[ 65.676576][ T26] audit: type=1800 audit(1572061132.851:33): pid=9111 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 68.742351][ T26] kauditd_printk_skb: 7 callbacks suppressed [ 68.742366][ T26] audit: type=1400 audit(1572061135.921:41): avc: denied { map } for pid=9289 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.229' (ECDSA) to the list of known hosts. [ 134.940272][ T26] audit: type=1400 audit(1572061202.121:42): avc: denied { map } for pid=9301 comm="syz-executor076" path="/root/syz-executor076212619" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 135.037314][ T9302] IPVS: ftp: loaded support on port[0] = 21 executing program [ 135.066266][ T26] audit: type=1400 audit(1572061202.241:43): avc: denied { associate } for pid=9302 comm="syz-executor076" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 135.114201][ T9303] ntfs: (device nullb0): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 135.123714][ T9303] ntfs: (device nullb0): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover. [ 135.137021][ T9303] ntfs: (device nullb0): ntfs_fill_super(): Not an NTFS volume. [ 135.143171][ T809] Bluetooth: hci0: Frame reassembly failed (-84) [ 137.197625][ T2893] Bluetooth: hci0: command 0x1003 tx timeout [ 137.204602][ T9305] Bluetooth: hci0: sending frame failed (-49) [ 139.276964][ T17] Bluetooth: hci0: command 0x1001 tx timeout [ 139.283102][ T9305] Bluetooth: hci0: sending frame failed (-49) [ 141.357015][ T17] Bluetooth: hci0: command 0x1009 tx timeout executing program [ 145.375829][ T9307] ntfs: (device nullb0): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 145.384612][ T809] Bluetooth: hci0: Frame reassembly failed (-84) [ 145.385735][ T9307] ntfs: (device nullb0): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover. [ 145.404338][ C1] [ 145.404343][ C1] ===================================== [ 145.404345][ C1] WARNING: bad unlock balance detected! [ 145.404351][ C1] 5.4.0-rc4+ #0 Not tainted [ 145.404353][ C1] ------------------------------------- [ 145.404364][ C1] syz-executor076/9307 is trying to release lock (rcu_callback) at: [ 145.404381][ C1] [] rcu_core+0x574/0x1560 [ 145.404383][ C1] but there are no more locks to release! [ 145.404385][ C1] [ 145.404385][ C1] other info that might help us debug this: [ 145.404389][ C1] 1 lock held by syz-executor076/9307: [ 145.404391][ C1] #0: ffff8880a95700d8 (&type->s_umount_key#58/1){+.+.}, at: alloc_super+0x158/0x910 [ 145.404410][ C1] [ 145.404410][ C1] stack backtrace: [ 145.404418][ C1] CPU: 1 PID: 9307 Comm: syz-executor076 Not tainted 5.4.0-rc4+ #0 [ 145.404421][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 145.404424][ C1] Call Trace: [ 145.404427][ C1] [ 145.404436][ C1] dump_stack+0x172/0x1f0 [ 145.404442][ C1] ? rcu_core+0x574/0x1560 [ 145.404452][ C1] print_unlock_imbalance_bug.cold+0x114/0x123 [ 145.404458][ C1] ? rcu_core+0x574/0x1560 [ 145.404464][ C1] lock_release+0x5f2/0x960 [ 145.404472][ C1] ? lock_downgrade+0x920/0x920 [ 145.404479][ C1] ? trace_hardirqs_on+0x67/0x240 [ 145.404488][ C1] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 145.404495][ C1] ? kmem_cache_free+0x1a7/0x320 [ 145.404502][ C1] ? lockdep_unregister_key+0x4c0/0x4c0 [ 145.404508][ C1] rcu_core+0x599/0x1560 [ 145.404515][ C1] ? __rcu_read_unlock+0x6b0/0x6b0 [ 145.404524][ C1] ? kvm_sched_clock_read+0x9/0x20 [ 145.404535][ C1] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 145.404542][ C1] rcu_core_si+0x9/0x10 [ 145.404550][ C1] __do_softirq+0x262/0x98c [ 145.404558][ C1] ? sched_clock_cpu+0x1b/0x1b0 [ 145.404567][ C1] irq_exit+0x19b/0x1e0 [ 145.404575][ C1] smp_apic_timer_interrupt+0x1a3/0x610 [ 145.404583][ C1] apic_timer_interrupt+0xf/0x20 [ 145.404585][ C1] [ 145.404593][ C1] RIP: 0010:console_unlock+0xbc7/0xf10 [ 145.404602][ C1] Code: f3 88 48 c1 e8 03 42 80 3c 30 00 0f 85 e4 02 00 00 48 83 3d ea be 96 07 00 0f 84 91 01 00 00 e8 ef c1 16 00 48 8b 7d 98 57 9d <0f> 1f 44 00 00 e9 6d ff ff ff e8 da c1 16 00 48 8b 7d 08 c7 05 fc [ 145.404606][ C1] RSP: 0018:ffff8880961178f0 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13 [ 145.404613][ C1] RAX: ffff888094476040 RBX: 0000000000000200 RCX: 1ffffffff138d4fe [ 145.404622][ C1] RDX: 0000000000000000 RSI: ffffffff815c5fc1 RDI: 0000000000000293 [ 145.404626][ C1] RBP: ffff888096117978 R08: ffff888094476040 R09: fffffbfff11f40f1 [ 145.404630][ C1] R10: fffffbfff11f40f0 R11: 0000000000000001 R12: 0000000000000000 [ 145.404634][ C1] R13: ffffffff843de310 R14: dffffc0000000000 R15: ffffffff895daff0 [ 145.404644][ C1] ? netconsole_netdev_event+0x2a0/0x2a0 [ 145.404651][ C1] ? console_unlock+0xbc1/0xf10 [ 145.404660][ C1] vprintk_emit+0x2a0/0x700 [ 145.404667][ C1] vprintk_default+0x28/0x30 [ 145.404674][ C1] vprintk_func+0x7e/0x189 [ 145.404680][ C1] ? do_raw_spin_lock+0x2e0/0x2e0 [ 145.404686][ C1] printk+0xba/0xed [ 145.404692][ C1] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 145.404700][ C1] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 145.404707][ C1] ? ___ratelimit+0x60/0x595 [ 145.404716][ C1] __ntfs_error.cold+0x91/0xc7 [ 145.404723][ C1] ? __ntfs_warning+0x160/0x160 [ 145.404733][ C1] ? guard_bio_eod+0x294/0x6c0 [ 145.404743][ C1] ? __might_sleep+0x95/0x190 [ 145.404751][ C1] ? ntfs_fill_super+0x1ab8/0x3160 [ 145.404758][ C1] ntfs_fill_super+0x1ad3/0x3160 [ 145.404766][ C1] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 145.404775][ C1] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 145.404782][ C1] mount_bdev+0x304/0x3c0 [ 145.404789][ C1] ? load_system_files+0x74e0/0x74e0 [ 145.404796][ C1] ntfs_mount+0x35/0x40 [ 145.404804][ C1] ? ntfs_rl_punch_nolock+0x1d90/0x1d90 [ 145.404811][ C1] legacy_get_tree+0x108/0x220 [ 145.404818][ C1] vfs_get_tree+0x8e/0x300 [ 145.404826][ C1] do_mount+0x143d/0x1d10 [ 145.404834][ C1] ? copy_mount_string+0x40/0x40 [ 145.404842][ C1] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 145.404850][ C1] ? _copy_from_user+0x12c/0x1a0 [ 145.404858][ C1] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 145.404865][ C1] ? copy_mount_options+0x2e8/0x3f0 [ 145.404872][ C1] ksys_mount+0xdb/0x150 [ 145.404879][ C1] __x64_sys_mount+0xbe/0x150 [ 145.404888][ C1] do_syscall_64+0xfa/0x760 [ 145.404896][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 145.404902][ C1] RIP: 0033:0x441c59 [ 145.404909][ C1] Code: e8 1c b4 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 145.404912][ C1] RSP: 002b:00007fffd5178008 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 145.404918][ C1] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441c59 [ 145.404922][ C1] RDX: 0000000020000140 RSI: 0000000020000280 RDI: 00000000200004c0 [ 145.404925][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 145.404929][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 145.404933][ C1] R13: 0000000000402a60 R14: 0000000000000000 R15: 0000000000000000 [ 145.917676][ T9307] ntfs: (device nullb0): ntfs_fill_super(): Not an NTFS volume. [ 147.437017][ T2893] Bluetooth: hci0: command 0x1003 tx timeout [ 147.443093][ T9305] Bluetooth: hci0: sending frame failed (-49) [ 149.516979][ T9306] Bluetooth: hci0: command 0x1001 tx timeout [ 149.523127][ T9305] Bluetooth: hci0: sending frame failed (-49) [ 151.597046][ T2893] Bluetooth: hci0: command 0x1009 tx timeout