[....] Starting enhanced syslogd: rsyslogd[   12.231305] audit: type=1400 audit(1516395339.279:5): avc:  denied  { syslog } for  pid=3494 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.464058] audit: type=1400 audit(1516395345.511:6): avc:  denied  { map } for  pid=3634 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.62' (ECDSA) to the list of known hosts.
executing program
[   36.389713] audit: type=1400 audit(1516395363.437:7): avc:  denied  { map } for  pid=3651 comm="syzkaller844869" path="/root/syzkaller844869025" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   36.391299] 
[   36.391301] ============================================
[   36.391302] WARNING: possible recursive locking detected
[   36.391305] 4.15.0-rc8+ #179 Not tainted
[   36.391305] --------------------------------------------
[   36.391308] syzkaller844869/3651 is trying to acquire lock:
[   36.391309]  (&vq->mutex){+.+.}, at: [<000000005f2fd7bf>] vhost_chr_write_iter+0x278/0x1580
[   36.391322] 
[   36.391322] but task is already holding lock:
[   36.391323]  (&vq->mutex){+.+.}, at: [<000000005f2fd7bf>] vhost_chr_write_iter+0x278/0x1580
[   36.391330] 
[   36.391330] other info that might help us debug this:
[   36.391331]  Possible unsafe locking scenario:
[   36.391331] 
[   36.391332]        CPU0
[   36.391332]        ----
[   36.391333]   lock(&vq->mutex);
[   36.391335]   lock(&vq->mutex);
[   36.391337] 
[   36.391337]  *** DEADLOCK ***
[   36.391337] 
[   36.391338]  May be due to missing lock nesting notation
[   36.391338] 
[   36.391340] 1 lock held by syzkaller844869/3651:
[   36.391341]  #0:  (&vq->mutex){+.+.}, at: [<000000005f2fd7bf>] vhost_chr_write_iter+0x278/0x1580
[   36.391348] 
[   36.391348] stack backtrace:
[   36.391352] CPU: 1 PID: 3651 Comm: syzkaller844869 Not tainted 4.15.0-rc8+ #179
[   36.391354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.391356] Call Trace:
[   36.391363]  dump_stack+0x194/0x257
[   36.391368]  ? arch_local_irq_restore+0x53/0x53
[   36.391376]  __lock_acquire+0xe8f/0x3e00
[   36.391381]  ? __is_insn_slot_addr+0x1fc/0x330
[   36.391388]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   36.391392]  ? __lock_acquire+0x664/0x3e00
[   36.391398]  ? is_bpf_text_address+0x7b/0x120
[   36.391402]  ? print_irqtrace_events+0x270/0x270
[   36.391406]  ? print_irqtrace_events+0x270/0x270
[   36.391409]  ? print_irqtrace_events+0x270/0x270
[   36.391415]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   36.391418]  ? print_irqtrace_events+0x270/0x270
[   36.391422]  ? print_irqtrace_events+0x270/0x270
[   36.391425]  ? lock_release+0xa40/0xa40
[   36.391429]  ? __lock_acquire+0x664/0x3e00
[   36.391432]  ? __lock_acquire+0x664/0x3e00
[   36.391437]  ? __lock_acquire+0x664/0x3e00
[   36.391441]  ? check_noncircular+0x20/0x20
[   36.391445]  ? __lock_acquire+0x664/0x3e00
[   36.391450]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   36.391453]  ? print_irqtrace_events+0x270/0x270
[   36.391459]  lock_acquire+0x1d5/0x580
[   36.391462]  ? lock_acquire+0x1d5/0x580
[   36.391466]  ? vhost_chr_write_iter+0x278/0x1580
[   36.391471]  ? lock_release+0xa40/0xa40
[   36.391476]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   36.391481]  ? rcu_note_context_switch+0x710/0x710
[   36.391486]  ? __might_sleep+0x95/0x190
[   36.391490]  ? vhost_chr_write_iter+0x278/0x1580
[   36.391495]  __mutex_lock+0x16f/0x1a80
[   36.391499]  ? vhost_chr_write_iter+0x278/0x1580
[   36.391503]  ? vhost_chr_write_iter+0x278/0x1580
[   36.391507]  ? check_noncircular+0x20/0x20
[   36.391511]  ? mutex_lock_io_nested+0x1900/0x1900
[   36.391518]  ? get_mem_cgroup_from_mm+0x49b/0x710
[   36.391524]  ? __lru_cache_add+0x2a4/0x410
[   36.391529]  ? find_held_lock+0x35/0x1d0
[   36.391535]  ? __might_fault+0x110/0x1d0
[   36.391539]  ? lock_downgrade+0x980/0x980
[   36.391543]  ? lock_release+0xa40/0xa40
[   36.391546]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   36.391550]  ? check_noncircular+0x20/0x20
[   36.391553]  ? lru_cache_add+0x1c7/0x3a0
[   36.391556]  ? get_mem_cgroup_from_mm+0x710/0x710
[   36.391560]  ? lru_cache_add_file+0x20/0x20
[   36.391564]  ? __might_sleep+0x95/0x190
[   36.391569]  ? kasan_check_write+0x14/0x20
[   36.391574]  ? copyin+0x91/0xb0
[   36.391578]  ? _copy_from_iter+0x367/0xf30
[   36.391581]  ? find_held_lock+0x35/0x1d0
[   36.391587]  ? copy_page_to_iter+0xe10/0xe10
[   36.391590]  ? lock_downgrade+0x980/0x980
[   36.391595]  mutex_lock_nested+0x16/0x20
[   36.391598]  ? mutex_lock_nested+0x16/0x20
[   36.391602]  vhost_chr_write_iter+0x278/0x1580
[   36.391606]  ? do_raw_spin_trylock+0x190/0x190
[   36.391611]  ? vhost_new_umem_range+0x740/0x740
[   36.391615]  ? _raw_spin_unlock+0x22/0x30
[   36.391619]  ? __handle_mm_fault+0x80e/0x3ce0
[   36.391626]  ? find_held_lock+0x35/0x1d0
[   36.391630]  vhost_net_chr_write_iter+0x59/0x70
[   36.391635]  __vfs_write+0x684/0x970
[   36.391639]  ? kernel_read+0x120/0x120
[   36.391643]  ? _cond_resched+0x14/0x30
[   36.391655]  ? avc_policy_seqno+0x9/0x20
[   36.391659]  ? selinux_file_permission+0x82/0x460
[   36.391665]  ? rw_verify_area+0xe5/0x2b0
[   36.391669]  ? __fdget_raw+0x20/0x20
[   36.391673]  vfs_write+0x189/0x510
[   36.391677]  SyS_write+0xef/0x220
[   36.391683]  ? __do_page_fault+0x3d6/0xc90
[   36.391687]  ? SyS_read+0x220/0x220
[   36.391693]  ? do_fast_syscall_32+0x156/0xf9d
[   36.391697]  ? SyS_read+0x220/0x220
[   36.391701]  do_fast_syscall_32+0x3ee/0xf9d
[   36.391706]  ? do_int80_syscall_32+0x9d0/0x9d0
[   36.391709]  ? kasan_check_read+0x11/0x20
[   36.391713]  ? syscall_return_slowpath+0x550/0x550
[   36.391719]  ? SyS_rt_sigaction+0x94/0x1b0
[   36.391723]  ? SyS_sigprocmask+0x4b0/0x4b0
[   36.391726]  ? SyS_read+0x184/0x220
[   36.391729]  ? retint_user+0x18/0x18
[   36.391734]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   36.391739]  entry_SYSENTER_compat+0x54/0x63
[   36.391743] RIP: 0023:0xf7f65c79
[   36.391744] RSP: 002b:00000000ff96c7fc EFLAGS: 00000286 ORIG_RAX: 0000000000000004
[   36.391748] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020004f98
[   36.391751] RDX: 0000000000000068 RSI: 00000000080ea00c RDI: 000000000000003f
[   36.391753] RBP: 0000000000001000 R08: 0000000000000000 R09: 0000000000000000
[   36.391754] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   36.391756] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   36.391766] kasan: CONFIG_KASAN_INLINE enabled
[   36.391767] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   36.391771] general protection fault: 0000 [#1] SMP KASAN
[   36.391775] Dumping ftrace buffer:
[   36.391778]    (ftrace buffer empty)
[   36.391779] Modules linked in:
[   36.391783] CPU: 1 PID: 3651 Comm: syzkaller844869 Not tainted 4.15.0-rc8+ #179
[   36.391785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.391789] RIP: 0010:vhost_chr_write_iter+0x5f5/0x1580
[   36.391791] RSP: 0018:ffff8801d9fff990 EFLAGS: 00010246
[   36.391794] RAX: 0000000000000002 RBX: dffffc0000000000 RCX: 0000000000000000
[   36.391796] RDX: dffffc0000000000 RSI: 0000000000000000 RDI: ffff8801bd240200
[   36.391799] RBP: ffff8801d9fffb10 R08: ffffffff8412f818 R09: 0000000000000000
[   36.391801] R10: ffff8801d9fff980 R11: fffffbfff0fda4be R12: 0000000020005000
[   36.391803] R13: ffff8801bd240140 R14: ffff8801bd244900 R15: 1ffff1003b3fff3d
[   36.391806] FS:  0000000000000000(0000) GS:ffff8801db300000(0063) knlGS:0000000009d08840
[   36.391809] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   36.391811] CR2: 0000000020004f98 CR3: 00000001bc86e002 CR4: 00000000001606e0
[   36.391816] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   36.391818] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   36.391819] Call Trace:
[   36.391824]  ? do_raw_spin_trylock+0x190/0x190
[   36.391832]  ? vhost_new_umem_range+0x740/0x740
[   36.391837]  ? _raw_spin_unlock+0x22/0x30
[   36.391841]  ? __handle_mm_fault+0x80e/0x3ce0
[   36.391852]  ? find_held_lock+0x35/0x1d0
[   36.391858]  vhost_net_chr_write_iter+0x59/0x70
[   36.391863]  __vfs_write+0x684/0x970
[   36.391869]  ? kernel_read+0x120/0x120
[   36.391875]  ? _cond_resched+0x14/0x30
[   36.391880]  ? avc_policy_seqno+0x9/0x20
[   36.391883]  ? selinux_file_permission+0x82/0x460
[   36.391892]  ? rw_verify_area+0xe5/0x2b0
[   36.391895]  ? __fdget_raw+0x20/0x20
[   36.391901]  vfs_write+0x189/0x510
[   36.391907]  SyS_write+0xef/0x220
[   36.391911]  ? __do_page_fault+0x3d6/0xc90
[   36.391916]  ? SyS_read+0x220/0x220
[   36.391921]  ? do_fast_syscall_32+0x156/0xf9d
[   36.391927]  ? SyS_read+0x220/0x220
[   36.391931]  do_fast_syscall_32+0x3ee/0xf9d
[   36.391939]  ? do_int80_syscall_32+0x9d0/0x9d0
[   36.391943]  ? kasan_check_read+0x11/0x20
[   36.391948]  ? syscall_return_slowpath+0x550/0x550
[   36.391953]  ? SyS_rt_sigaction+0x94/0x1b0
[   36.391958]  ? SyS_sigprocmask+0x4b0/0x4b0
[   36.391961]  ? SyS_read+0x184/0x220
[   36.391964]  ? retint_user+0x18/0x18
[   36.391971]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   36.391978]  entry_SYSENTER_compat+0x54/0x63
[   36.391981] RIP: 0023:0xf7f65c79
[   36.391983] RSP: 002b:00000000ff96c7fc EFLAGS: 00000286 ORIG_RAX: 0000000000000004
[   36.391986] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020004f98
[   36.391988] RDX: 0000000000000068 RSI: 00000000080ea00c RDI: 000000000000003f
[   36.391990] RBP: 0000000000001000 R08: 0000000000000000 R09: 0000000000000000
[   36.391992] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   36.391994] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   36.392009] Code: e9 03 80 3c 11 00 0f 85 7d 0f 00 00 49 8b b5 c0 00 00 00 48 ba 00 00 00 00 00 fc ff df 48 89 f1 48 89 b5 c0 fe ff ff 48 c1 e9 03 <80> 3c 11 00 0f 85 74 0b 00 00 48 8b b5 c0 fe ff ff 4c 8b 36 4d 
[   36.392077] RIP: vhost_chr_write_iter+0x5f5/0x1580 RSP: ffff8801d9fff990
[   36.392105] ---[ end trace ecba2bf456756710 ]---
[   36.392107] Kernel panic - not syncing: Fatal exception
[   36.415934] Dumping ftrace buffer:
[   36.415936]    (ftrace buffer empty)
[   36.415938] Kernel Offset: disabled
[   37.292407] Rebooting in 86400 seconds..