audit: type=1400 audit(1574638183.965:8): avc: denied { associate } for pid=2114 comm="syz-executor.5" name="syz5" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 =============================== [ INFO: suspicious RCU usage. ] 4.9.202+ #0 Not tainted ------------------------------- include/linux/radix-tree.h:199 suspicious rcu_dereference_check() usage! hrtimer: interrupt took 31645 ns other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 0 2 locks held by syz-executor.5/3455: #0: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<0000000050115a5d>] inode_lock include/linux/fs.h:771 [inline] #0: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<0000000050115a5d>] shmem_add_seals+0x166/0x1020 mm/shmem.c:2610 #1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<00000000333e07ab>] spin_lock_irq include/linux/spinlock.h:332 [inline] #1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<00000000333e07ab>] shmem_tag_pins mm/shmem.c:2465 [inline] #1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<00000000333e07ab>] shmem_wait_for_pins mm/shmem.c:2506 [inline] #1: (&(&mapping->tree_lock)->rlock){..-...}, at: [<00000000333e07ab>] shmem_add_seals+0x342/0x1020 mm/shmem.c:2622 stack backtrace: CPU: 1 PID: 3455 Comm: syz-executor.5 Not tainted 4.9.202+ #0 ffff8801d1fffca0 ffffffff81b55d2b ffff8801d05d5f78 0000000000000000 0000000000000002[ 97.001254] audit: type=1400 audit(1574638184.115:9): avc: denied { prog_load } for pid=3494 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 00000000000000c7 ffff8801c6070000 ffff8801d1fffcd0 ffffffff81406867 ffffea0006b8c2c0 dffffc0000000000 ffff8801d1fffd78 Call Trace: [<000000005b673f94>] __dump_stack lib/dump_stack.c:15 [inline] [<000000005b673f94>] dump_stack+0xcb/0x130 lib/dump_stack.c:56 [<00000000bde227f7>] lockdep_rcu_suspicious.cold+0x10a/0x149 kernel/locking/lockdep.c:4458 [<00000000b5a357d7>] radix_tree_deref_slot include/linux/radix-tree.h:199 [inline] [<00000000b5a357d7>] shmem_tag_pins mm/shmem.c:2467 [inline] [<00000000b5a357d7>] shmem_wait_for_pins mm/shmem.c:2506 [inline] [<00000000b5a357d7>] shmem_add_seals+0xa44/0x1020 mm/shmem.c:2622 [<000000009d7d672f>] shmem_fcntl+0xf7/0x130 mm/shmem.c:2657 [<0000000047977ff2>] do_fcntl fs/fcntl.c:340 [inline] [<0000000047977ff2>] SYSC_fcntl fs/fcntl.c:376 [inline] [<0000000047977ff2>] SyS_fcntl+0x1d5/0xb50 fs/fcntl.c:361 [<0000000076c6b7b5>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000bf4a196a>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb binder: 3655:3657 transaction failed 29189/-22, size 0-0 line 3138 netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. binder: undelivered TRANSACTION_ERROR: 29189 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=3642 comm=syz-executor.1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=3642 comm=syz-executor.1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=3642 comm=syz-executor.1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=3642 comm=syz-executor.1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=3642 comm=syz-executor.1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=3642 comm=syz-executor.1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=3642 comm=syz-executor.1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=3642 comm=syz-executor.1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=3642 comm=syz-executor.1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=3642 comm=syz-executor.1 FAT-fs (loop4): bogus number of reserved sectors FAT-fs (loop4): Can't find a valid FAT filesystem devpts: called with bogus options audit: type=1400 audit(1574638186.875:10): avc: denied { mac_admin } for pid=3751 comm="syz-executor.5" capability=33 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 SELinux: Context unconfined_u:system_r:insmod_t:s0-s0:c0.c1023, is not valid (left unmapped). audit: type=1400 audit(1574638187.135:11): avc: denied { create } for pid=3771 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 audit: type=1400 audit(1574638187.785:12): avc: denied { write } for pid=3820 comm="syz-executor.0" name="net" dev="proc" ino=9662 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=dir permissive=1 input: syz1 as /devices/virtual/input/input4 IPv6: NLM_F_CREATE should be specified when creating new route IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE IPv6: NLM_F_CREATE should be set when creating new route IPv6: NLM_F_CREATE should be set when creating new route IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE IPv6: NLM_F_CREATE should be set when creating new route IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE audit: type=1400 audit(1574638188.055:13): avc: denied { add_name } for pid=3820 comm="syz-executor.0" name="pfkey" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=dir permissive=1 audit: type=1400 audit(1574638188.095:14): avc: denied { create } for pid=3820 comm="syz-executor.0" name="pfkey" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:insmod_t:s0 tclass=file permissive=1 audit: type=1400 audit(1574638188.425:15): avc: denied { ioctl } for pid=3893 comm="syz-executor.0" path="socket:[8797]" dev="sockfs" ino=8797 ioctlcmd=0x890b scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1574638190.135:16): avc: denied { setopt } for pid=4010 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 EXT4-fs: Warning: mounting with data=journal disables delayed allocation and O_DIRECT support! EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 not in group (block 135266304)! EXT4-fs (loop5): group descriptors corrupted! selinux_nlmsg_perm: 4086 callbacks suppressed SELinux: unrecognized netlink message: protocol=0 nlmsg_type=54315 sclass=netlink_route_socket pig=4067 comm=syz-executor.2 EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors SELinux: unrecognized netlink message: protocol=0 nlmsg_type=54315 sclass=netlink_route_socket pig=4072 comm=syz-executor.2 EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 not in group (block 135266304)! syz-executor.4 calls setitimer() with new_value NULL pointer. Misfeature support will be removed EXT4-fs (loop5): group descriptors corrupted! FAT-fs (loop2): bogus number of FAT structure FAT-fs (loop2): Can't find a valid FAT filesystem netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. FAT-fs (loop2): bogus number of FAT structure FAT-fs (loop2): Can't find a valid FAT filesystem