[ 42.681118] audit: type=1800 audit(1555836008.108:30): pid=7793 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 48.241676] kauditd_printk_skb: 4 callbacks suppressed [ 48.241692] audit: type=1400 audit(1555836013.708:35): avc: denied { map } for pid=7968 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.10.60' (ECDSA) to the list of known hosts. [ 830.986521] audit: type=1400 audit(1555836796.448:36): avc: denied { map } for pid=7980 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/04/21 08:53:17 parsed 1 programs [ 831.805489] audit: type=1400 audit(1555836797.268:37): avc: denied { map } for pid=7980 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14984 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2019/04/21 08:53:18 executed programs: 0 [ 833.349150] IPVS: ftp: loaded support on port[0] = 21 [ 833.414965] chnl_net:caif_netlink_parms(): no params data found [ 833.455965] bridge0: port 1(bridge_slave_0) entered blocking state [ 833.463204] bridge0: port 1(bridge_slave_0) entered disabled state [ 833.470951] device bridge_slave_0 entered promiscuous mode [ 833.478535] bridge0: port 2(bridge_slave_1) entered blocking state [ 833.485745] bridge0: port 2(bridge_slave_1) entered disabled state [ 833.493093] device bridge_slave_1 entered promiscuous mode [ 833.509180] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 833.518213] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 833.534918] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 833.542790] team0: Port device team_slave_0 added [ 833.548260] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 833.555728] team0: Port device team_slave_1 added [ 833.561955] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 833.569536] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 833.621514] device hsr_slave_0 entered promiscuous mode [ 833.659183] device hsr_slave_1 entered promiscuous mode [ 833.719495] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 833.726603] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 833.741338] bridge0: port 2(bridge_slave_1) entered blocking state [ 833.747853] bridge0: port 2(bridge_slave_1) entered forwarding state [ 833.754809] bridge0: port 1(bridge_slave_0) entered blocking state [ 833.761180] bridge0: port 1(bridge_slave_0) entered forwarding state [ 833.793723] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 833.801315] 8021q: adding VLAN 0 to HW filter on device bond0 [ 833.810550] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 833.819659] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 833.828697] bridge0: port 1(bridge_slave_0) entered disabled state [ 833.836280] bridge0: port 2(bridge_slave_1) entered disabled state [ 833.843591] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 833.854407] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 833.860803] 8021q: adding VLAN 0 to HW filter on device team0 [ 833.870440] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 833.878335] bridge0: port 1(bridge_slave_0) entered blocking state [ 833.884993] bridge0: port 1(bridge_slave_0) entered forwarding state [ 833.894569] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 833.903113] bridge0: port 2(bridge_slave_1) entered blocking state [ 833.909555] bridge0: port 2(bridge_slave_1) entered forwarding state [ 833.929511] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 833.937565] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 833.946739] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 833.955114] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 833.963871] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 833.973407] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 833.980219] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 833.993224] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 834.003614] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 834.015172] audit: type=1400 audit(1555836799.478:38): avc: denied { associate } for pid=7996 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 2019/04/21 08:53:23 executed programs: 40 [ 1001.488939] INFO: task syz-executor.0:8302 blocked for more than 140 seconds. [ 1001.496794] Not tainted 4.19.36 #4 [ 1001.501491] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1001.509834] syz-executor.0 D28504 8302 7996 0x00000004 [ 1001.516085] Call Trace: [ 1001.519098] __schedule+0x813/0x1d00 [ 1001.523009] ? finish_task_switch+0x146/0x790 [ 1001.528012] ? pci_mmcfg_check_reserved+0x170/0x170 [ 1001.533469] ? mark_held_locks+0x100/0x100 [ 1001.538069] schedule+0x92/0x1c0 [ 1001.542422] schedule_timeout+0x8ca/0xfd0 [ 1001.546817] ? wait_for_completion+0x294/0x440 [ 1001.551569] ? find_held_lock+0x35/0x130 [ 1001.557908] ? usleep_range+0x170/0x170 [ 1001.562312] ? _raw_spin_unlock_irq+0x28/0x90 [ 1001.567050] ? wait_for_completion+0x294/0x440 [ 1001.572257] ? _raw_spin_unlock_irq+0x28/0x90 [ 1001.577033] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1001.581921] ? trace_hardirqs_on+0x67/0x230 [ 1001.586443] ? kasan_check_read+0x11/0x20 [ 1001.590715] wait_for_completion+0x29c/0x440 [ 1001.595531] ? wait_for_completion_interruptible+0x4b0/0x4b0 [ 1001.601636] ? preempt_schedule_common+0x4f/0xe0 [ 1001.606425] ? wake_up_q+0x100/0x100 [ 1001.610456] ? ___preempt_schedule+0x16/0x18 [ 1001.614928] __flush_work+0x474/0x840 [ 1001.619407] ? insert_work+0x3a0/0x3a0 [ 1001.623566] ? __radix_tree_lookup+0x219/0x380 [ 1001.628621] ? flush_workqueue_prep_pwqs+0x590/0x590 [ 1001.633995] ? __cancel_work_timer+0xc4/0x520 [ 1001.638633] ? __cancel_work_timer+0x1d3/0x520 [ 1001.643620] ? cancel_work_sync+0x18/0x20 [ 1001.647794] ? __cancel_work_timer+0x1d3/0x520 [ 1001.652442] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1001.657264] ? trace_hardirqs_on+0x67/0x230 [ 1001.661880] __cancel_work_timer+0x3bf/0x520 [ 1001.666317] ? try_to_grab_pending+0x710/0x710 [ 1001.671845] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1001.677384] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1001.683097] ? p9_fd_close+0x29e/0x470 [ 1001.687020] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1001.692645] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1001.697449] ? trace_hardirqs_on+0x67/0x230 [ 1001.701929] ? kasan_check_read+0x11/0x20 [ 1001.706658] cancel_work_sync+0x18/0x20 [ 1001.710792] p9_fd_close+0x2b7/0x470 [ 1001.714751] p9_client_create+0x9c5/0x12e0 [ 1001.719306] ? check_preemption_disabled+0x48/0x290 [ 1001.724803] ? p9_client_zc_rpc.constprop.0+0x12e0/0x12e0 [ 1001.730618] ? __kmalloc_track_caller+0x5e0/0x750 [ 1001.735986] ? __lockdep_init_map+0x10c/0x5b0 [ 1001.740918] ? lockdep_init_map+0x9/0x10 [ 1001.745009] ? kasan_check_write+0x14/0x20 [ 1001.749559] v9fs_session_init+0x1e7/0x18d0 [ 1001.753959] ? find_held_lock+0x35/0x130 [ 1001.758534] ? fs_reclaim_acquire+0x20/0x20 [ 1001.763151] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1001.769014] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1001.774725] ? v9fs_show_options+0x7e0/0x7e0 [ 1001.779563] ? v9fs_mount+0x5e/0x920 [ 1001.783564] ? rcu_read_lock_sched_held+0x110/0x130 [ 1001.789670] ? kmem_cache_alloc_trace+0x34b/0x760 [ 1001.794777] ? free_pages+0x46/0x50 [ 1001.798649] ? selinux_sb_copy_data+0x319/0x4a0 [ 1001.804047] v9fs_mount+0x7d/0x920 [ 1001.807632] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1001.813656] mount_fs+0xae/0x331 [ 1001.817276] vfs_kern_mount.part.0+0x6f/0x410 [ 1001.821855] do_mount+0x53e/0x2bc0 [ 1001.825651] ? copy_mount_string+0x40/0x40 [ 1001.830283] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1001.836142] ? copy_mount_options+0x280/0x3a0 [ 1001.840809] ksys_mount+0xdb/0x150 [ 1001.844526] __x64_sys_mount+0xbe/0x150 [ 1001.848981] do_syscall_64+0x103/0x610 [ 1001.853066] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1001.858647] RIP: 0033:0x458c29 [ 1001.862118] Code: 08 48 c7 44 24 10 04 00 00 00 e8 62 d8 fa ff 48 8b 44 24 18 48 8b 4c 24 30 48 83 c1 08 48 89 0c 24 48 89 44 24 08 48 c7 44 24 <10> 10 00 00 00 e8 3d d8 fa ff 48 8b 44 24 18 48 89 44 24 40 48 8b [ 1001.881852] RSP: 002b:00007f7b928bac78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1001.889804] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 1001.897373] RDX: 0000000020000100 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1001.904862] RBP: 000000000073bf00 R08: 0000000020000140 R09: 0000000000000000 [ 1001.912571] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b928bb6d4 [ 1001.920133] R13: 00000000004c4c14 R14: 00000000004d88a0 R15: 00000000ffffffff [ 1001.927632] [ 1001.927632] Showing all locks held in the system: [ 1001.934895] 1 lock held by khungtaskd/1027: [ 1001.939461] #0: 0000000077c0cb21 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e [ 1001.948302] 2 locks held by kworker/1:2/2710: [ 1001.953060] #0: 000000009405ed2f ((wq_completion)"events"){+.+.}, at: process_one_work+0x87e/0x1760 [ 1001.962686] #1: 00000000170ff86c ((work_completion)(&m->rq)){+.+.}, at: process_one_work+0x8b4/0x1760 [ 1001.972425] 1 lock held by rsyslogd/7832: [ 1001.976619] #0: 000000003d030570 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 [ 1001.985329] 2 locks held by getty/7953: [ 1001.989559] #0: 00000000bbc6053a (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 1001.998954] #1: 000000003402ee32 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b30 [ 1002.008137] 2 locks held by getty/7954: [ 1002.012313] #0: 0000000098e436f9 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 1002.021235] #1: 0000000049a1c156 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b30 [ 1002.030310] 2 locks held by getty/7955: [ 1002.034479] #0: 00000000635a8a7f (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 1002.043260] #1: 0000000083602d88 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b30 [ 1002.052714] 2 locks held by getty/7956: [ 1002.057457] #0: 0000000043d31f9e (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 1002.067110] #1: 00000000cdb56a82 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b30 [ 1002.076828] 2 locks held by getty/7957: [ 1002.081318] #0: 000000008491a118 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 1002.089849] #1: 00000000c0e44665 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b30 [ 1002.099265] 2 locks held by getty/7958: [ 1002.103306] #0: 00000000435de401 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 1002.112291] #1: 00000000770604d2 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b30 [ 1002.124156] 2 locks held by getty/7959: [ 1002.129315] #0: 000000002d19a28b (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 1002.139236] #1: 000000002426230d (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b30 [ 1002.148668] [ 1002.150681] ============================================= [ 1002.150681] [ 1002.158523] NMI backtrace for cpu 0 [ 1002.162231] CPU: 0 PID: 1027 Comm: khungtaskd Not tainted 4.19.36 #4 [ 1002.170365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1002.181770] Call Trace: [ 1002.184771] dump_stack+0x172/0x1f0 [ 1002.189423] nmi_cpu_backtrace.cold+0x63/0xa4 [ 1002.194173] ? lapic_can_unplug_cpu.cold+0x38/0x38 [ 1002.199799] nmi_trigger_cpumask_backtrace+0x1b0/0x1f8 [ 1002.205406] arch_trigger_cpumask_backtrace+0x14/0x20 [ 1002.211509] watchdog+0x9df/0xee0 [ 1002.215529] kthread+0x357/0x430 [ 1002.219803] ? reset_hung_task_detector+0x30/0x30 [ 1002.226125] ? kthread_delayed_work_timer_fn+0x290/0x290 [ 1002.231689] ret_from_fork+0x3a/0x50 [ 1002.235795] Sending NMI from CPU 0 to CPUs 1: [ 1002.241193] NMI backtrace for cpu 1 skipped: idling at native_safe_halt+0x2/0x10 [ 1002.242913] Kernel panic - not syncing: hung_task: blocked tasks [ 1002.255420] CPU: 0 PID: 1027 Comm: khungtaskd Not tainted 4.19.36 #4 [ 1002.264043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1002.274817] Call Trace: [ 1002.278335] dump_stack+0x172/0x1f0 [ 1002.282344] panic+0x263/0x51d [ 1002.285993] ? __warn_printk+0xf3/0xf3 [ 1002.290423] ? lapic_can_unplug_cpu.cold+0x38/0x38 [ 1002.295983] ? ___preempt_schedule+0x16/0x18 [ 1002.301069] ? nmi_trigger_cpumask_backtrace+0x165/0x1f8 [ 1002.307529] ? nmi_trigger_cpumask_backtrace+0x1c1/0x1f8 [ 1002.313268] ? nmi_trigger_cpumask_backtrace+0x1cb/0x1f8 [ 1002.321236] ? nmi_trigger_cpumask_backtrace+0x165/0x1f8 [ 1002.328222] watchdog+0x9f0/0xee0 [ 1002.332868] kthread+0x357/0x430 [ 1002.336694] ? reset_hung_task_detector+0x30/0x30 [ 1002.343030] ? kthread_delayed_work_timer_fn+0x290/0x290 [ 1002.349084] ret_from_fork+0x3a/0x50 [ 1002.355097] Kernel Offset: disabled [ 1002.359382] Rebooting in 86400 seconds..