 1107.535391] [ 1107.542404] NMI backtrace for cpu 1 [ 1107.546032] CPU: 1 PID: 738 Comm: khungtaskd Not tainted 4.15.0-rc7+ #256 [ 1107.552935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1107.562264] Call Trace: [ 1107.564893] dump_stack+0x194/0x257 [ 1107.568505] ? arch_local_irq_restore+0x53/0x53 [ 1107.573152] ? debug_show_all_locks+0x2f4/0x400 [ 1107.577809] ? nmi_cpu_backtrace+0x1be/0x210 [ 1107.582200] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 1107.586674] nmi_cpu_backtrace+0x1d2/0x210 [ 1107.590894] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 1107.595365] nmi_trigger_cpumask_backtrace+0x122/0x180 [ 1107.600627] arch_trigger_cpumask_backtrace+0x14/0x20 [ 1107.605796] watchdog+0x90c/0xd60 [ 1107.609245] ? reset_hung_task_detector+0xa0/0xa0 [ 1107.614066] ? complete+0x62/0x80 [ 1107.617512] ? __schedule+0x2060/0x2060 [ 1107.621464] ? do_wait_intr_irq+0x3e0/0x3e0 [ 1107.625762] ? __lockdep_init_map+0xe4/0x650 [ 1107.630153] ? do_raw_spin_trylock+0x190/0x190 [ 1107.634713] ? lockdep_init_map+0x9/0x10 [ 1107.638753] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 1107.643838] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 1107.648834] ? trace_hardirqs_on+0xd/0x10 [ 1107.652962] ? __kthread_parkme+0x175/0x240 [ 1107.657266] kthread+0x33c/0x400 [ 1107.660609] ? reset_hung_task_detector+0xa0/0xa0 [ 1107.665424] ? kthread_stop+0x7a0/0x7a0 [ 1107.669380] ret_from_fork+0x24/0x30 [ 1107.673137] Sending NMI from CPU 1 to CPUs 0: [ 1107.677640] NMI backtrace for cpu 0 [ 1107.677649] CPU: 0 PID: 3521 Comm: syz-executor3 Not tainted 4.15.0-rc7+ #256 [ 1107.677652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1107.677659] RIP: 0010:memcpy_erms+0x8/0x10 [ 1107.677661] RSP: 0018:ffff8801bfa1f7b0 EFLAGS: 00000246 [ 1107.677666] RAX: ffffc900017899ec RBX: 0000000000000002 RCX: 0000000000000000 [ 1107.677669] RDX: 0000000000000002 RSI: ffff8801bfa1f8a2 RDI: ffffc900017899ee [ 1107.677672] RBP: ffff8801bfa1f7d0 R08: fffff520002f133e R09: fffff520002f133e [ 1107.677674] R10: 0000000000000001 R11: fffff520002f133d R12: ffffc900017899ec [ 1107.677677] R13: ffff8801bfa1f8a0 R14: dffffc0000000000 R15: ffffc900017899ec [ 1107.677681] FS: 00007f71e06ed700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 [ 1107.677684] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1107.677687] CR2: 0000000020e1e000 CR3: 00000001c1252005 CR4: 00000000001606f0 [ 1107.677691] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1107.677694] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1107.677695] Call Trace: [ 1107.677701] ? memcpy+0x45/0x50 [ 1107.677708] mulaw_decode+0x52f/0x770 [ 1107.677717] ? snd_pcm_plugin_build_linear+0x8a0/0x8a0 [ 1107.677722] ? snd_pcm_plugin_client_channels+0x17/0x80 [ 1107.677726] ? io_src_channels+0x10a/0x210 [ 1107.677732] mulaw_transfer+0x222/0x270 [ 1107.677736] ? lock_release+0xa40/0xa40 [ 1107.677740] ? mulaw_encode+0x7c0/0x7c0 [ 1107.677745] snd_pcm_plug_write_transfer+0x22d/0x420 [ 1107.677752] ? snd_pcm_plug_client_channels_buf+0x3f0/0x3f0 [ 1107.677758] ? snd_pcm_format_physical_width+0x5b/0x70 [ 1107.677762] ? snd_pcm_plug_client_channels_buf+0x1db/0x3f0 [ 1107.677769] snd_pcm_oss_write2+0x260/0x420 [ 1107.677776] ? snd_pcm_oss_write3+0x1b0/0x1b0 [ 1107.677784] snd_pcm_oss_write+0x5fe/0x830 [ 1107.677787] ? _cond_resched+0x14/0x30 [ 1107.677796] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 1107.677802] ? security_file_permission+0x89/0x1e0 [ 1107.677809] ? rw_verify_area+0xe5/0x2b0 [ 1107.677815] do_iter_write+0x3ca/0x540 [ 1107.677821] ? dup_iter+0x260/0x260 [ 1107.677828] vfs_writev+0x18a/0x340 [ 1107.677834] ? __fget_light+0x297/0x380 [ 1107.677839] ? vfs_iter_write+0xb0/0xb0 [ 1107.677843] ? get_unused_fd_flags+0x190/0x190 [ 1107.677848] ? may_open_dev+0xe0/0xe0 [ 1107.677856] ? rcu_pm_notify+0xc0/0xc0 [ 1107.677862] ? exit_to_usermode_loop+0x8c/0x310 [ 1107.677870] ? putname+0xee/0x130 [ 1107.677874] ? __fdget_raw+0x20/0x20 [ 1107.677878] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 1107.677885] do_writev+0xfc/0x2a0 [ 1107.677889] ? do_writev+0xfc/0x2a0 [ 1107.677895] ? vfs_writev+0x340/0x340 [ 1107.677899] ? entry_SYSCALL_64_fastpath+0x5/0x9a [ 1107.677904] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 1107.677911] SyS_writev+0x27/0x30 [ 1107.677916] entry_SYSCALL_64_fastpath+0x23/0x9a [ 1107.677919] RIP: 0033:0x452ac9 [ 1107.677922] RSP: 002b:00007f71e06ecc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000014 [ 1107.677926] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ac9 [ 1107.677928] RDX: 0000000000000005 RSI: 0000000020d30fb0 RDI: 0000000000000000 [ 1107.677930] RBP: 00000000000003cf R08: 0000000000000000 R09: 0000000000000000 [ 1107.677933] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f3c08 [ 1107.677935] R13: 00000000ffffffff R14: 00007f71e06ed6d4 R15: 0000000000000000 [ 1107.677941] Code: 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 f3 a4 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe 7c [ 1107.678642] Kernel panic - not syncing: hung_task: blocked tasks [ 1107.678648] CPU: 1 PID: 738 Comm: khungtaskd Not tainted 4.15.0-rc7+ #256 [ 1107.678652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1107.678654] Call Trace: [ 1107.678662] dump_stack+0x194/0x257 [ 1107.678675] ? arch_local_irq_restore+0x53/0x53 [ 1107.678690] ? vsnprintf+0x1ed/0x1900 [ 1107.678705] panic+0x1e4/0x41c [ 1107.678713] ? refcount_error_report+0x214/0x214 [ 1107.678734] ? nmi_trigger_cpumask_backtrace+0xef/0x180 [ 1107.678750] watchdog+0x91d/0xd60 [ 1107.678774] ? reset_hung_task_detector+0xa0/0xa0 [ 1107.678783] ? complete+0x62/0x80 [ 1107.678803] ? __schedule+0x2060/0x2060 [ 1107.678809] ? do_wait_intr_irq+0x3e0/0x3e0 [ 1107.678816] ? __lockdep_init_map+0xe4/0x650 [ 1107.678826] ? do_raw_spin_trylock+0x190/0x190 [ 1107.678834] ? lockdep_init_map+0x9/0x10 [ 1107.678842] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 1107.678852] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 1107.678862] ? trace_hardirqs_on+0xd/0x10 [ 1107.678870] ? __kthread_parkme+0x175/0x240 [ 1107.678883] kthread+0x33c/0x400 [ 1107.678891] ? reset_hung_task_detector+0xa0/0xa0 [ 1107.678896] ? kthread_stop+0x7a0/0x7a0 [ 1107.678908] ret_from_fork+0x24/0x30 [ 1108.128367] Dumping ftrace buffer: [ 1108.131985] (ftrace buffer empty) [ 1108.135663] Kernel Offset: disabled [ 1108.139258] Rebooting in 86400 seconds..