[ 49.730432] audit: type=1800 audit(1582976955.854:30): pid=8247 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 56.119407] kauditd_printk_skb: 4 callbacks suppressed [ 56.119420] audit: type=1400 audit(1582976962.274:35): avc: denied { map } for pid=8422 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.218' (ECDSA) to the list of known hosts. executing program [ 62.925001] audit: type=1400 audit(1582976969.084:36): avc: denied { map } for pid=8434 comm="syz-executor925" path="/root/syz-executor925701557" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 62.999563] FAULT_INJECTION: forcing a failure. [ 62.999563] name failslab, interval 1, probability 0, space 0, times 1 [ 63.011104] CPU: 1 PID: 8434 Comm: syz-executor925 Not tainted 4.19.107-syzkaller #0 [ 63.019674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.029122] Call Trace: [ 63.031707] dump_stack+0x188/0x20d [ 63.035348] should_fail.cold+0xa/0x1b [ 63.039231] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 63.044338] ? __lock_is_held+0xad/0x140 [ 63.048474] __should_failslab+0x115/0x180 [ 63.052724] should_failslab+0x5/0xf [ 63.056439] kmem_cache_alloc_trace+0x2c6/0x7a0 [ 63.061243] ? kfree_const+0x51/0x60 [ 63.065164] ? rcu_read_lock_sched_held+0x10a/0x130 [ 63.070857] ? kfree+0x1f2/0x220 [ 63.074838] ? kfree_const+0x51/0x60 [ 63.078890] device_add+0xddf/0x1660 [ 63.082597] ? device_initialize+0x440/0x440 [ 63.087796] ? uevent_show+0x370/0x370 [ 63.091739] ? __lockdep_init_map+0x100/0x5a0 [ 63.096231] netdev_register_kobject+0x180/0x3b0 [ 63.100983] register_netdevice+0x7f7/0xf50 [ 63.105314] ? netdev_change_features+0xb0/0xb0 [ 63.109996] ? hsr_add_port+0x4b7/0x6a0 [ 63.113976] hsr_dev_finalize+0x4f5/0x770 [ 63.118522] hsr_newlink+0x258/0x360 [ 63.122735] ? hsr_dev_finalize+0x770/0x770 [ 63.127773] ? rtnl_create_link+0x145/0xa30 [ 63.134234] ? hsr_dev_finalize+0x770/0x770 [ 63.138656] rtnl_newlink+0xf03/0x1440 [ 63.142722] ? __lock_acquire+0x6ee/0x49c0 [ 63.147217] ? rtnl_link_unregister+0x230/0x230 [ 63.151901] ? __lock_acquire+0x6ee/0x49c0 [ 63.156877] ? mark_held_locks+0xf0/0xf0 [ 63.161044] ? mark_held_locks+0xf0/0xf0 [ 63.165106] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 63.171018] ? __lock_acquire+0x6ee/0x49c0 [ 63.175296] ? unwind_next_frame+0xd01/0x18a0 [ 63.179784] ? __save_stack_trace+0x59/0xf0 [ 63.184292] ? mark_held_locks+0xf0/0xf0 [ 63.188344] ? __lock_acquire+0x6ee/0x49c0 [ 63.192698] ? mark_held_locks+0xf0/0xf0 [ 63.196768] ? mark_held_locks+0xf0/0xf0 [ 63.200825] ? lock_downgrade+0x740/0x740 [ 63.204979] ? check_preemption_disabled+0x41/0x280 [ 63.210017] ? mutex_trylock+0x1a0/0x1a0 [ 63.214088] ? find_held_lock+0x2d/0x110 [ 63.218475] ? rtnetlink_rcv_msg+0x3c3/0xaf0 [ 63.223010] ? rtnl_link_unregister+0x230/0x230 [ 63.227690] rtnetlink_rcv_msg+0x453/0xaf0 [ 63.232248] ? rtnetlink_put_metrics+0x520/0x520 [ 63.237092] ? find_held_lock+0x2d/0x110 [ 63.241171] netlink_rcv_skb+0x160/0x410 [ 63.245385] ? rtnetlink_put_metrics+0x520/0x520 [ 63.250154] ? netlink_ack+0xa60/0xa60 [ 63.254047] netlink_unicast+0x4d7/0x6a0 [ 63.258198] ? netlink_attachskb+0x710/0x710 [ 63.262618] netlink_sendmsg+0x80b/0xcd0 [ 63.266697] ? netlink_unicast+0x6a0/0x6a0 [ 63.270932] ? move_addr_to_kernel.part.0+0x110/0x110 [ 63.276184] ? netlink_unicast+0x6a0/0x6a0 [ 63.280463] sock_sendmsg+0xcf/0x120 [ 63.284243] ___sys_sendmsg+0x803/0x920 [ 63.288297] ? copy_msghdr_from_user+0x410/0x410 [ 63.293058] ? proc_fail_nth_write+0x95/0x1d0 [ 63.297835] ? proc_cwd_link+0x1d0/0x1d0 [ 63.301907] ? debug_check_no_obj_freed+0x20a/0x42e [ 63.306944] ? __vfs_write+0xff/0x760 [ 63.310737] ? proc_cwd_link+0x1d0/0x1d0 [ 63.314810] ? kernel_read+0x110/0x110 [ 63.319212] ? find_held_lock+0x2d/0x110 [ 63.323286] ? vfs_write+0x2e6/0x550 [ 63.327029] ? __fget_light+0x1a2/0x230 [ 63.331020] __sys_sendmsg+0xec/0x1b0 [ 63.334835] ? __ia32_sys_shutdown+0x70/0x70 [ 63.339255] ? vfs_write+0x15b/0x550 [ 63.343126] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 63.348080] ? trace_hardirqs_off_caller+0x55/0x210 [ 63.353248] ? do_syscall_64+0x21/0x620 [ 63.357851] do_syscall_64+0xf9/0x620 [ 63.361681] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 63.367136] RIP: 0033:0x440799 [ 63.370340] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 63.389403] RSP: 002b:00007fff2f726d88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 63.397145] RAX: ffffffffffffffda RBX: 00007fff2f726d90 RCX: 0000000000440799 [ 63.404420] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000006 [ 63.411691] RBP: 000000000000000d R08: 0000000000000002 R09: 00007fff2f003131 [ 63.418963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402080 [ 63.426237] R13: 0000000000402110 R14: 0000000000000000 R15: 0000000000000000 [ 63.435404] [ 63.437045] ============================================ [ 63.442477] WARNING: possible recursive locking detected [ 63.447920] 4.19.107-syzkaller #0 Not tainted [ 63.452448] -------------------------------------------- [ 63.458025] syz-executor925/8434 is trying to acquire lock: [ 63.463784] 00000000584890f3 (rtnl_mutex){+.+.}, at: hsr_dev_destroy+0x1b/0xb0 [ 63.471149] [ 63.471149] but task is already holding lock: [ 63.477222] 00000000584890f3 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xaf0 [ 63.484936] [ 63.484936] other info that might help us debug this: [ 63.491593] Possible unsafe locking scenario: [ 63.491593] [ 63.497640] CPU0 [ 63.500269] ---- [ 63.502839] lock(rtnl_mutex); [ 63.506101] lock(rtnl_mutex); [ 63.509378] [ 63.509378] *** DEADLOCK *** [ 63.509378] [ 63.515428] May be due to missing lock nesting notation [ 63.515428] [ 63.522456] 1 lock held by syz-executor925/8434: [ 63.527304] #0: 00000000584890f3 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xaf0 [ 63.537151] [ 63.537151] stack backtrace: [ 63.541652] CPU: 1 PID: 8434 Comm: syz-executor925 Not tainted 4.19.107-syzkaller #0 [ 63.549524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.558871] Call Trace: [ 63.561454] dump_stack+0x188/0x20d [ 63.565081] __lock_acquire.cold+0x20f/0x4a7 [ 63.569480] ? mark_held_locks+0xa6/0xf0 [ 63.573589] ? firmware_map_remove+0x19a/0x19a [ 63.578221] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 63.582978] ? mark_held_locks+0xf0/0xf0 [ 63.587177] ? arch_local_irq_restore+0x45/0x51 [ 63.591854] ? arch_local_irq_restore+0x4a/0x51 [ 63.596656] ? dump_stack+0x1ef/0x20d [ 63.600455] ? hsr_dev_destroy+0x1b/0xb0 [ 63.604526] lock_acquire+0x170/0x400 [ 63.608327] ? hsr_dev_destroy+0x1b/0xb0 [ 63.612388] ? hsr_dev_destroy+0x1b/0xb0 [ 63.616442] __mutex_lock+0xf7/0x1300 [ 63.620342] ? hsr_dev_destroy+0x1b/0xb0 [ 63.624401] ? rcu_read_lock_sched_held+0x10a/0x130 [ 63.629411] ? kmem_cache_alloc_trace+0x342/0x7a0 [ 63.634275] ? hsr_dev_destroy+0x1b/0xb0 [ 63.638331] ? kfree+0x1f2/0x220 [ 63.641720] ? mutex_trylock+0x1a0/0x1a0 [ 63.645772] ? device_add+0x658/0x1660 [ 63.649730] ? device_initialize+0x440/0x440 [ 63.654129] ? uevent_show+0x370/0x370 [ 63.658005] ? __lockdep_init_map+0x100/0x5a0 [ 63.662503] ? hsr_dev_close+0x10/0x10 [ 63.666402] ? hsr_dev_destroy+0x1b/0xb0 [ 63.670497] hsr_dev_destroy+0x1b/0xb0 [ 63.674380] ? hsr_dev_close+0x10/0x10 [ 63.678287] register_netdevice+0xb8a/0xf50 [ 63.682615] ? netdev_change_features+0xb0/0xb0 [ 63.687421] ? hsr_add_port+0x4b7/0x6a0 [ 63.691636] hsr_dev_finalize+0x4f5/0x770 [ 63.696247] hsr_newlink+0x258/0x360 [ 63.700106] ? hsr_dev_finalize+0x770/0x770 [ 63.704436] ? rtnl_create_link+0x145/0xa30 [ 63.708756] ? hsr_dev_finalize+0x770/0x770 [ 63.713078] rtnl_newlink+0xf03/0x1440 [ 63.716966] ? __lock_acquire+0x6ee/0x49c0 [ 63.721204] ? rtnl_link_unregister+0x230/0x230 [ 63.725876] ? __lock_acquire+0x6ee/0x49c0 [ 63.730124] ? mark_held_locks+0xf0/0xf0 [ 63.734943] ? mark_held_locks+0xf0/0xf0 [ 63.739103] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 63.745651] ? __lock_acquire+0x6ee/0x49c0 [ 63.749999] ? unwind_next_frame+0xd01/0x18a0 [ 63.754949] ? __save_stack_trace+0x59/0xf0 [ 63.759498] ? mark_held_locks+0xf0/0xf0 [ 63.763580] ? __lock_acquire+0x6ee/0x49c0 [ 63.767799] ? mark_held_locks+0xf0/0xf0 [ 63.771961] ? mark_held_locks+0xf0/0xf0 [ 63.776042] ? lock_downgrade+0x740/0x740 [ 63.780197] ? check_preemption_disabled+0x41/0x280 [ 63.785594] ? mutex_trylock+0x1a0/0x1a0 [ 63.789712] ? find_held_lock+0x2d/0x110 [ 63.793778] ? rtnetlink_rcv_msg+0x3c3/0xaf0 [ 63.798194] ? rtnl_link_unregister+0x230/0x230 [ 63.802866] rtnetlink_rcv_msg+0x453/0xaf0 [ 63.807118] ? rtnetlink_put_metrics+0x520/0x520 [ 63.811970] ? find_held_lock+0x2d/0x110 [ 63.816033] netlink_rcv_skb+0x160/0x410 [ 63.820085] ? rtnetlink_put_metrics+0x520/0x520 [ 63.824949] ? netlink_ack+0xa60/0xa60 [ 63.828990] netlink_unicast+0x4d7/0x6a0 [ 63.833096] ? netlink_attachskb+0x710/0x710 [ 63.837500] netlink_sendmsg+0x80b/0xcd0 [ 63.841584] ? netlink_unicast+0x6a0/0x6a0 [ 63.847650] ? move_addr_to_kernel.part.0+0x110/0x110 [ 63.853001] ? netlink_unicast+0x6a0/0x6a0 [ 63.857267] sock_sendmsg+0xcf/0x120 [ 63.860992] ___sys_sendmsg+0x803/0x920 [ 63.864961] ? copy_msghdr_from_user+0x410/0x410 [ 63.869720] ? proc_fail_nth_write+0x95/0x1d0 [ 63.874322] ? proc_cwd_link+0x1d0/0x1d0 [ 63.878374] ? debug_check_no_obj_freed+0x20a/0x42e [ 63.883512] ? __vfs_write+0xff/0x760 [ 63.887307] ? proc_cwd_link+0x1d0/0x1d0 [ 63.891369] ? kernel_read+0x110/0x110 [ 63.896049] ? find_held_lock+0x2d/0x110 [ 63.900377] ? vfs_write+0x2e6/0x550 [ 63.904361] ? __fget_light+0x1a2/0x230 [ 63.908323] __sys_sendmsg+0xec/0x1b0 [ 63.912181] ? __ia32_sys_shutdown+0x70/0x70 [ 63.916613] ? vfs_write+0x15b/0x550 [ 63.920399] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 63.925423] ? trace_hardirqs_off_caller+0x55/0x210 [ 63.930562] ? do_syscall_64+0x21/0x620 [ 63.934664] do_syscall_64+0xf9/0x620 [ 63.938547] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 63.943740] RIP: 0033:0x440799 [ 63.946918] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 63.965814] RSP: 002b:00007fff2f726d88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 63.973823] RAX: ffffffffffffffda RBX: 00007fff2f726d90 RCX: 0000000000440799 [ 63.981232] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000006 [ 63.988752] RBP: 000000000000000d R08: 0000000000000002 R09: 00007fff2f003131 [ 63.996177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402080 [ 64.003544] R13: 0000000000402110 R14: 0000000000000000 R15: 0000000000000000