[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 39.048153] audit: type=1800 audit(1546121170.756:25): pid=7934 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 39.079301] audit: type=1800 audit(1546121170.756:26): pid=7934 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 39.111103] audit: type=1800 audit(1546121170.756:27): pid=7934 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.92' (ECDSA) to the list of known hosts. syzkaller login: [ 51.938586] FAULT_INJECTION: forcing a failure. [ 51.938586] name failslab, interval 1, probability 0, space 0, times 1 [ 51.949934] CPU: 0 PID: 8085 Comm: syz-executor520 Not tainted 4.20.0+ #395 [ 51.957017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.966350] Call Trace: [ 51.968935] dump_stack+0x1d3/0x2c6 [ 51.972561] ? dump_stack_print_info.cold.1+0x20/0x20 [ 51.977731] ? mark_held_locks+0xc7/0x130 [ 51.981882] should_fail.cold.4+0xa/0x17 [ 51.985926] ? trace_hardirqs_on+0xbd/0x310 [ 51.990234] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 51.995321] ? unwind_get_return_address+0x61/0xa0 [ 52.000238] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 52.005323] ? graph_lock+0x270/0x270 [ 52.009127] ? depot_save_stack+0x292/0x470 [ 52.013448] ? find_held_lock+0x36/0x1c0 [ 52.017489] ? __lock_is_held+0xb5/0x140 [ 52.021551] ? ___might_sleep+0x1ed/0x300 [ 52.025697] ? arch_local_save_flags+0x40/0x40 [ 52.030260] ? graph_lock+0x270/0x270 [ 52.034049] __should_failslab+0x124/0x180 [ 52.038265] should_failslab+0x9/0x14 [ 52.042047] __kmalloc+0x2e4/0x760 [ 52.045565] ? __lock_is_held+0xb5/0x140 [ 52.049625] ? drm_atomic_state_init+0x171/0x3b0 [ 52.054363] drm_atomic_state_init+0x171/0x3b0 [ 52.058936] ? rcu_read_lock_sched_held+0x108/0x120 [ 52.063945] ? __drm_atomic_state_free+0xf0/0xf0 [ 52.068688] drm_atomic_state_alloc+0xd0/0x110 [ 52.073254] set_property_atomic+0xbb/0x330 [ 52.077579] ? refcount_add_not_zero_checked+0x330/0x330 [ 52.083014] ? drm_object_property_get_value+0x180/0x180 [ 52.088452] ? mutex_unlock+0xd/0x10 [ 52.092150] ? __drm_mode_object_find+0xb8/0x210 [ 52.096901] drm_mode_obj_set_property_ioctl+0x53a/0x800 [ 52.102333] ? drm_mode_obj_find_prop_id+0x1c0/0x1c0 [ 52.107413] ? lock_downgrade+0x900/0x900 [ 52.111545] ? lock_release+0xa00/0xa00 [ 52.115503] drm_connector_property_set_ioctl+0x1a1/0x2a0 [ 52.121028] ? drm_connector_set_obj_prop+0x1a0/0x1a0 [ 52.126215] ? drm_lease_owner+0x44/0x60 [ 52.130261] ? drm_is_current_master+0x5c/0x140 [ 52.134915] drm_ioctl_kernel+0x278/0x330 [ 52.139048] ? drm_connector_set_obj_prop+0x1a0/0x1a0 [ 52.144218] ? drm_setversion+0x8b0/0x8b0 [ 52.148364] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 52.153883] ? _copy_from_user+0xdf/0x150 [ 52.158014] drm_ioctl+0x58f/0xb90 [ 52.161538] ? drm_connector_set_obj_prop+0x1a0/0x1a0 [ 52.166711] ? drm_version+0x3d0/0x3d0 [ 52.170582] ? proc_fail_nth_write+0x9e/0x210 [ 52.175073] ? proc_cwd_link+0x1d0/0x1d0 [ 52.179117] ? trace_hardirqs_off+0xb8/0x310 [ 52.183506] ? find_held_lock+0x36/0x1c0 [ 52.187550] ? vfs_write+0x2f3/0x580 [ 52.191246] ? drm_version+0x3d0/0x3d0 [ 52.195114] do_vfs_ioctl+0x1de/0x1790 [ 52.199002] ? __lock_is_held+0xb5/0x140 [ 52.203047] ? ioctl_preallocate+0x300/0x300 [ 52.207460] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.212979] ? __fget_light+0x2e9/0x430 [ 52.216932] ? fget_raw+0x20/0x20 [ 52.220368] ? __sb_end_write+0xd9/0x110 [ 52.224415] ? do_syscall_64+0x9a/0x820 [ 52.228367] ? do_syscall_64+0x9a/0x820 [ 52.232324] ? lockdep_hardirqs_on+0x421/0x5c0 [ 52.236888] ? security_file_ioctl+0x94/0xc0 [ 52.241291] ksys_ioctl+0xa9/0xd0 [ 52.244747] __x64_sys_ioctl+0x73/0xb0 [ 52.248618] do_syscall_64+0x1b9/0x820 [ 52.252486] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 52.257831] ? syscall_return_slowpath+0x5e0/0x5e0 [ 52.262773] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 52.267601] ? trace_hardirqs_on_caller+0x310/0x310 [ 52.272616] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 52.277613] ? prepare_exit_to_usermode+0x291/0x3b0 [ 52.282615] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 52.287444] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.292612] RIP: 0033:0x444049 [ 52.295804] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 52.314689] RSP: 002b:00007fff63fafe88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 52.322379] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000444049 [ 52.329712] RDX: 0000000020000000 RSI: 000000004010aeab RDI: 0000000000000004 [ 52.336965] RBP: 00000000006cf018 R08: 0000000000000001 R09: 0000000000000032 [ 52.344215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 52.351482] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000 [ 52.359737] [ 52.361417] ================================================ [ 52.367187] WARNING: lock held when returning to user space! [ 52.372969] 4.20.0+ #395 Not tainted [ 52.376655] ------------------------------------------------ [ 52.382435] syz-executor520/8085 is leaving the kernel with locks still held! [ 52.38968