[....] Starting enhanced syslogd: rsyslogd[ 13.617672] audit: type=1400 audit(1513112201.497:5): avc: denied { syslog } for pid=2993 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.361838] audit: type=1400 audit(1513112208.241:6): avc: denied { map } for pid=3132 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-kasan-gce-0,10.128.15.219' (ECDSA) to the list of known hosts. executing program executing program [ 26.708338] audit: type=1400 audit(1513112214.588:7): avc: denied { map } for pid=3146 comm="syzkaller032169" path="/root/syzkaller032169093" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 executing program executing program executing program executing program [ 27.011809] [ 27.013447] ===================================== [ 27.018251] WARNING: bad unlock balance detected! [ 27.023059] 4.15.0-rc3+ #218 Not tainted [ 27.027082] ------------------------------------- [ 27.031885] syzkaller032169/3204 is trying to release lock (mrt_lock) at: [ 27.038791] [<000000007aaa1de6>] ipmr_mfc_seq_stop+0xe1/0x130 [ 27.044654] but there are no more locks to release! [ 27.049630] [ 27.049630] other info that might help us debug this: [ 27.056257] 1 lock held by syzkaller032169/3204: [ 27.060972] #0: (&p->lock){+.+.}, at: [<000000009b865024>] seq_read+0xd5/0x13d0 [ 27.068563] [ 27.068563] stack backtrace: [ 27.073022] CPU: 0 PID: 3204 Comm: syzkaller032169 Not tainted 4.15.0-rc3+ #218 [ 27.080437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.089756] Call Trace: [ 27.092308] dump_stack+0x194/0x257 [ 27.095907] ? arch_local_irq_restore+0x53/0x53 [ 27.100541] ? ipmr_mfc_seq_stop+0xe1/0x130 [ 27.104826] print_unlock_imbalance_bug+0x12f/0x140 [ 27.109805] lock_release+0x5f9/0xda0 [ 27.113568] ? ipmr_mfc_seq_stop+0xe1/0x130 [ 27.117860] ? lock_downgrade+0x980/0x980 [ 27.121971] ? check_preempt_curr+0x350/0x350 [ 27.126433] ? do_raw_spin_trylock+0x190/0x190 [ 27.130980] ? check_noncircular+0x20/0x20 [ 27.135177] ? memcpy+0x45/0x50 [ 27.138419] ? seq_puts+0xb5/0x130 [ 27.141925] _raw_read_unlock+0x1a/0x30 [ 27.145862] ipmr_mfc_seq_stop+0xe1/0x130 [ 27.149974] traverse+0x3bc/0xa00 [ 27.153391] ? seq_hlist_next+0xc0/0xc0 [ 27.157334] ? seq_lseek+0x3c0/0x3c0 [ 27.161013] seq_read+0x96a/0x13d0 [ 27.164516] ? fsnotify+0x7b3/0x1140 [ 27.168201] ? seq_lseek+0x3c0/0x3c0 [ 27.171882] ? fsnotify_first_mark+0x2b0/0x2b0 [ 27.176434] ? avc_policy_seqno+0x9/0x20 [ 27.180465] ? selinux_file_permission+0x82/0x460 [ 27.185272] ? seq_lseek+0x3c0/0x3c0 [ 27.188951] proc_reg_read+0xef/0x170 [ 27.192719] do_iter_read+0x3db/0x5b0 [ 27.196484] ? dup_iter+0x260/0x260 [ 27.200074] vfs_readv+0x121/0x1c0 [ 27.203578] ? lock_downgrade+0x980/0x980 [ 27.207691] ? compat_rw_copy_check_uvector+0x2e0/0x2e0 [ 27.213017] ? fget_raw+0x20/0x20 [ 27.216438] ? do_page_fault+0xee/0x720 [ 27.220376] ? __do_page_fault+0xc90/0xc90 [ 27.224572] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 27.229551] ? lockdep_sys_exit+0x47/0xf0 [ 27.233676] ? syscall_return_slowpath+0x2ad/0x550 [ 27.238576] do_preadv+0x11b/0x1a0 [ 27.242079] ? do_preadv+0x11b/0x1a0 [ 27.245766] SyS_preadv+0x30/0x40 [ 27.249183] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 27.253904] RIP: 0033:0x445d19 [ 27.257057] RSP: 002b:00007f698382bd38 EFLAGS: 00000293 ORIG_RAX: 0000000000000127 [ 27.264728] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000445d19 [ 27.271964] RDX: 0000000000000001 RSI: 0000000020a3afb0 RDI: 0000000000000017 [ 27.279196] RBP: 0000000000000000 R08: 00007f698382c700 R09: 0000000000000000 [ 27.286438] R10: 0000000000000067 R11: 0000000000000293 R12: 0000000000000000 [ 27.293673] R13: 00007ffd5a4586ff R14: 00007f698382c9c0 R15: 0000000000000000 [ 27.300989] BUG: sleeping function called from invalid context at lib/usercopy.c:25 [ 27.308791] in_atomic(): 1, irqs_disabled(): 0, pid: 3204, name: syzkaller032169 [ 27.316299] INFO: lockdep is turned off. [ 27.320341] CPU: 0 PID: 3204 Comm: syzkaller032169 Not tainted 4.15.0-rc3+ #218 [ 27.327750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.337067] Call Trace: [ 27.339620] dump_stack+0x194/0x257 [ 27.343215] ? arch_local_irq_restore+0x53/0x53 [ 27.347856] ___might_sleep+0x2b2/0x470 [ 27.351805] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 27.357655] ? __check_object_size+0x25d/0x4f0 [ 27.362210] __might_sleep+0x95/0x190 [ 27.365976] __might_fault+0xab/0x1d0 [ 27.369743] _copy_to_user+0x2c/0xc0 [ 27.373421] seq_read+0xcb4/0x13d0 [ 27.376932] ? seq_lseek+0x3c0/0x3c0 [ 27.380613] ? fsnotify_first_mark+0x2b0/0x2b0 [ 27.385161] ? avc_policy_seqno+0x9/0x20 [ 27.389185] ? selinux_file_permission+0x82/0x460 [ 27.393995] ? seq_lseek+0x3c0/0x3c0 [ 27.397673] proc_reg_read+0xef/0x170 [ 27.401441] do_iter_read+0x3db/0x5b0 [ 27.405207] ? dup_iter+0x260/0x260 [ 27.408804] vfs_readv+0x121/0x1c0 [ 27.412307] ? lock_downgrade+0x980/0x980 [ 27.416420] ? compat_rw_copy_check_uvector+0x2e0/0x2e0 [ 27.421753] ? fget_raw+0x20/0x20 [ 27.425172] ? do_page_fault+0xee/0x720 [ 27.429112] ? __do_page_fault+0xc90/0xc90 [ 27.433310] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 27.438293] ? lockdep_sys_exit+0x47/0xf0 [ 27.442415] ? syscall_return_slowpath+0x2ad/0x550 [ 27.447318] do_preadv+0x11b/0x1a0 [ 27.450821] ? do_preadv+0x11b/0x1a0 [ 27.454515] SyS_preadv+0x30/0x40 [ 27.457935] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 27.462660] RIP: 0033:0x445d19 [ 27.465815] RSP: 002b:00007f698382bd38 EFLAGS: 00000293 ORIG_RAX: 0000000000000127 [ 27.473488] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000445d19 [ 27.480723] RDX: 0000000000000001 RSI: 0000000020a3afb0 RDI: 0000000000000017 [ 27.487959] RBP: 0000000000000000 R08: 00007f698382c700 R09: 0000000000000000 [ 27.495193] R10: 0000000000000067 R11: 0000000000000293 R12: 0000000000000000 [ 27.502432] R13: 00007ffd5a4586ff R14: 00007f698382c9c0 R15: 0000000000000000 [ 27.509774] WARNING: CPU: 0 PID: 3204 at lib/usercopy.c:26 _copy_to_user+0xb5/0xc0 [ 27.517454] Kernel panic - not syncing: panic_on_warn set ... [ 27.517454] [ 27.524783] CPU: 0 PID: 3204 Comm: syzkaller032169 Tainted: G W 4.15.0-rc3+ #218 [ 27.533493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.542810] Call Trace: [ 27.545362] dump_stack+0x194/0x257 [ 27.548955] ? arch_local_irq_restore+0x53/0x53 [ 27.553589] ? vsnprintf+0x1ed/0x1900 [ 27.557356] panic+0x1e4/0x41c [ 27.560511] ? refcount_error_report+0x214/0x214 [ 27.565229] ? show_regs_print_info+0x18/0x18 [ 27.569692] ? __warn+0x1c1/0x200 [ 27.573110] ? _copy_to_user+0xb5/0xc0 [ 27.576960] __warn+0x1dc/0x200 [ 27.580203] ? _copy_to_user+0xb5/0xc0 [ 27.584056] report_bug+0x211/0x2d0 [ 27.587649] fixup_bug.part.11+0x37/0x80 [ 27.591682] do_error_trap+0x2d7/0x3e0 [ 27.595534] ? math_error+0x400/0x400 [ 27.599296] ? __might_fault+0x110/0x1d0 [ 27.603320] ? lock_downgrade+0x980/0x980 [ 27.607431] ? lock_acquire+0x1d5/0x580 [ 27.611368] ? __might_fault+0xe0/0x1d0 [ 27.615308] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.620115] do_invalid_op+0x1b/0x20 [ 27.623793] invalid_op+0x18/0x20 [ 27.627209] RIP: 0010:_copy_to_user+0xb5/0xc0 [ 27.631682] RSP: 0018:ffff8801bd197a80 EFLAGS: 00010206 [ 27.637012] RAX: ffff8801c6706100 RBX: 0000000000000002 RCX: ffffffff8252ecb5 [ 27.644245] RDX: 00000000001f0100 RSI: 0000000000000000 RDI: 0000000000000282 [ 27.651483] RBP: ffff8801bd197aa8 R08: 0000000000000001 R09: 1ffff10037a32f24 [ 27.658720] R10: ffff8801c6706100 R11: fffffbfff0e89321 R12: 0000000020128000 [ 27.665955] R13: ffff8801c510c800 R14: ffff8801c559b088 R15: ffff8801c559b088 [ 27.673205] ? _copy_to_user+0xb5/0xc0 [ 27.677070] seq_read+0xcb4/0x13d0 [ 27.680585] ? seq_lseek+0x3c0/0x3c0 [ 27.684272] ? fsnotify_first_mark+0x2b0/0x2b0 [ 27.688831] ? avc_policy_seqno+0x9/0x20 [ 27.692865] ? selinux_file_permission+0x82/0x460 [ 27.697678] ? seq_lseek+0x3c0/0x3c0 [ 27.701356] proc_reg_read+0xef/0x170 [ 27.705134] do_iter_read+0x3db/0x5b0 [ 27.708902] ? dup_iter+0x260/0x260 [ 27.712495] vfs_readv+0x121/0x1c0 [ 27.716004] ? lock_downgrade+0x980/0x980 [ 27.720117] ? compat_rw_copy_check_uvector+0x2e0/0x2e0 [ 27.725452] ? fget_raw+0x20/0x20 [ 27.728873] ? do_page_fault+0xee/0x720 [ 27.732812] ? __do_page_fault+0xc90/0xc90 [ 27.737010] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 27.743296] ? lockdep_sys_exit+0x47/0xf0 [ 27.747417] ? syscall_return_slowpath+0x2ad/0x550 [ 27.752312] do_preadv+0x11b/0x1a0 [ 27.755815] ? do_preadv+0x11b/0x1a0 [ 27.759495] SyS_preadv+0x30/0x40 [ 27.762916] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 27.767637] RIP: 0033:0x445d19 [ 27.770793] RSP: 002b:00007f698382bd38 EFLAGS: 00000293 ORIG_RAX: 0000000000000127 [ 27.778464] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000445d19 [ 27.785698] RDX: 0000000000000001 RSI: 0000000020a3afb0 RDI: 0000000000000017 [ 27.792933] RBP: 0000000000000000 R08: 00007f698382c700 R09: 0000000000000000 [ 27.800167] R10: 0000000000000067 R11: 0000000000000293 R12: 0000000000000000 [ 27.807400] R13: 00007ffd5a4586ff R14: 00007f698382c9c0 R15: 0000000000000000 [ 27.814672] Dumping ftrace buffer: [ 27.818175] (ftrace buffer empty) [ 27.821857] Kernel Offset: disabled [ 27.825452] Rebooting in 86400 seconds..