[....] Starting enhanced syslogd: rsyslogd[   12.541670] audit: type=1400 audit(1514804866.128:5): avc:  denied  { syslog } for  pid=3340 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.660796] audit: type=1400 audit(1514804872.247:6): avc:  denied  { map } for  pid=3482 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.14' (ECDSA) to the list of known hosts.
executing program
[   28.182087] audit: type=1400 audit(1514804881.768:7): avc:  denied  { map } for  pid=3497 comm="syzkaller691723" path="/root/syzkaller691723198" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   28.185947] 
[   28.185955] =============================
[   28.185958] WARNING: suspicious RCU usage
[   28.185962] 4.15.0-rc5+ #171 Not tainted
[   28.185964] -----------------------------
[   28.185970] ./include/linux/rcupdate.h:302 Illegal context switch in RCU read-side critical section!
[   28.185972] 
[   28.185972] other info that might help us debug this:
[   28.185972] 
[   28.185976] 
[   28.185976] rcu_scheduler_active = 2, debug_locks = 1
[   28.185980] 2 locks held by syzkaller691723/3497:
[   28.185982]  #0:  (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: [<00000000490c26d5>] xfrm_netlink_rcv+0x60/0x90
[   28.186030]  #1:  (rcu_read_lock){....}, at: [<00000000e43f8ad6>] xfrm_state_get_afinfo+0x62/0x280
[   28.186045] 
[   28.186045] stack backtrace:
[   28.186052] CPU: 0 PID: 3497 Comm: syzkaller691723 Not tainted 4.15.0-rc5+ #171
[   28.186055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.186058] Call Trace:
[   28.186069]  dump_stack+0x194/0x257
[   28.186082]  ? arch_local_irq_restore+0x53/0x53
[   28.186109]  lockdep_rcu_suspicious+0x123/0x170
[   28.186122]  ___might_sleep+0x385/0x470
[   28.186131]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   28.186153]  __might_sleep+0x95/0x190
[   28.186170]  kmem_cache_alloc_trace+0x298/0x750
[   28.186197]  __request_module+0x2e1/0xc20
[   28.186203]  ? check_noncircular+0x20/0x20
[   28.186212]  ? __xfrm_init_state+0xa61/0xdd0
[   28.186222]  ? free_modprobe_argv+0xa0/0xa0
[   28.186231]  ? check_noncircular+0x20/0x20
[   28.186238]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   28.186255]  ? check_noncircular+0x20/0x20
[   28.186260]  ? lock_acquire+0x1d5/0x580
[   28.186274]  ? find_held_lock+0x35/0x1d0
[   28.186283]  ? check_noncircular+0x20/0x20
[   28.186300]  ? lock_acquire+0x1d5/0x580
[   28.186306]  ? lock_acquire+0x1d5/0x580
[   28.186313]  ? xfrm_state_get_afinfo+0x62/0x280
[   28.186339]  ? __lock_is_held+0xb6/0x140
[   28.186363]  ? rcu_read_lock_held+0xa9/0xc0
[   28.186370]  ? xfrm_state_get_afinfo+0x138/0x280
[   28.186378]  ? xfrm_state_find+0x3210/0x3210
[   28.186401]  __xfrm_init_state+0xa61/0xdd0
[   28.186419]  ? xfrm_get_mode.part.29+0x260/0x260
[   28.186425]  ? xfrm_find_algo+0x1c4/0x270
[   28.186437]  ? xfrm_add_sa+0x11e1/0x33e0
[   28.186453]  xfrm_add_sa+0x1a09/0x33e0
[   28.186479]  ? xfrm_send_state_notify+0x1c50/0x1c50
[   28.186487]  ? nla_parse+0x29a/0x3d0
[   28.186501]  ? nla_validate+0x1c0/0x1c0
[   28.186514]  ? __netlink_ns_capable+0xe1/0x120
[   28.186526]  ? xfrm_send_state_notify+0x1c50/0x1c50
[   28.186534]  xfrm_user_rcv_msg+0x422/0x860
[   28.186542]  ? xfrm_user_rcv_msg+0x422/0x860
[   28.186556]  ? xfrm_dump_sa_done+0xe0/0xe0
[   28.186564]  ? lock_downgrade+0x980/0x980
[   28.186578]  ? lock_release+0xa40/0xa40
[   28.186628]  ? netlink_tap_init_net+0x350/0x350
[   28.186642]  netlink_rcv_skb+0x224/0x470
[   28.186650]  ? xfrm_dump_sa_done+0xe0/0xe0
[   28.186661]  ? netlink_ack+0xa10/0xa10
[   28.186675]  ? netlink_skb_destructor+0x1d0/0x1d0
[   28.186695]  xfrm_netlink_rcv+0x6f/0x90
[   28.186704]  netlink_unicast+0x4c4/0x6b0
[   28.186721]  ? netlink_attachskb+0x8a0/0x8a0
[   28.186737]  ? security_netlink_send+0x81/0xb0
[   28.186750]  netlink_sendmsg+0xa4a/0xe60
[   28.186770]  ? netlink_unicast+0x6b0/0x6b0
[   28.186784]  ? security_socket_sendmsg+0x89/0xb0
[   28.186792]  ? netlink_unicast+0x6b0/0x6b0
[   28.186803]  sock_sendmsg+0xca/0x110
[   28.186815]  ___sys_sendmsg+0x767/0x8b0
[   28.186835]  ? copy_msghdr_from_user+0x590/0x590
[   28.186857]  ? __do_page_fault+0x5f7/0xc90
[   28.186864]  ? lock_downgrade+0x980/0x980
[   28.186882]  ? __fget_light+0x297/0x380
[   28.186892]  ? fget_raw+0x20/0x20
[   28.186902]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   28.186908]  ? vmacache_find+0x5f/0x280
[   28.186914]  ? vmacache_update+0xfe/0x130
[   28.186930]  ? up_read+0x1a/0x40
[   28.186939]  ? __do_page_fault+0x3d6/0xc90
[   28.186945]  ? get_unused_fd_flags+0x190/0x190
[   28.186963]  ? __fdget+0x18/0x20
[   28.186979]  __sys_sendmsg+0xe5/0x210
[   28.186985]  ? __sys_sendmsg+0xe5/0x210
[   28.186995]  ? SyS_shutdown+0x290/0x290
[   28.187010]  ? __do_page_fault+0xc90/0xc90
[   28.187024]  ? fd_install+0x4d/0x60
[   28.187050]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   28.187067]  SyS_sendmsg+0x2d/0x50
[   28.187078]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   28.187083] RIP: 0033:0x440059
[   28.187087] RSP: 002b:00007fffccbd5cc8 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   28.187094] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 0000000000440059
[   28.187098] RDX: 0000000000000000 RSI: 0000000020004000 RDI: 0000000000000003
[   28.187102] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   28.187106] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004019c0
[   28.187110] R13: 0000000000401a50 R14: 0000000000000000 R15: 0000000000000000
[   28.187156] BUG: sleeping function called from invalid context at mm/slab.h:419
[   28.187161] in_atomic(): 1, irqs_disabled(): 0, pid: 3497, name: syzkaller691723
[   28.187165] 2 locks held by syzkaller691723/3497:
[   28.187167]  #0:  (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: [<00000000490c26d5>] xfrm_netlink_rcv+0x60/0x90
[   28.187182]  #1:  (rcu_read_lock){....}, at: [<00000000e43f8ad6>] xfrm_state_get_afinfo+0x62/0x280
[   28.187200] CPU: 0 PID: 3497 Comm: syzkaller691723 Not tainted 4.15.0-rc5+ #171
[   28.187204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.187206] Call Trace:
[   28.187214]  dump_stack+0x194/0x257
[   28.187226]  ? arch_local_irq_restore+0x53/0x53
[   28.187235]  ? print_lock+0x9f/0xa2
[   28.187243]  ? lockdep_print_held_locks+0xc4/0x130
[   28.187259]  ___might_sleep+0x2b2/0x470
[   28.187268]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   28.187291]  __might_sleep+0x95/0x190
[   28.187305]  kmem_cache_alloc_trace+0x298/0x750
[   28.187331]  __request_module+0x2e1/0xc20
[   28.187336]  ? check_noncircular+0x20/0x20
[   28.187345]  ? __xfrm_init_state+0xa61/0xdd0
[   28.187355]  ? free_modprobe_argv+0xa0/0xa0
[   28.187364]  ? check_noncircular+0x20/0x20
[   28.187370]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   28.187387]  ? check_noncircular+0x20/0x20
[   28.187393]  ? lock_acquire+0x1d5/0x580
[   28.187407]  ? find_held_lock+0x35/0x1d0
[   28.187415]  ? check_noncircular+0x20/0x20
[   28.187433]  ? lock_acquire+0x1d5/0x580
[   28.187438]  ? lock_acquire+0x1d5/0x580
[   28.187445]  ? xfrm_state_get_afinfo+0x62/0x280
[   28.187472]  ? __lock_is_held+0xb6/0x140
[   28.187495]  ? rcu_read_lock_held+0xa9/0xc0
[   28.187502]  ? xfrm_state_get_afinfo+0x138/0x280
[   28.187510]  ? xfrm_state_find+0x3210/0x3210
[   28.187533]  __xfrm_init_state+0xa61/0xdd0
[   28.187551]  ? xfrm_get_mode.part.29+0x260/0x260
[   28.187557]  ? xfrm_find_algo+0x1c4/0x270
[   28.187569]  ? xfrm_add_sa+0x11e1/0x33e0
[   28.187585]  xfrm_add_sa+0x1a09/0x33e0
[   28.187611]  ? xfrm_send_state_notify+0x1c50/0x1c50
[   28.187619]  ? nla_parse+0x29a/0x3d0
[   28.187633]  ? nla_validate+0x1c0/0x1c0
[   28.187645]  ? __netlink_ns_capable+0xe1/0x120
[   28.187656]  ? xfrm_send_state_notify+0x1c50/0x1c50
[   28.187664]  xfrm_user_rcv_msg+0x422/0x860
[   28.187672]  ? xfrm_user_rcv_msg+0x422/0x860
[   28.187686]  ? xfrm_dump_sa_done+0xe0/0xe0
[   28.187694]  ? lock_downgrade+0x980/0x980
[   28.187707]  ? lock_release+0xa40/0xa40
[   28.187758]  ? netlink_tap_init_net+0x350/0x350
[   28.187772]  netlink_rcv_skb+0x224/0x470
[   28.187781]  ? xfrm_dump_sa_done+0xe0/0xe0
[   28.187791]  ? netlink_ack+0xa10/0xa10
[   28.187806]  ? netlink_skb_destructor+0x1d0/0x1d0
[   28.187825]  xfrm_netlink_rcv+0x6f/0x90
[   28.187838]  netlink_unicast+0x4c4/0x6b0
[   28.187855]  ? netlink_attachskb+0x8a0/0x8a0
[   28.187870]  ? security_netlink_send+0x81/0xb0
[   28.187883]  netlink_sendmsg+0xa4a/0xe60
[   28.187902]  ? netlink_unicast+0x6b0/0x6b0
[   28.187917]  ? security_socket_sendmsg+0x89/0xb0
[   28.187925]  ? netlink_unicast+0x6b0/0x6b0
[   28.187935]  sock_sendmsg+0xca/0x110
[   28.187947]  ___sys_sendmsg+0x767/0x8b0
[   28.187963]  ? copy_msghdr_from_user+0x590/0x590
[   28.187982]  ? __do_page_fault+0x5f7/0xc90
[   28.187992]  ? lock_downgrade+0x980/0x980
[   28.188012]  ? __fget_light+0x297/0x380
[   28.188022]  ? fget_raw+0x20/0x20
[   28.188030]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   28.188035]  ? vmacache_find+0x5f/0x280
[   28.188042]  ? vmacache_update+0xfe/0x130
[   28.188058]  ? up_read+0x1a/0x40
[   28.188067]  ? __do_page_fault+0x3d6/0xc90
[   28.188073]  ? get_unused_fd_flags+0x190/0x190
[   28.188091]  ? __fdget+0x18/0x20
[   28.188107]  __sys_sendmsg+0xe5/0x210
[   28.188113]  ? __sys_sendmsg+0xe5/0x210
[   28.188124]  ? SyS_shutdown+0x290/0x290
[   28.188135]  ? __do_page_fault+0xc90/0xc90
[   28.188149]  ? fd_install+0x4d/0x60
[   28.188175]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   28.188191]  SyS_sendmsg+0x2d/0x50
[   28.188202]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   28.188207] RIP: 0033:0x440059
[   28.188210] RSP: 002b:00007fffccbd5cc8 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   28.188217] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 0000000000440059
[   28.188221] RDX: 0000000000000000 RSI: 0000000020004000 RDI: 0000000000000003
[   28.188225] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   28.188228] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004019c0
[   28.188232] R13: 0000000000401a50 R14: 0000000000000000 R15: 0000000000000000
[   28.188516] BUG: scheduling while atomic: syzkaller691723/3497/0x00000002
[   28.188520] 2 locks held by syzkaller691723/3497:
[   28.188522]  #0:  (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: [<00000000490c26d5>] xfrm_netlink_rcv+0x60/0x90
[   28.188538]  #1:  (rcu_read_lock){....}, at: [<00000000e43f8ad6>] xfrm_state_get_afinfo+0x62/0x280
[   28.188552] Modules linked in:
[   28.188559] Kernel panic - not syncing: scheduling while atomic
[   28.188559] 
[   28.188566] CPU: 0 PID: 3497 Comm: syzkaller691723 Tainted: G        W        4.15.0-rc5+ #171
[   28.188569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.188571] Call Trace:
[   28.188579]  dump_stack+0x194/0x257
[   28.188592]  ? arch_local_irq_restore+0x53/0x53
[   28.188602]  ? print_modules+0x194/0x30b
[   28.188608]  ? printk+0xaa/0xca
[   28.188618]  ? vsnprintf+0x1ed/0x1900
[   28.188632]  panic+0x1e4/0x41c
[   28.188641]  ? refcount_error_report+0x214/0x214
[   28.188656]  ? print_lock+0x9f/0xa2
[   28.188675]  __schedule_bug+0x11f/0x130
[   28.188685]  __schedule+0x131c/0x2060
[   28.188704]  ? __sched_text_start+0x8/0x8
[   28.188725]  ? __lock_is_held+0xb6/0x140
[   28.188750]  ? check_noncircular+0x20/0x20
[   28.188765]  ? check_noncircular+0x20/0x20
[   28.188779]  schedule+0xf5/0x430
[   28.188791]  ? __schedule+0x2060/0x2060
[   28.188807]  ? print_irqtrace_events+0x270/0x270
[   28.188826]  ? wait_for_completion_killable+0x3f1/0x820
[   28.188839]  ? lock_downgrade+0x980/0x980
[   28.188853]  schedule_timeout+0x1a3/0x230
[   28.188862]  ? usleep_range+0x190/0x190
[   28.188874]  ? mark_held_locks+0xaf/0x100
[   28.188884]  ? _raw_spin_unlock_irq+0x27/0x70
[   28.188895]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   28.188910]  wait_for_completion_killable+0x3f9/0x820
[   28.188926]  ? wait_for_completion_interruptible_timeout+0x820/0x820
[   28.188939]  ? __lockdep_init_map+0xe4/0x650
[   28.188952]  ? mark_held_locks+0xaf/0x100
[   28.188963]  ? wake_up_q+0xe0/0xe0
[   28.188972]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   28.188981]  ? trace_hardirqs_on+0xd/0x10
[   28.188988]  ? queue_work_on+0x106/0x1c0
[   28.189005]  call_usermodehelper_exec+0x2c1/0x480
[   28.189013]  ? usermodehelper_read_lock_wait+0x230/0x230
[   28.189019]  ? dec_ucount+0x1e0/0x1e0
[   28.189039]  ? memcpy+0x45/0x50
[   28.189056]  __request_module+0x41a/0xc20
[   28.189062]  ? check_noncircular+0x20/0x20
[   28.189071]  ? __xfrm_init_state+0xa61/0xdd0
[   28.189081]  ? free_modprobe_argv+0xa0/0xa0
[   28.189090]  ? check_noncircular+0x20/0x20
[   28.189096]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   28.189113]  ? check_noncircular+0x20/0x20
[   28.189118]  ? lock_acquire+0x1d5/0x580
[   28.189132]  ? find_held_lock+0x35/0x1d0
[   28.189140]  ? check_noncircular+0x20/0x20
[   28.189158]  ? lock_acquire+0x1d5/0x580
[   28.189164]  ? lock_acquire+0x1d5/0x580
[   28.189170]  ? xfrm_state_get_afinfo+0x62/0x280
[   28.189197]  ? __lock_is_held+0xb6/0x140
[   28.189220]  ? rcu_read_lock_held+0xa9/0xc0
[   28.189227]  ? xfrm_state_get_afinfo+0x138/0x280
[   28.189235]  ? xfrm_state_find+0x3210/0x3210
[   28.189257]  __xfrm_init_state+0xa61/0xdd0
[   28.189275]  ? xfrm_get_mode.part.29+0x260/0x260
[   28.189281]  ? xfrm_find_algo+0x1c4/0x270
[   28.189293]  ? xfrm_add_sa+0x11e1/0x33e0
[   28.189309]  xfrm_add_sa+0x1a09/0x33e0
[   28.189335]  ? xfrm_send_state_notify+0x1c50/0x1c50
[   28.189342]  ? nla_parse+0x29a/0x3d0
[   28.189356]  ? nla_validate+0x1c0/0x1c0
[   28.189369]  ? __netlink_ns_capable+0xe1/0x120
[   28.189380]  ? xfrm_send_state_notify+0x1c50/0x1c50
[   28.189388]  xfrm_user_rcv_msg+0x422/0x860
[   28.189396]  ? xfrm_user_rcv_msg+0x422/0x860
[   28.189410]  ? xfrm_dump_sa_done+0xe0/0xe0
[   28.189418]  ? lock_downgrade+0x980/0x980
[   28.189431]  ? lock_release+0xa40/0xa40
[   28.189482]  ? netlink_tap_init_net+0x350/0x350
[   28.189495]  netlink_rcv_skb+0x224/0x470
[   28.189504]  ? xfrm_dump_sa_done+0xe0/0xe0
[   28.189514]  ? netlink_ack+0xa10/0xa10
[   28.189529]  ? netlink_skb_destructor+0x1d0/0x1d0
[   28.189548]  xfrm_netlink_rcv+0x6f/0x90
[   28.189557]  netlink_unicast+0x4c4/0x6b0
[   28.189574]  ? netlink_attachskb+0x8a0/0x8a0
[   28.189589]  ? security_netlink_send+0x81/0xb0
[   28.189602]  netlink_sendmsg+0xa4a/0xe60
[   28.189621]  ? netlink_unicast+0x6b0/0x6b0
[   28.189635]  ? security_socket_sendmsg+0x89/0xb0
[   28.189643]  ? netlink_unicast+0x6b0/0x6b0
[   28.189654]  sock_sendmsg+0xca/0x110
[   28.189666]  ___sys_sendmsg+0x767/0x8b0
[   28.189681]  ? copy_msghdr_from_user+0x590/0x590
[   28.189701]  ? __do_page_fault+0x5f7/0xc90
[   28.189710]  ? lock_downgrade+0x980/0x980
[   28.189728]  ? __fget_light+0x297/0x380
[   28.189738]  ? fget_raw+0x20/0x20
[   28.189747]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   28.189752]  ? vmacache_find+0x5f/0x280
[   28.189758]  ? vmacache_update+0xfe/0x130
[   28.189774]  ? up_read+0x1a/0x40
[   28.189783]  ? __do_page_fault+0x3d6/0xc90
[   28.189789]  ? get_unused_fd_flags+0x190/0x190
[   28.189807]  ? __fdget+0x18/0x20
[   28.189823]  __sys_sendmsg+0xe5/0x210
[   28.189828]  ? __sys_sendmsg+0xe5/0x210
[   28.189843]  ? SyS_shutdown+0x290/0x290
[   28.189854]  ? __do_page_fault+0xc90/0xc90
[   28.189867]  ? fd_install+0x4d/0x60
[   28.189893]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   28.189909]  SyS_sendmsg+0x2d/0x50
[   28.189920]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   28.189924] RIP: 0033:0x440059
[   28.189928] RSP: 002b:00007fffccbd5cc8 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   28.189935] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 0000000000440059
[   28.189939] RDX: 0000000000000000 RSI: 0000000020004000 RDI: 0000000000000003
[   28.189942] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   28.189946] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004019c0
[   28.189950] R13: 0000000000401a50 R14: 0000000000000000 R15: 0000000000000000
[   28.208549] Dumping ftrace buffer:
[   28.208597]    (ftrace buffer empty)
[   28.208600] Kernel Offset: disabled
[   29.635512] Rebooting in 86400 seconds..