[ 46.598784] audit: type=1800 audit(1549318777.179:30): pid=8114 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 51.013517] kauditd_printk_skb: 4 callbacks suppressed [ 51.013531] audit: type=1400 audit(1549318781.629:35): avc: denied { map } for pid=8291 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.89' (ECDSA) to the list of known hosts. executing program [ 57.918077] audit: type=1400 audit(1549318788.529:36): avc: denied { map } for pid=8303 comm="syz-executor262" path="/root/syz-executor262544870" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 57.926096] FAULT_INJECTION: forcing a failure. [ 57.926096] name failslab, interval 1, probability 0, space 0, times 1 [ 57.955523] CPU: 0 PID: 8303 Comm: syz-executor262 Not tainted 5.0.0-rc5 #60 [ 57.962688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.972018] Call Trace: [ 57.974593] dump_stack+0x172/0x1f0 [ 57.978204] should_fail.cold+0xa/0x1b [ 57.982075] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 57.987158] ? n_tty_write+0x531/0x1150 [ 57.991136] __should_failslab+0x121/0x190 [ 57.995373] should_failslab+0x9/0x14 [ 57.999157] __kmalloc+0x71/0x740 [ 58.002594] ? __mutex_lock+0x3cd/0x1310 [ 58.006635] ? add_wait_queue+0x112/0x170 [ 58.010779] ? n_tty_write+0x531/0x1150 [ 58.014757] ? __tty_buffer_request_room+0x1fb/0x5c0 [ 58.019932] __tty_buffer_request_room+0x1fb/0x5c0 [ 58.024850] tty_insert_flip_string_fixed_flag+0x93/0x1f0 [ 58.030382] pty_write+0x133/0x200 [ 58.033918] n_tty_write+0x3ff/0x1150 [ 58.037701] ? process_echoes+0x170/0x170 [ 58.041832] ? do_wait_intr_irq+0x2b0/0x2b0 [ 58.046137] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 58.051745] ? _copy_from_user+0xdd/0x150 [ 58.055877] tty_write+0x45b/0x7a0 [ 58.059401] ? process_echoes+0x170/0x170 [ 58.063548] __vfs_write+0x116/0x8e0 [ 58.067248] ? tty_read+0x2a0/0x2a0 [ 58.070854] ? kernel_read+0x120/0x120 [ 58.074722] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 58.080677] ? __inode_security_revalidate+0xda/0x120 [ 58.085853] ? avc_policy_seqno+0xd/0x70 [ 58.089894] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 58.094893] ? selinux_file_permission+0x92/0x550 [ 58.099715] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 58.105237] ? security_file_permission+0x94/0x320 [ 58.110147] ? check_preemption_disabled+0x48/0x290 [ 58.115162] ? rw_verify_area+0x118/0x360 [ 58.119299] vfs_write+0x20c/0x580 [ 58.122830] ksys_write+0xea/0x1f0 [ 58.126367] ? __ia32_sys_read+0xb0/0xb0 [ 58.130409] ? do_syscall_64+0x26/0x610 [ 58.134367] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.139714] ? do_syscall_64+0x26/0x610 [ 58.143680] __x64_sys_write+0x73/0xb0 [ 58.147553] do_syscall_64+0x103/0x610 [ 58.151441] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.156619] RIP: 0033:0x440639 [ 58.159800] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 58.178703] RSP: 002b:00007fff9a672118 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 58.186402] RAX: ffffffffffffffda RBX: 00007fff9a672130 RCX: 0000000000440639 [ 58.193657] RDX: 0000000000001006 RSI: 0000000020001640 RDI: 0000000000000003 [ 58.200907] RBP: 0000000000000006 R08: 0000000000000001 R09: 00000000000000c2 [ 58.208157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401de0 [ 58.215409] R13: 0000000000401e70 R14: 0000000000000000 R15: 0000000000000000 [ 58.222672] [ 58.222675] ====================================================== [ 58.222679] WARNING: possible circular locking dependency detected [ 58.222681] 5.0.0-rc5 #60 Not tainted [ 58.222684] ------------------------------------------------------ [ 58.222687] syz-executor262/8303 is trying to acquire lock: [ 58.222689] 000000006ba00706 (console_owner){-.-.}, at: vprintk_emit+0x3d5/0x6d0 [ 58.222697] [ 58.222699] but task is already holding lock: [ 58.222701] 000000003c4df63c (&(&port->lock)->rlock){-.-.}, at: pty_write+0xff/0x200 [ 58.222709] [ 58.222712] which lock already depends on the new lock. [ 58.222713] [ 58.222715] [ 58.222718] the existing dependency chain (in reverse order) is: [ 58.222719] [ 58.222720] -> #2 (&(&port->lock)->rlock){-.-.}: [ 58.222728] _raw_spin_lock_irqsave+0x95/0xcd [ 58.222730] tty_port_tty_get+0x22/0x80 [ 58.222733] tty_port_default_wakeup+0x16/0x40 [ 58.222735] tty_port_tty_wakeup+0x5d/0x70 [ 58.222738] uart_write_wakeup+0x46/0x70 [ 58.222740] serial8250_tx_chars+0x4a4/0xb20 [ 58.222743] serial8250_handle_irq.part.0+0x1be/0x2e0 [ 58.222746] serial8250_default_handle_irq+0xc5/0x150 [ 58.222748] serial8250_interrupt+0xfb/0x1a0 [ 58.222751] __handle_irq_event_percpu+0x146/0x900 [ 58.222753] handle_irq_event_percpu+0x74/0x160 [ 58.222756] handle_irq_event+0xa7/0x134 [ 58.222758] handle_edge_irq+0x232/0x8a0 [ 58.222760] handle_irq+0x252/0x3d8 [ 58.222762] do_IRQ+0x99/0x1d0 [ 58.222764] ret_from_intr+0x0/0x1e [ 58.222766] native_safe_halt+0x2/0x10 [ 58.222769] arch_cpu_idle+0x10/0x20 [ 58.222771] default_idle_call+0x36/0x90 [ 58.222773] do_idle+0x386/0x570 [ 58.222775] cpu_startup_entry+0x1b/0x20 [ 58.222778] start_secondary+0x404/0x5c0 [ 58.222780] secondary_startup_64+0xa4/0xb0 [ 58.222781] [ 58.222782] -> #1 (&port_lock_key){-.-.}: [ 58.222799] _raw_spin_lock_irqsave+0x95/0xcd [ 58.222806] serial8250_console_write+0x253/0x9c0 [ 58.222809] univ8250_console_write+0x5f/0x70 [ 58.222811] console_unlock+0xbc6/0x10a0 [ 58.222813] vprintk_emit+0x280/0x6d0 [ 58.222816] vprintk_default+0x28/0x30 [ 58.222818] vprintk_func+0x7e/0x189 [ 58.222820] printk+0xba/0xed [ 58.222822] register_console+0x74d/0xb50 [ 58.222825] univ8250_console_init+0x3e/0x4b [ 58.222827] console_init+0x4f7/0x761 [ 58.222830] start_kernel+0x568/0x841 [ 58.222832] x86_64_start_reservations+0x29/0x2b [ 58.222835] x86_64_start_kernel+0x77/0x7b [ 58.222837] secondary_startup_64+0xa4/0xb0 [ 58.222838] [ 58.222840] -> #0 (console_owner){-.-.}: [ 58.222848] lock_acquire+0x16f/0x3f0 [ 58.222850] vprintk_emit+0x412/0x6d0 [ 58.222852] vprintk_default+0x28/0x30 [ 58.222855] vprintk_func+0x7e/0x189 [ 58.222857] printk+0xba/0xed [ 58.222859] should_fail+0x6f1/0x85c [ 58.222861] __should_failslab+0x121/0x190 [ 58.222864] should_failslab+0x9/0x14 [ 58.222866] __kmalloc+0x71/0x740 [ 58.222869] __tty_buffer_request_room+0x1fb/0x5c0 [ 58.222872] tty_insert_flip_string_fixed_flag+0x93/0x1f0 [ 58.222874] pty_write+0x133/0x200 [ 58.222876] n_tty_write+0x3ff/0x1150 [ 58.222878] tty_write+0x45b/0x7a0 [ 58.222880] __vfs_write+0x116/0x8e0 [ 58.222883] vfs_write+0x20c/0x580 [ 58.222885] ksys_write+0xea/0x1f0 [ 58.222887] __x64_sys_write+0x73/0xb0 [ 58.222889] do_syscall_64+0x103/0x610 [ 58.222892] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.222893] [ 58.222896] other info that might help us debug this: [ 58.222897] [ 58.222899] Chain exists of: [ 58.222900] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 58.222910] [ 58.222913] Possible unsafe locking scenario: [ 58.222914] [ 58.222916] CPU0 CPU1 [ 58.222919] ---- ---- [ 58.222920] lock(&(&port->lock)->rlock); [ 58.222926] lock(&port_lock_key); [ 58.222931] lock(&(&port->lock)->rlock); [ 58.222936] lock(console_owner); [ 58.222940] [ 58.222942] *** DEADLOCK *** [ 58.222943] [ 58.222946] 5 locks held by syz-executor262/8303: [ 58.222947] #0: 00000000f1901091 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 58.222956] #1: 00000000f15091b4 (&tty->atomic_write_lock){+.+.}, at: tty_write_lock+0x23/0x90 [ 58.222966] #2: 00000000b498a78e (&o_tty->termios_rwsem/1){++++}, at: n_tty_write+0x1ab/0x1150 [ 58.222977] #3: 000000005495527c (&ldata->output_lock){+.+.}, at: n_tty_write+0x531/0x1150 [ 58.222986] #4: 000000003c4df63c (&(&port->lock)->rlock){-.-.}, at: pty_write+0xff/0x200 [ 58.222996] [ 58.222997] stack backtrace: [ 58.223001] CPU: 0 PID: 8303 Comm: syz-executor262 Not tainted 5.0.0-rc5 #60 [ 58.223005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.223007] Call Trace: [ 58.223009] dump_stack+0x172/0x1f0 [ 58.223012] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 58.223014] __lock_acquire+0x2f00/0x4700 [ 58.223017] ? mark_held_locks+0x100/0x100 [ 58.223019] ? find_held_lock+0x35/0x130 [ 58.223021] ? vprintk_emit+0x3ed/0x6d0 [ 58.223024] ? kasan_check_read+0x11/0x20 [ 58.223026] lock_acquire+0x16f/0x3f0 [ 58.223028] ? vprintk_emit+0x3d5/0x6d0 [ 58.223030] vprintk_emit+0x412/0x6d0 [ 58.223033] ? vprintk_emit+0x3d5/0x6d0 [ 58.223035] vprintk_default+0x28/0x30 [ 58.223037] vprintk_func+0x7e/0x189 [ 58.223039] printk+0xba/0xed [ 58.223042] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 58.223044] ? lock_downgrade+0x810/0x810 [ 58.223047] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 58.223049] ? ___ratelimit+0x60/0x595 [ 58.223051] should_fail+0x6f1/0x85c [ 58.223054] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 58.223056] ? n_tty_write+0x531/0x1150 [ 58.223059] __should_failslab+0x121/0x190 [ 58.223061] should_failslab+0x9/0x14 [ 58.223063] __kmalloc+0x71/0x740 [ 58.223065] ? __mutex_lock+0x3cd/0x1310 [ 58.223068] ? add_wait_queue+0x112/0x170 [ 58.223070] ? n_tty_write+0x531/0x1150 [ 58.223073] ? __tty_buffer_request_room+0x1fb/0x5c0 [ 58.223076] __tty_buffer_request_room+0x1fb/0x5c0 [ 58.223078] tty_insert_flip_string_fixed_flag+0x93/0x1f0 [ 58.223081] pty_write+0x133/0x200 [ 58.223083] n_tty_write+0x3ff/0x1150 [ 58.223085] ? process_echoes+0x170/0x170 [ 58.223088] ? do_wait_intr_irq+0x2b0/0x2b0 [ 58.223091] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 58.223093] ? _copy_from_user+0xdd/0x150 [ 58.223095] tty_write+0x45b/0x7a0 [ 58.223098] ? process_echoes+0x170/0x170 [ 58.223100] __vfs_write+0x116/0x8e0 [ 58.223102] ? tty_read+0x2a0/0x2a0 [ 58.223105] ? kernel_read+0x120/0x120 [ 58.223107] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 58.223110] ? __inode_security_revalidate+0xda/0x120 [ 58.223113] ? avc_policy_seqno+0xd/0x70 [ 58.223115] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 58.223118] ? selinux_file_permission+0x92/0x550 [ 58.223121] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 58.223124] ? security_file_permission+0x94/0x320 [ 58.223126] ? check_preemption_disabled+0x48/0x290 [ 58.223129] ? rw_verify_area+0x118/0x360 [ 58.223131] vfs_write+0x20c/0x580 [ 58.223133] ksys_write+0xea/0x1f0 [ 58.223135] ? __ia32_sys_read+0xb0/0xb0 [ 58.223137] ? do_syscall_64+0x26/0x610 [ 58.223140] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.223143] ? do_syscall_64+0x26/0x610 [ 58.223145] __x64_sys_write+0x73/0xb0 [ 58.223147] do_syscall_64+0x103/0x610 [ 58.223150] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.223152] RIP: 0033:0x440639 [ 58.223160] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 58.223163] RSP: 002b:00007fff9a672118 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 58.223168] RAX: ffffffffffffffda RBX: 00007fff9a672130 RCX: 0000000000440639 [ 58.223172] RDX: 0000000000001006 RSI: 0000000020001640 RDI: 0000000000000003 [ 58.223176] RBP: 0000000000000006 R08: 0000000000000001 R09: 00000000000000c2 [ 58.223179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401de0 [ 58.223183] R13: 0000000000401e70 R14: 0000000000000000