[ 45.335130] audit: type=1800 audit(1580644799.426:29): pid=8029 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 45.359984] audit: type=1800 audit(1580644799.426:30): pid=8029 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.119' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 54.128073] kauditd_printk_skb: 5 callbacks suppressed [ 54.128090] audit: type=1400 audit(1580644808.216:36): avc: denied { map } for pid=8215 comm="syz-executor847" path="/root/syz-executor847988397" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 54.136134] FAULT_INJECTION: forcing a failure. [ 54.136134] name failslab, interval 1, probability 0, space 0, times 1 [ 54.171759] CPU: 0 PID: 8215 Comm: syz-executor847 Not tainted 4.19.101-syzkaller #0 [ 54.179631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.188983] Call Trace: [ 54.191567] dump_stack+0x197/0x210 [ 54.195204] should_fail.cold+0xa/0x1b [ 54.199232] ? __lock_is_held+0xb6/0x140 [ 54.203293] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 54.208538] __should_failslab+0x121/0x190 [ 54.212801] should_failslab+0x9/0x14 [ 54.216658] __kmalloc+0x71/0x750 [ 54.220104] ? __mutex_lock+0x3cd/0x1300 [ 54.224255] ? add_wait_queue+0x112/0x170 [ 54.228467] ? n_tty_write+0x52b/0x1140 [ 54.232537] ? __tty_buffer_request_room+0x1fb/0x5c0 [ 54.237646] __tty_buffer_request_room+0x1fb/0x5c0 [ 54.242573] tty_insert_flip_string_fixed_flag+0x93/0x1f0 [ 54.248204] ? do_raw_spin_lock+0xd7/0x250 [ 54.252438] pty_write+0x133/0x200 [ 54.255967] n_tty_write+0x3f9/0x1140 [ 54.259835] ? process_echoes+0x170/0x170 [ 54.264121] ? do_wait_intr_irq+0x2b0/0x2b0 [ 54.268662] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 54.274273] ? _copy_from_user+0xdd/0x150 [ 54.278439] tty_write+0x458/0x7a0 [ 54.282059] ? process_echoes+0x170/0x170 [ 54.286356] __vfs_write+0x114/0x810 [ 54.290062] ? tty_read+0x2a0/0x2a0 [ 54.293703] ? kernel_read+0x120/0x120 [ 54.297599] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 54.303227] ? __inode_security_revalidate+0xda/0x120 [ 54.308420] ? avc_policy_seqno+0xd/0x70 [ 54.312484] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 54.317503] ? selinux_file_permission+0x92/0x550 [ 54.322402] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.328908] ? security_file_permission+0x89/0x230 [ 54.334030] ? rw_verify_area+0x118/0x360 [ 54.338796] vfs_write+0x20c/0x560 [ 54.342716] ksys_write+0x14f/0x2d0 [ 54.346521] ? __ia32_sys_read+0xb0/0xb0 [ 54.350853] ? do_syscall_64+0x26/0x620 [ 54.354929] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.360662] ? do_syscall_64+0x26/0x620 [ 54.364847] __x64_sys_write+0x73/0xb0 [ 54.368862] do_syscall_64+0xfd/0x620 [ 54.372670] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.378764] RIP: 0033:0x440689 [ 54.382425] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.402329] RSP: 002b:00007ffc2c042958 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 54.410227] RAX: ffffffffffffffda RBX: 00007ffc2c042970 RCX: 0000000000440689 [ 54.417508] RDX: 00000000fffffedf RSI: 0000000020000000 RDI: 0000000000000004 [ 54.424836] RBP: 0000000000000005 R08: 0000000000000001 R09: 00000000000000c2 [ 54.432104] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401f50 [ 54.439367] R13: 0000000000401fe0 R14: 0000000000000000 R15: 0000000000000000 [ 54.446733] [ 54.446736] ====================================================== [ 54.446739] WARNING: possible circular locking dependency detected [ 54.446742] 4.19.101-syzkaller #0 Not tainted [ 54.446745] ------------------------------------------------------ [ 54.446748] syz-executor847/8215 is trying to acquire lock: [ 54.446750] 000000006ee1b8f8 (console_owner){-...}, at: vprintk_emit+0x3d5/0x6d0 [ 54.446758] [ 54.446761] but task is already holding lock: [ 54.446762] 00000000181deb8a (&(&port->lock)->rlock){-.-.}, at: pty_write+0xff/0x200 [ 54.446770] [ 54.446773] which lock already depends on the new lock. [ 54.446774] [ 54.446776] [ 54.446779] the existing dependency chain (in reverse order) is: [ 54.446780] [ 54.446781] -> #2 (&(&port->lock)->rlock){-.-.}: [ 54.446790] _raw_spin_lock_irqsave+0x95/0xcd [ 54.446792] tty_port_tty_get+0x22/0x90 [ 54.446795] tty_port_default_wakeup+0x16/0x40 [ 54.446797] tty_port_tty_wakeup+0x57/0x70 [ 54.446799] uart_write_wakeup+0x46/0x70 [ 54.446802] serial8250_tx_chars+0x495/0xaf0 [ 54.446804] serial8250_handle_irq.part.0+0x261/0x2b0 [ 54.446807] serial8250_default_handle_irq+0xc0/0x150 [ 54.446810] serial8250_interrupt+0xfc/0x1e0 [ 54.446812] __handle_irq_event_percpu+0x144/0x8f0 [ 54.446815] handle_irq_event_percpu+0x74/0x160 [ 54.446817] handle_irq_event+0xa7/0x134 [ 54.446820] handle_edge_irq+0x25e/0x8d0 [ 54.446822] handle_irq+0x39/0x50 [ 54.446824] do_IRQ+0x99/0x1d0 [ 54.446826] ret_from_intr+0x0/0x1e [ 54.446829] _raw_spin_unlock_irqrestore+0x95/0xe0 [ 54.446831] uart_write+0x3a9/0x6e0 [ 54.446833] n_tty_write+0x3f9/0x1140 [ 54.446835] tty_write+0x458/0x7a0 [ 54.446838] redirected_tty_write+0xb2/0xc0 [ 54.446840] __vfs_write+0x114/0x810 [ 54.446842] vfs_write+0x20c/0x560 [ 54.446844] ksys_write+0x14f/0x2d0 [ 54.446846] __x64_sys_write+0x73/0xb0 [ 54.446849] do_syscall_64+0xfd/0x620 [ 54.446851] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.446853] [ 54.446854] -> #1 (&port_lock_key){-.-.}: [ 54.446862] _raw_spin_lock_irqsave+0x95/0xcd [ 54.446865] serial8250_console_write+0x7ca/0x9f0 [ 54.446867] univ8250_console_write+0x5f/0x70 [ 54.446870] console_unlock+0xbdf/0x10d0 [ 54.446872] vprintk_emit+0x280/0x6d0 [ 54.446874] vprintk_default+0x28/0x30 [ 54.446876] vprintk_func+0x7e/0x189 [ 54.446878] printk+0xba/0xed [ 54.446881] register_console+0x77f/0xb90 [ 54.446883] univ8250_console_init+0x3e/0x4b [ 54.446885] console_init+0x4f7/0x761 [ 54.446888] start_kernel+0x59c/0x825 [ 54.446890] x86_64_start_reservations+0x29/0x2b [ 54.446893] x86_64_start_kernel+0x77/0x7b [ 54.446895] secondary_startup_64+0xa4/0xb0 [ 54.446897] [ 54.446898] -> #0 (console_owner){-...}: [ 54.446906] lock_acquire+0x16f/0x3f0 [ 54.446908] vprintk_emit+0x412/0x6d0 [ 54.446910] vprintk_default+0x28/0x30 [ 54.446912] vprintk_func+0x7e/0x189 [ 54.446920] printk+0xba/0xed [ 54.446922] should_fail+0x6f1/0x85c [ 54.446924] __should_failslab+0x121/0x190 [ 54.446927] should_failslab+0x9/0x14 [ 54.446929] __kmalloc+0x71/0x750 [ 54.446932] __tty_buffer_request_room+0x1fb/0x5c0 [ 54.446934] tty_insert_flip_string_fixed_flag+0x93/0x1f0 [ 54.446937] pty_write+0x133/0x200 [ 54.446939] n_tty_write+0x3f9/0x1140 [ 54.446941] tty_write+0x458/0x7a0 [ 54.446943] __vfs_write+0x114/0x810 [ 54.446945] vfs_write+0x20c/0x560 [ 54.446948] ksys_write+0x14f/0x2d0 [ 54.446950] __x64_sys_write+0x73/0xb0 [ 54.446952] do_syscall_64+0xfd/0x620 [ 54.446955] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.446956] [ 54.446959] other info that might help us debug this: [ 54.446960] [ 54.446962] Chain exists of: [ 54.446963] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 54.446973] [ 54.446976] Possible unsafe locking scenario: [ 54.446977] [ 54.446979] CPU0 CPU1 [ 54.446982] ---- ---- [ 54.446983] lock(&(&port->lock)->rlock); [ 54.446988] lock(&port_lock_key); [ 54.446994] lock(&(&port->lock)->rlock); [ 54.446998] lock(console_owner); [ 54.447003] [ 54.447004] *** DEADLOCK *** [ 54.447006] [ 54.447008] 5 locks held by syz-executor847/8215: [ 54.447009] #0: 000000006f51bce1 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 54.447019] #1: 00000000fcf8a3b4 (&tty->atomic_write_lock){+.+.}, at: tty_write_lock+0x23/0x90 [ 54.447029] #2: 000000000d2d6305 (&o_tty->termios_rwsem/1){++++}, at: n_tty_write+0x1ab/0x1140 [ 54.447039] #3: 00000000b182e37a (&ldata->output_lock){+.+.}, at: n_tty_write+0x52b/0x1140 [ 54.447049] #4: 00000000181deb8a (&(&port->lock)->rlock){-.-.}, at: pty_write+0xff/0x200 [ 54.447058] [ 54.447060] stack backtrace: [ 54.447064] CPU: 0 PID: 8215 Comm: syz-executor847 Not tainted 4.19.101-syzkaller #0 [ 54.447068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.447070] Call Trace: [ 54.447072] dump_stack+0x197/0x210 [ 54.447075] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 54.447077] __lock_acquire+0x2e19/0x49c0 [ 54.447080] ? mark_held_locks+0x100/0x100 [ 54.447082] ? vprintk_emit+0x3ed/0x6d0 [ 54.447084] ? vprintk_emit+0x3ed/0x6d0 [ 54.447086] lock_acquire+0x16f/0x3f0 [ 54.447089] ? vprintk_emit+0x3d5/0x6d0 [ 54.447091] vprintk_emit+0x412/0x6d0 [ 54.447093] ? vprintk_emit+0x3d5/0x6d0 [ 54.447100] vprintk_default+0x28/0x30 [ 54.447102] vprintk_func+0x7e/0x189 [ 54.447104] printk+0xba/0xed [ 54.447109] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 54.447112] ? check_noncircular+0x20/0x20 [ 54.447114] ? lock_downgrade+0x880/0x880 [ 54.447117] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.447119] ? ___ratelimit+0x60/0x595 [ 54.447121] should_fail+0x6f1/0x85c [ 54.447123] ? __lock_is_held+0xb6/0x140 [ 54.447126] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 54.447128] __should_failslab+0x121/0x190 [ 54.447131] should_failslab+0x9/0x14 [ 54.447133] __kmalloc+0x71/0x750 [ 54.447135] ? __mutex_lock+0x3cd/0x1300 [ 54.447137] ? add_wait_queue+0x112/0x170 [ 54.447140] ? n_tty_write+0x52b/0x1140 [ 54.447142] ? __tty_buffer_request_room+0x1fb/0x5c0 [ 54.447145] __tty_buffer_request_room+0x1fb/0x5c0 [ 54.447148] tty_insert_flip_string_fixed_flag+0x93/0x1f0 [ 54.447150] ? do_raw_spin_lock+0xd7/0x250 [ 54.447153] pty_write+0x133/0x200 [ 54.447155] n_tty_write+0x3f9/0x1140 [ 54.447157] ? process_echoes+0x170/0x170 [ 54.447160] ? do_wait_intr_irq+0x2b0/0x2b0 [ 54.447163] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 54.447165] ? _copy_from_user+0xdd/0x150 [ 54.447167] tty_write+0x458/0x7a0 [ 54.447169] ? process_echoes+0x170/0x170 [ 54.447171] __vfs_write+0x114/0x810 [ 54.447174] ? tty_read+0x2a0/0x2a0 [ 54.447176] ? kernel_read+0x120/0x120 [ 54.447179] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 54.447181] ? __inode_security_revalidate+0xda/0x120 [ 54.447184] ? avc_policy_seqno+0xd/0x70 [ 54.447186] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 54.447189] ? selinux_file_permission+0x92/0x550 [ 54.447192] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.447194] ? security_file_permission+0x89/0x230 [ 54.447197] ? rw_verify_area+0x118/0x360 [ 54.447199] vfs_write+0x20c/0x560 [ 54.447201] ksys_write+0x14f/0x2d0 [ 54.447204] ? __ia32_sys_read+0xb0/0xb0 [ 54.447206] ? do_syscall_64+0x26/0x620 [ 54.447209] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.447211] ? do_syscall_64+0x26/0x620 [ 54.447213] __x64_sys_write+0x73/0xb0 [ 54.447215] do_syscall_64+0xfd/0x620 [ 54.447218] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.447220] RIP: 0033:0x440689 [ 54.447228] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.447231] RSP: 002b:00007ffc2c042958 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 54.447237] RAX: ffffffffffffffda RBX: 00007ffc2c042970 RCX: 0000000000440689 [ 54.447240] RDX: 00000000fffffedf RSI: 0000000020000000 RDI: 0000000000000004 [ 54.447244] RBP: 0000000000000005 R08: 0000000000000001 R09: 00000000000000c2 [ 54.447247] R10: 00000