[....] Starting enhanced syslogd: rsyslogd[ 13.059763] audit: type=1400 audit(1516549683.062:4): avc: denied { syslog } for pid=3172 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.45' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program syzkaller login: [ 24.938544] BUG: sleeping function called from invalid context at net/core/sock.c:2502 [ 24.946621] in_atomic(): 1, irqs_disabled(): 0, pid: 3340, name: syzkaller229718 [ 24.954153] 2 locks held by syzkaller229718/3340: [ 24.958997] #0: (&mm->mmap_sem){++++++}, at: [] __do_page_fault+0x319/0xd40 [ 24.968299] #1: (rcu_callback){......}, at: [] rcu_process_callbacks+0x977/0x1300 [ 24.978146] Preemption disabled at:[ 24.981593] [] __do_softirq+0xdb/0x951 [ 24.987043] CPU: 0 PID: 3340 Comm: syzkaller229718 Not tainted 4.9.77-ge12a9c4 #27 [ 24.994717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.004044] ffff8801db207cd8 ffffffff81d941c9 ffffffff838b971b 0000000000000000 [ 25.012022] 0000000000000100 ffff8801cc734800 ffff8801cc734800 ffff8801db207d10 [ 25.019995] ffffffff811b9b24 ffff8801cc734800 ffffffff83edcd20 00000000000009c6 [ 25.027964] Call Trace: [ 25.030517] [ 25.032552] [] dump_stack+0xc1/0x128 [ 25.037905] [] ? __do_softirq+0xdb/0x951 [ 25.043588] [] ___might_sleep+0x2f4/0x470 [ 25.049354] [] __might_sleep+0x95/0x1a0 [ 25.054954] [] ? trace_hardirqs_on_caller+0x266/0x590 [ 25.061766] [] lock_sock_nested+0x34/0x120 [ 25.067623] [] ? pppol2tp_recvmsg+0x2b0/0x2b0 [ 25.073739] [] inet_shutdown+0x62/0x350 [ 25.079333] [] ? pppol2tp_recvmsg+0x2b0/0x2b0 [ 25.085450] [] pppol2tp_session_close+0xa0/0xe0 [ 25.091742] [] l2tp_tunnel_closeall+0x21f/0x3a0 [ 25.098031] [] l2tp_tunnel_destruct+0x30e/0x5a0 [ 25.104322] [] ? l2tp_tunnel_destruct+0x1aa/0x5a0 [ 25.110784] [] ? l2tp_tunnel_del_work+0x460/0x460 [ 25.117251] [] __sk_destruct+0x53/0x570 [ 25.122850] [] rcu_process_callbacks+0x898/0x1300 [ 25.129316] [] ? rcu_process_callbacks+0x977/0x1300 [ 25.135955] [] ? __sk_dst_check+0x240/0x240 [ 25.141901] [] __do_softirq+0x206/0x951 [ 25.147504] [] irq_exit+0x165/0x190 [ 25.152754] [] smp_apic_timer_interrupt+0x7b/0xa0 [ 25.159219] [] apic_timer_interrupt+0xa0/0xb0 [ 25.165331] [ 25.167368] [] ? clear_huge_page+0x89/0x470 [ 25.173330] [] ? debug_lockdep_rcu_enabled+0x6e/0x90 [ 25.180052] [] ___might_sleep+0x31/0x470 [ 25.185735] [] clear_huge_page+0x9c/0x470 [ 25.191504] [] ? __raw_spin_lock_init+0x2d/0x100 [ 25.197884] [] do_huge_pmd_anonymous_page+0x6c2/0x10d0 [ 25.204784] [] handle_mm_fault+0x158b/0x2530 [ 25.210817] [] ? __pmd_alloc+0x410/0x410 [ 25.216503] [] ? __lock_is_held+0xa1/0xf0 [ 25.222275] [] __do_page_fault+0x5c2/0xd40 [ 25.228137] [] ? mm_fault_error+0x2c0/0x2c0 [ 25.234087] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.240726] [] do_page_fault+0x27/0x30 [ 25.246240] [] page_fault+0x28/0x30 [ 25.251704] [ 25.253313] ================================= [ 25.257776] [ INFO: inconsistent lock state ] [ 25.262242] 4.9.77-ge12a9c4 #27 Tainted: G W [ 25.267745] --------------------------------- [ 25.272211] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. [ 25.278326] syzkaller229718/3340 [HC0[0]:SC1[3]:HE1:SE0] takes: [ 25.284349] (sk_lock-AF_PPPOX){+.?.+.}, at: [] inet_shutdown+0x62/0x350 {SOFTIRQ-ON-W} state was registered at: [ 25.296770] mark_held_locks+0xaf/0x100 [ 25.300802] trace_hardirqs_on_caller+0x38b/0x590 [ 25.305699] trace_hardirqs_on+0xd/0x10 [ 25.309732] __local_bh_enable_ip+0x6a/0xd0 [ 25.314117] lock_sock_nested+0xdc/0x120 [ 25.318234] pppol2tp_connect+0xd3/0x18f0 [ 25.322439] SYSC_connect+0x1b6/0x310 [ 25.326294] SyS_connect+0x24/0x30 [ 25.329891] do_fast_syscall_32+0x2f7/0x890 [ 25.334267] entry_SYSENTER_compat+0x74/0x83 [ 25.338727] irq event stamp: 436 [ 25.342063] hardirqs last enabled at (436): [] restore_regs_and_iret+0x0/0x1d [ 25.350960] hardirqs last disabled at (435): [] apic_timer_interrupt+0x9b/0xb0 [ 25.359869] softirqs last enabled at (290): [] release_sock+0x14c/0x1c0 [ 25.368245] softirqs last disabled at (333): [] irq_exit+0x165/0x190 [ 25.376263] [ 25.376263] other info that might help us debug this: [ 25.382897] Possible unsafe locking scenario: [ 25.382897] [ 25.388928] CPU0 [ 25.391480] ---- [ 25.394031] lock(sk_lock-AF_PPPOX); [ 25.398032] [ 25.400766] lock(sk_lock-AF_PPPOX); [ 25.404946] [ 25.404946] *** DEADLOCK *** [ 25.404946] [ 25.410975] 2 locks held by syzkaller229718/3340: [ 25.415784] #0: (&mm->mmap_sem){++++++}, at: [] __do_page_fault+0x319/0xd40 [ 25.425078] #1: (rcu_callback){......}, at: [] rcu_process_callbacks+0x977/0x1300 [ 25.434888] [ 25.434888] stack backtrace: [ 25.439357] CPU: 0 PID: 3340 Comm: syzkaller229718 Tainted: G W 4.9.77-ge12a9c4 #27 [ 25.448258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.457585] ffff8801db207a50 ffffffff81d941c9 ffff8801cc734800 ffffffff853c14d0 [ 25.465578] ffff8801cc735100 ffffffff83a5f240 0000000000000000 ffff8801db207ac0 [ 25.473562] ffffffff8123a0b6 0000000000000003 ffff880100000001 ffff880100000000 [ 25.481524] Call Trace: [ 25.484074] [ 25.486121] [] dump_stack+0xc1/0x128 [ 25.491475] [] print_usage_bug+0x356/0x3b0 [ 25.497330] [] ? save_stack_trace+0x16/0x20 [ 25.503272] [] mark_lock+0xca2/0xfd0 [ 25.508609] [] ? check_usage_backwards+0x300/0x300 [ 25.515158] [] __lock_acquire+0xb4c/0x3640 [ 25.521016] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 25.527997] [] ? retint_kernel+0x2d/0x2d [ 25.533675] [] lock_acquire+0x12e/0x410 [ 25.539270] [] ? inet_shutdown+0x62/0x350 [ 25.545039] [] lock_sock_nested+0xc6/0x120 [ 25.550895] [] ? inet_shutdown+0x62/0x350 [ 25.556662] [] ? pppol2tp_recvmsg+0x2b0/0x2b0 [ 25.562782] [] inet_shutdown+0x62/0x350 [ 25.568383] [] ? pppol2tp_recvmsg+0x2b0/0x2b0 [ 25.574497] [] pppol2tp_session_close+0xa0/0xe0 [ 25.580786] [] l2tp_tunnel_closeall+0x21f/0x3a0 [ 25.587072] [] l2tp_tunnel_destruct+0x30e/0x5a0 [ 25.593362] [] ? l2tp_tunnel_destruct+0x1aa/0x5a0 [ 25.599823] [] ? l2tp_tunnel_del_work+0x460/0x460 [ 25.606286] [] __sk_destruct+0x53/0x570 [ 25.611879] [] rcu_process_callbacks+0x898/0x1300 [ 25.618341] [] ? rcu_process_callbacks+0x977/0x1300 [ 25.624983] [] ? __sk_dst_check+0x240/0x240 [ 25.630925] [] __do_softirq+0x206/0x951 [ 25.636522] [] irq_exit+0x165/0x190 [ 25.641768] [] smp_apic_timer_interrupt+0x7b/0xa0 [ 25.648228] [] apic_timer_interrupt+0xa0/0xb0 [ 25.654340] [ 25.656373] [] ? clear_huge_page+0x89/0x470 [ 25.662333] [] ? debug_lockdep_rcu_enabled+0x6e/0x90 [ 25.669058] [] ___might_sleep+0x31/0x470 [ 25.674746] [] clear_huge_page+0x9c/0x470 [ 25.680516] [] ? __raw_spin_lock_init+0x2d/0x100 [ 25.686897] [] do_huge_pmd_anonymous_page+0x6c2/0x10d0 [ 25.693793] [] handle_mm_fault+0x158b/0x2530 [ 25.699823] [] ? __pmd_alloc+0x410/0x410 [ 25.705510] [] ? __lock_is_held+0xa1/0xf0 [ 25.711282] [] __do_page_fault+0x5c2/0xd40 [ 25.717138] [] ? mm_fault_error+0x2c0/0x2c0 [ 25.723089] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.729723] [] do_page_fault+0x27/0x30 [ 25.735234] [] page_fault+0x28/0x30 [ 25.740514] ------------[ cut here ]------------ [ 25.745255] WARNING: CPU: 0 PID: 3340 at net/ipv4/af_inet.c:167 inet_sock_destruct+0x5f6/0x7b0 [ 25.754003] Kernel panic - not syncing: panic_on_warn set ... [ 25.754003] [ 25.761996] CPU: 0 PID: 3340 Comm: syzkaller229718 Tainted: G W 4.9.77-ge12a9c4 #27 [ 25.770889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.780217] ffff8801db207cb8 ffffffff81d941c9 ffffffff83a47bc0 ffff8801db207d90 [ 25.788182] ffffffff83f2f000 ffffffff832ebc36 0000000000000009 ffff8801db207d80 [ 25.796158] ffffffff8142f3c1 0000000041b58ab3 ffffffff8418ab70 ffffffff8142f205 [ 25.804142] Call Trace: [ 25.806696] [ 25.808734] [] dump_stack+0xc1/0x128 [ 25.814095] [] ? inet_sock_destruct+0x5f6/0x7b0 [ 25.820383] [] panic+0x1bc/0x3a8 [ 25.825373] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 25.833573] [] ? load_image_and_restore+0xf9/0xf9 [ 25.840036] [] ? __warn+0x1a9/0x1e0 [ 25.845282] [] ? inet_sock_destruct+0x5f6/0x7b0 [ 25.851569] [] __warn+0x1c4/0x1e0 [ 25.856643] [] warn_slowpath_null+0x2c/0x40 [ 25.862588] [] inet_sock_destruct+0x5f6/0x7b0 [ 25.868712] [] ? ipv4_mib_init_net+0x560/0x560 [ 25.874912] [] l2tp_tunnel_destruct+0x352/0x5a0 [ 25.881200] [] ? l2tp_tunnel_destruct+0x1aa/0x5a0 [ 25.887663] [] ? l2tp_tunnel_del_work+0x460/0x460 [ 25.894127] [] __sk_destruct+0x53/0x570 [ 25.899725] [] rcu_process_callbacks+0x898/0x1300 [ 25.906189] [] ? rcu_process_callbacks+0x977/0x1300 [ 25.912829] [] ? __sk_dst_check+0x240/0x240 [ 25.918773] [] __do_softirq+0x206/0x951 [ 25.924367] [] irq_exit+0x165/0x190 [ 25.929615] [] smp_apic_timer_interrupt+0x7b/0xa0 [ 25.936077] [] apic_timer_interrupt+0xa0/0xb0 [ 25.942188] [ 25.944225] [] ? clear_huge_page+0x89/0x470 [ 25.950182] [] ? debug_lockdep_rcu_enabled+0x6e/0x90 [ 25.956907] [] ___might_sleep+0x31/0x470 [ 25.962589] [] clear_huge_page+0x9c/0x470 [ 25.968360] [] ? __raw_spin_lock_init+0x2d/0x100 [ 25.974736] [] do_huge_pmd_anonymous_page+0x6c2/0x10d0 [ 25.981632] [] handle_mm_fault+0x158b/0x2530 [ 25.987661] [] ? __pmd_alloc+0x410/0x410 [ 25.993343] [] ? __lock_is_held+0xa1/0xf0 [ 25.999112] [] __do_page_fault+0x5c2/0xd40 [ 26.004966] [] ? mm_fault_error+0x2c0/0x2c0 [ 26.010911] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 26.017546] [] do_page_fault+0x27/0x30 [ 26.023061] [] page_fault+0x28/0x30 [ 26.028777] Dumping ftrace buffer: [ 26.032288] (ftrace buffer empty) [ 26.035969] Kernel Offset: disabled [ 26.039563] Rebooting in 86400 seconds..