[....] Starting enhanced syslogd: rsyslogd[ 16.992930] audit: type=1400 audit(1520558926.220:5): avc: denied { syslog } for pid=4034 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.038966] audit: type=1400 audit(1520558931.266:6): avc: denied { map } for pid=4173 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.10.20' (ECDSA) to the list of known hosts. executing program [ 28.432610] audit: type=1400 audit(1520558937.660:7): avc: denied { map } for pid=4187 comm="syzkaller951783" path="/root/syzkaller951783739" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 28.436869] FAULT_INJECTION: forcing a failure. [ 28.436869] name failslab, interval 1, probability 0, space 0, times 1 [ 28.469785] CPU: 1 PID: 4187 Comm: syzkaller951783 Not tainted 4.16.0-rc4+ #258 [ 28.477214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.486541] Call Trace: [ 28.489111] dump_stack+0x194/0x24d [ 28.492725] ? arch_local_irq_restore+0x53/0x53 [ 28.497377] should_fail+0x8c0/0xa40 [ 28.501064] ? trace_hardirqs_off+0x10/0x10 [ 28.505361] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 28.510439] ? is_bpf_text_address+0x7b/0x120 [ 28.514921] ? trace_hardirqs_off+0x10/0x10 [ 28.519241] ? print_irqtrace_events+0x270/0x270 [ 28.523988] ? depot_save_stack+0x2ca/0x460 [ 28.528287] ? find_held_lock+0x35/0x1d0 [ 28.532330] ? nametbl_find_seq+0x1d0/0x580 [ 28.536625] ? lock_downgrade+0x980/0x980 [ 28.540749] ? lock_release+0xa40/0xa40 [ 28.544702] should_failslab+0xec/0x120 [ 28.548658] kmem_cache_alloc_trace+0x4b/0x740 [ 28.553216] ? nametbl_find_seq+0x3dd/0x580 [ 28.557514] tipc_nameseq_create+0xad/0x540 [ 28.561806] ? lock_release+0xa40/0xa40 [ 28.565753] ? __tipc_nl_add_monitor+0xf80/0xf80 [ 28.570489] ? tipc_nametbl_subscribe+0x2bc/0xf80 [ 28.575307] tipc_nametbl_subscribe+0xb8e/0xf80 [ 28.579948] ? print_irqtrace_events+0x270/0x270 [ 28.584674] ? find_held_lock+0x35/0x1d0 [ 28.588713] ? __lock_is_held+0xb6/0x140 [ 28.592747] ? tipc_nametbl_withdraw+0x6e0/0x6e0 [ 28.597478] ? mark_held_locks+0xaf/0x100 [ 28.601600] ? __raw_spin_lock_init+0x1c/0x100 [ 28.606164] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 28.611155] ? __lockdep_init_map+0xe4/0x650 [ 28.615546] ? lockdep_init_map+0x9/0x10 [ 28.619583] tipc_sub_subscribe+0x342/0x510 [ 28.624053] ? tipc_sub_get+0x20/0x20 [ 28.627833] tipc_conn_rcv_sub.isra.5+0x383/0x760 [ 28.632647] ? tipc_conn_close+0x140/0x140 [ 28.636857] ? lock_release+0xa40/0xa40 [ 28.640807] ? __lock_is_held+0xb6/0x140 [ 28.644857] tipc_topsrv_kern_subscr+0x5fb/0x9d0 [ 28.649602] ? tipc_topsrv_queue_evt+0x6d0/0x6d0 [ 28.654343] ? tipc_group_create+0x2b6/0x980 [ 28.658736] ? lock_downgrade+0x980/0x980 [ 28.662891] ? memset+0x31/0x40 [ 28.666162] ? tipc_bcast_stop+0x350/0x350 [ 28.670392] tipc_group_create+0x6ed/0x980 [ 28.674604] ? tipc_group_size+0x50/0x50 [ 28.678645] ? mark_held_locks+0xaf/0x100 [ 28.682763] ? do_raw_spin_trylock+0x190/0x190 [ 28.687319] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 28.692305] ? lock_sock_nested+0x91/0x110 [ 28.696511] ? trace_hardirqs_on+0xd/0x10 [ 28.700629] ? __local_bh_enable_ip+0x121/0x230 [ 28.705281] tipc_setsockopt+0x28a/0xcf0 [ 28.709317] ? tipc_sk_leave+0x200/0x200 [ 28.713363] ? security_socket_setsockopt+0x89/0xb0 [ 28.718354] SyS_setsockopt+0x189/0x360 [ 28.722301] ? SyS_recv+0x40/0x40 [ 28.725725] ? SyS_write+0x184/0x220 [ 28.729415] ? SyS_read+0x220/0x220 [ 28.733020] ? do_syscall_64+0xb7/0x940 [ 28.736971] ? SyS_recv+0x40/0x40 [ 28.740397] do_syscall_64+0x281/0x940 [ 28.744255] ? __do_page_fault+0xc90/0xc90 [ 28.748468] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 28.753203] ? syscall_return_slowpath+0x550/0x550 [ 28.758105] ? syscall_return_slowpath+0x2ac/0x550 [ 28.763007] ? prepare_exit_to_usermode+0x350/0x350 [ 28.768004] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 28.773350] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 28.778169] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 28.783334] RIP: 0033:0x440409 [ 28.786496] RSP: 002b:00007ffd4b6bf118 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 28.794173] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440409 [ 28.801414] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000003 [ 28.808655] RBP: 00000000006cb018 R08: 0000000000000010 R09: 00007ffd4b6b0034 [ 28.815893] R10: 0000000020265000 R11: 0000000000000246 R12: 0000000000000004 [ 28.823133] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000 [ 28.830470] Name sequence creation failed, no memory [ 28.835589] Failed to create subscription for {1020,0,4294967295} [ 28.843538] list_del corruption. prev->next should be 00000000f6eff561, but was (null) [ 28.852598] ------------[ cut here ]------------ [ 28.857326] kernel BUG at lib/list_debug.c:53! [ 28.862093] invalid opcode: 0000 [#1] SMP KASAN [ 28.866744] Dumping ftrace buffer: [ 28.870253] (ftrace buffer empty) [ 28.873930] Modules linked in: [ 28.877097] CPU: 0 PID: 4187 Comm: syzkaller951783 Not tainted 4.16.0-rc4+ #258 [ 28.884509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.893837] RIP: 0010:__list_del_entry_valid+0xef/0x150 [ 28.899168] RSP: 0018:ffff8801b7ed6ec8 EFLAGS: 00010282 [ 28.904498] RAX: 0000000000000054 RBX: ffffffff879ffd20 RCX: 0000000000000000 [ 28.911746] RDX: 0000000000000054 RSI: 1ffff10036fdad8e RDI: ffffed0036fdadcd [ 28.918987] RBP: ffff8801b7ed6ee0 R08: 1ffff10036fdad25 R09: 0000000000000000 [ 28.926230] R10: ffff8801b7ed6da8 R11: 0000000000000000 R12: ffffffffffffffff [ 28.933469] R13: ffff8801b7ed7080 R14: ffff8801b7f6d998 R15: ffff8801d59c6c00 [ 28.940711] FS: 0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 [ 28.948907] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.954759] CR2: 00007f3357e55000 CR3: 0000000006e22001 CR4: 00000000001606f0 [ 28.962003] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 28.969248] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 28.976488] Call Trace: [ 28.979057] ? _raw_spin_lock_bh+0x39/0x40 [ 28.983269] tipc_nametbl_unsubscribe+0x337/0x990 [ 28.988082] ? __lock_acquire+0x664/0x3e00 [ 28.992290] ? tipc_nametbl_subscribe+0xf80/0xf80 [ 28.997106] ? trace_hardirqs_off+0x10/0x10 [ 29.001404] ? lock_acquire+0x1d5/0x580 [ 29.005363] ? lock_acquire+0x1d5/0x580 [ 29.009309] ? tipc_conn_delete_sub+0x237/0x4a0 [ 29.013949] ? tipc_conn_delete_sub+0x1f0/0x4a0 [ 29.018594] tipc_sub_unsubscribe+0x6d/0x2e0 [ 29.022974] ? tipc_sub_subscribe+0x510/0x510 [ 29.027441] ? tipc_conn_delete_sub+0x237/0x4a0 [ 29.032081] tipc_conn_delete_sub+0x324/0x4a0 [ 29.036546] ? tipc_topsrv_accept+0x340/0x340 [ 29.041014] ? trace_hardirqs_on+0xd/0x10 [ 29.045136] ? __local_bh_enable_ip+0x121/0x230 [ 29.049776] ? _raw_spin_unlock_bh+0x30/0x40 [ 29.054154] tipc_topsrv_kern_unsubscr+0x21d/0x350 [ 29.059054] ? tipc_dest_del+0x350/0x350 [ 29.063082] ? tipc_topsrv_kern_subscr+0x9d0/0x9d0 [ 29.067979] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 29.073145] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 29.078305] ? tipc_node_distr_xmit+0x212/0x2b0 [ 29.082945] tipc_group_delete+0x2c0/0x3d0 [ 29.087150] ? tipc_group_create+0x980/0x980 [ 29.091526] ? __tipc_shutdown+0x916/0xc80 [ 29.095732] ? find_held_lock+0x35/0x1d0 [ 29.099765] ? tipc_sk_respond+0x550/0x550 [ 29.103977] tipc_sk_leave+0x10b/0x200 [ 29.107835] ? tipc_sk_withdraw+0x6b0/0x6b0 [ 29.112136] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 29.117124] ? lock_sock_nested+0x91/0x110 [ 29.121341] ? __local_bh_enable_ip+0x121/0x230 [ 29.125982] tipc_release+0x154/0xff0 [ 29.129754] ? mntput_no_expire+0x130/0xa90 [ 29.134046] ? tipc_sk_backlog_rcv+0x390/0x390 [ 29.138596] ? lock_release+0xa40/0xa40 [ 29.142539] ? list_lru_count_node+0x70/0x70 [ 29.146920] ? do_raw_spin_trylock+0x190/0x190 [ 29.151471] ? locks_remove_file+0x3fa/0x5a0 [ 29.155853] ? fcntl_setlk+0x1100/0x1100 [ 29.159881] ? fsnotify+0x7b3/0x1140 [ 29.163567] ? fsnotify_first_mark+0x2b0/0x2b0 [ 29.168118] sock_release+0x8d/0x1e0 [ 29.172159] ? sock_alloc_file+0x560/0x560 [ 29.176361] sock_close+0x16/0x20 [ 29.179785] __fput+0x327/0x7e0 [ 29.183044] ? fput+0x140/0x140 [ 29.186295] ? check_same_owner+0x320/0x320 [ 29.190589] ? _raw_spin_unlock_irq+0x27/0x70 [ 29.195055] ____fput+0x15/0x20 [ 29.198315] task_work_run+0x199/0x270 [ 29.202182] ? task_work_cancel+0x210/0x210 [ 29.206477] ? _raw_spin_unlock+0x22/0x30 [ 29.210600] ? switch_task_namespaces+0x87/0xc0 [ 29.215240] do_exit+0x9bb/0x1ad0 [ 29.218661] ? _raw_spin_unlock_irq+0x27/0x70 [ 29.223124] ? finish_task_switch+0x1c1/0x7e0 [ 29.227590] ? mm_update_next_owner+0x930/0x930 [ 29.232225] ? copy_overflow+0x20/0x20 [ 29.236088] ? __schedule+0x903/0x1ec0 [ 29.239946] ? __sched_text_start+0x8/0x8 [ 29.244062] ? __local_bh_enable_ip+0x121/0x230 [ 29.248701] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 29.253686] ? release_sock+0x1d4/0x2a0 [ 29.257631] ? __local_bh_enable_ip+0x121/0x230 [ 29.262268] ? _raw_spin_unlock_bh+0x30/0x40 [ 29.266645] ? release_sock+0x1d4/0x2a0 [ 29.270588] ? __release_sock+0x360/0x360 [ 29.274706] ? tipc_nametbl_build_group+0x2a0/0x3a0 [ 29.279696] ? schedule+0xf5/0x430 [ 29.283212] ? __schedule+0x1ec0/0x1ec0 [ 29.287163] ? security_socket_setsockopt+0x89/0xb0 [ 29.292159] ? exit_to_usermode_loop+0x8c/0x2f0 [ 29.296799] do_group_exit+0x149/0x400 [ 29.300657] ? trace_hardirqs_off+0xd/0x10 [ 29.304865] ? exit_to_usermode_loop+0x198/0x2f0 [ 29.309593] ? SyS_exit+0x30/0x30 [ 29.313024] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 29.318536] ? do_syscall_64+0xb7/0x940 [ 29.322480] ? do_group_exit+0x400/0x400 [ 29.326519] SyS_exit_group+0x1d/0x20 [ 29.330290] do_syscall_64+0x281/0x940 [ 29.334146] ? __do_page_fault+0xc90/0xc90 [ 29.338352] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 29.343078] ? syscall_return_slowpath+0x550/0x550 [ 29.347977] ? syscall_return_slowpath+0x2ac/0x550 [ 29.352877] ? prepare_exit_to_usermode+0x350/0x350 [ 29.357865] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 29.363206] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.368027] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 29.373188] RIP: 0033:0x43f0c8 [ 29.376346] RSP: 002b:00007ffd4b6bf148 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 29.384027] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f0c8 [ 29.391276] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 29.398514] RBP: 00000000004bf1a8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 29.405755] R10: 0000000020265000 R11: 0000000000000246 R12: 0000000000000001 [ 29.412993] R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000 [ 29.420243] Code: 4c 89 e2 48 c7 c7 c0 7c 40 86 e8 75 f6 fb fe 0f 0b 48 c7 c7 20 7d 40 86 e8 67 f6 fb fe 0f 0b 48 c7 c7 80 7d 40 86 e8 59 f6 fb fe <0f> 0b 48 c7 c7 e0 7d 40 86 e8 4b f6 fb fe 0f 0b 48 89 df 48 89 [ 29.439576] RIP: __list_del_entry_valid+0xef/0x150 RSP: ffff8801b7ed6ec8 [ 29.446412] ---[ end trace 1d4e489a074c9174 ]--- [ 29.451155] Kernel panic - not syncing: Fatal exception in interrupt [ 29.457995] Dumping ftrace buffer: [ 29.461508] (ftrace buffer empty) [ 29.465185] Kernel Offset: disabled [ 29.468781] Rebooting in 86400 seconds..