possible deadlock in proc_pid_attr_write
5 views
Skip to first unread message
syzbot
Oct 27, 2019, 11:53:10 AM10/27/19
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: b98aebd2 Linux 4.14.150
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13296c4ce00000
kernel config: https://syzkaller.appspot.com/x/.config?x=c52c93b368dac5a7
dashboard link: https://syzkaller.appspot.com/bug?extid=fb469ad2c0cb8f47e8b2
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+fb469a...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
4.14.150 #0 Not tainted
------------------------------------------------------
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
syz-executor.4/30392 is trying to acquire lock:
(&sig->cred_guard_mutex){+.+.}, at: [<ffffffff81a75f33>]
proc_pid_attr_write+0x163/0x290 fs/proc/base.c:2585
but task is already holding lock:
(&pipe->mutex/1){+.+.}, at: [<ffffffff818f3e93>] pipe_lock_nested
fs/pipe.c:67 [inline]
(&pipe->mutex/1){+.+.}, at: [<ffffffff818f3e93>] pipe_lock+0x63/0x80
fs/pipe.c:75
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #3 (&pipe->mutex/1){+.+.}:
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xe8/0x1470 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
protocol 88fb is buggy, dev hsr_slave_0
pipe_lock_nested fs/pipe.c:67 [inline]
pipe_lock+0x63/0x80 fs/pipe.c:75
iter_file_splice_write+0x15e/0xad0 fs/splice.c:699
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0xd92/0x1430 fs/splice.c:1382
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
-> #2 (sb_writers#4){.+.+}
protocol 88fb is buggy, dev hsr_slave_1
:
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36
[inline]
percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
__sb_start_write+0x1ae/0x2f0 fs/super.c:1363
sb_start_write include/linux/fs.h:1548 [inline]
mnt_want_write+0x3f/0xb0 fs/namespace.c:386
ovl_want_write+0x76/0xa0 fs/overlayfs/util.c:25
ovl_create_object+0x79/0x1e0 fs/overlayfs/dir.c:538
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
ovl_create+0x28/0x30 fs/overlayfs/dir.c:563
lookup_open+0x11a6/0x1860 fs/namei.c:3240
do_last fs/namei.c:3331 [inline]
path_openat+0xfca/0x3f70 fs/namei.c:3566
do_filp_open+0x18e/0x250 fs/namei.c:3600
do_sys_open+0x2c5/0x430 fs/open.c:1084
SYSC_open fs/open.c:1102 [inline]
SyS_open fs/open.c:1097 [inline]
SYSC_creat fs/open.c:1142 [inline]
SyS_creat+0x27/0x30 fs/open.c:1140
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
-> #1
9pnet: Insufficient options for proto=fd
(&ovl_i_mutex_dir_key[depth]){++++}:
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
down_read+0x3b/0xb0 kernel/locking/rwsem.c:24
inode_lock_shared include/linux/fs.h:728 [inline]
do_last fs/namei.c:3330 [inline]
path_openat+0x191c/0x3f70 fs/namei.c:3566
do_filp_open+0x18e/0x250 fs/namei.c:3600
do_open_execat+0xe7/0x4a0 fs/exec.c:849
do_execveat_common.isra.0+0x6d5/0x1dd0 fs/exec.c:1740
do_execve fs/exec.c:1847 [inline]
SYSC_execve fs/exec.c:1928 [inline]
SyS_execve+0x39/0x50 fs/exec.c:1923
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
netlink: 4 bytes leftover after parsing attributes in process
`syz-executor.2'.
entry_SYSCALL_64_after_hwframe+0x42/0xb7
-> #0 (&sig->cred_guard_mutex){+.+.}:
check_prev_add kernel/locking/lockdep.c:1901 [inline]
check_prevs_add kernel/locking/lockdep.c:2018 [inline]
validate_chain kernel/locking/lockdep.c:2460 [inline]
__lock_acquire+0x2cb3/0x4620 kernel/locking/lockdep.c:3487
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
kobject: 'bridge1' (ffff88804afb1a70): kobject_add_internal: parent: 'net',
set: 'devices'
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xe8/0x1470 kernel/locking/mutex.c:893
mutex_lock_interruptible_nested+0x16/0x20 kernel/locking/mutex.c:930
proc_pid_attr_write+0x163/0x290 fs/proc/base.c:2585
__vfs_write+0x105/0x6b0 fs/read_write.c:480
kobject: 'bridge1' (ffff88804afb1a70): kobject_uevent_env
__kernel_write+0xfc/0x370 fs/read_write.c:501
write_pipe_buf+0x148/0x1c0 fs/splice.c:797
splice_from_pipe_feed fs/splice.c:502 [inline]
__splice_from_pipe+0x348/0x780 fs/splice.c:626
splice_from_pipe+0xf0/0x150 fs/splice.c:661
default_file_splice_write+0x3c/0x80 fs/splice.c:809
kobject: 'bridge1' (ffff88804afb1a70): fill_kobj_path: path
= '/devices/virtual/net/bridge1'
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0xd92/0x1430 fs/splice.c:1382
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
other info that might help us debug this:
Chain exists of:
&sig->cred_guard_mutex --> sb_writers#4 -->
kobject: 'queues' (ffff88804f232348): kobject_add_internal:
parent: 'bridge1', set: '<NULL>'
&pipe->mutex/1
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&pipe->mutex/1);
lock(sb_writers#4);
lock(&pipe->mutex/1);
lock(&sig->cred_guard_mutex);
*** DEADLOCK ***
2 locks held by syz-executor.4/30392:
#0: (sb_writers#7){.+.+}, at: [<ffffffff8198ed8a>] file_start_write
include/linux/fs.h:2707 [inline]
#0: (sb_writers#7){.+.+}, at: [<ffffffff8198ed8a>] do_splice
fs/splice.c:1146 [inline]
#0: (sb_writers#7){.+.+}, at: [<ffffffff8198ed8a>] SYSC_splice
fs/splice.c:1402 [inline]
#0: (sb_writers#7){.+.+}, at: [<ffffffff8198ed8a>]
SyS_splice+0xf3a/0x1430 fs/splice.c:1382
#1:
kobject: 'queues' (ffff88804f232348): kobject_uevent_env
(&pipe->mutex/1){+.+.}, at: [<ffffffff818f3e93>] pipe_lock_nested
fs/pipe.c:67 [inline]
(&pipe->mutex/1){+.+.}, at: [<ffffffff818f3e93>] pipe_lock+0x63/0x80
fs/pipe.c:75
stack backtrace:
CPU: 1 PID: 30392 Comm: syz-executor.4 Not tainted 4.14.150 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
kobject: 'queues' (ffff88804f232348): kobject_uevent_env: filter function
caused the event to drop!
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x138/0x197 lib/dump_stack.c:53
print_circular_bug.isra.0.cold+0x1cc/0x28f kernel/locking/lockdep.c:1258
check_prev_add kernel/locking/lockdep.c:1901 [inline]
check_prevs_add kernel/locking/lockdep.c:2018 [inline]
validate_chain kernel/locking/lockdep.c:2460 [inline]
__lock_acquire+0x2cb3/0x4620 kernel/locking/lockdep.c:3487
EXT4-fs warning (device sda1): ext4_group_extend:1770: can't read last
block, resize aborted
kobject: 'rx-0' (ffff88808ed69010): kobject_add_internal: parent: 'queues',
set: 'queues'
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
kobject: 'rx-0' (ffff88808ed69010): kobject_uevent_env
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xe8/0x1470 kernel/locking/mutex.c:893
kobject: 'rx-0' (ffff88808ed69010): fill_kobj_path: path
= '/devices/virtual/net/bridge1/queues/rx-0'
mutex_lock_interruptible_nested+0x16/0x20 kernel/locking/mutex.c:930
devpts: called with bogus options
proc_pid_attr_write+0x163/0x290 fs/proc/base.c:2585
__vfs_write+0x105/0x6b0 fs/read_write.c:480
__kernel_write+0xfc/0x370 fs/read_write.c:501
write_pipe_buf+0x148/0x1c0 fs/splice.c:797
kobject: 'tx-0' (ffff88804d6a1858): kobject_add_internal: parent: 'queues',
set: 'queues'
splice_from_pipe_feed fs/splice.c:502 [inline]
__splice_from_pipe+0x348/0x780 fs/splice.c:626
splice_from_pipe+0xf0/0x150 fs/splice.c:661
default_file_splice_write+0x3c/0x80 fs/splice.c:809
kobject: 'tx-0' (ffff88804d6a1858): kobject_uevent_env
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0xd92/0x1430 fs/splice.c:1382
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x459f39
RSP: 002b:00007f2ea3098c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000459f39
RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000006
RBP: 000000000075bfc8 R08: 0000000000010005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2ea30996d4
R13: 00000000004c9c73 R14: 00000000004e0910 R15: 00000000ffffffff
kobject: 'loop4' (ffff8880a4a8b7e0): kobject_uevent_env
kobject: 'tx-0' (ffff88804d6a1858): fill_kobj_path: path
= '/devices/virtual/net/bridge1/queues/tx-0'
kobject: 'loop4' (ffff8880a4a8b7e0): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'brif' (ffff88808f6df500): kobject_add_internal:
parent: 'bridge1', set: '<NULL>'
kobject: '9p-14' (ffff88804d897610): kobject_add_internal: parent: 'bdi',
set: 'devices'
kobject: 'batman_adv' (ffff88808f6df200): kobject_add_internal:
parent: 'bridge1', set: '<NULL>'
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
kobject: 'veth4' (ffff8880546133b0): kobject_add_internal: parent: 'net',
set: 'devices'
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'veth4' (ffff8880546133b0): kobject_uevent_env
kobject: '9p-14' (ffff88804d897610): kobject_uevent_env
kobject: 'veth4' (ffff8880546133b0): fill_kobj_path: path
= '/devices/virtual/net/veth4'
kobject: '9p-14' (ffff88804d897610): fill_kobj_path: path
= '/devices/virtual/bdi/9p-14'
kobject: 'queues' (ffff88809c186c48): kobject_add_internal:
parent: 'veth4', set: '<NULL>'
kobject: '9p-14' (ffff88804d897610): kobject_uevent_env
kobject: 'queues' (ffff88809c186c48): kobject_uevent_env
kobject: '9p-14' (ffff88804d897610): fill_kobj_path: path
= '/devices/virtual/bdi/9p-14'
kobject: 'queues' (ffff88809c186c48): kobject_uevent_env: filter function
caused the event to drop!
kobject: '9p-14' (ffff88804d897610): kobject_cleanup, parent
(null)
kobject: '9p-14' (ffff88804d897610): calling ktype release
kobject: 'rx-0' (ffff8880953c3c10): kobject_add_internal: parent: 'queues',
set: 'queues'
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: '9p-14': free name
kobject: 'rx-0' (ffff8880953c3c10): kobject_uevent_env
kobject: 'rx-0' (ffff8880953c3c10): fill_kobj_path: path
= '/devices/virtual/net/veth4/queues/rx-0'
kobject: 'tx-0' (ffff88808c20ba98): kobject_add_internal: parent: 'queues',
set: 'queues'
kobject: 'tx-0' (ffff88808c20ba98): kobject_uevent_env
kobject: 'tx-0' (ffff88808c20ba98): fill_kobj_path: path
= '/devices/virtual/net/veth4/queues/tx-0'
kobject: 'batman_adv' (ffff8880a5496900): kobject_add_internal:
parent: 'veth4', set: '<NULL>'
kobject: 'veth5' (ffff888054611370): kobject_add_internal: parent: 'net',
set: 'devices'
kobject: 'veth5' (ffff888054611370): kobject_uevent_env
kobject: 'veth5' (ffff888054611370): fill_kobj_path: path
= '/devices/virtual/net/veth5'
kobject: 'queues' (ffff88809c186848): kobject_add_internal:
parent: 'veth5', set: '<NULL>'
kobject: 'queues' (ffff88809c186848): kobject_uevent_env
kobject: 'queues' (ffff88809c186848): kobject_uevent_env: filter function
caused the event to drop!
kobject: 'rx-0' (ffff888098d1d0d0): kobject_add_internal: parent: 'queues',
set: 'queues'
kobject: 'rx-0' (ffff888098d1d0d0): kobject_uevent_env
kobject: 'rx-0' (ffff888098d1d0d0): fill_kobj_path: path
= '/devices/virtual/net/veth5/queues/rx-0'
kobject: 'tx-0' (ffff8880836592d8): kobject_add_internal: parent: 'queues',
set: 'queues'
kobject: 'tx-0' (ffff8880836592d8): kobject_uevent_env
kobject: 'tx-0' (ffff8880836592d8): fill_kobj_path: path
= '/devices/virtual/net/veth5/queues/tx-0'
kobject: 'batman_adv' (ffff888086b73400): kobject_add_internal:
parent: 'veth5', set: '<NULL>'
bridge1: port 1(veth5) entered blocking state
bridge1: port 1(veth5) entered disabled state
kobject: 'brport' (ffff888091c18150): kobject_add_internal:
parent: 'veth5', set: '<NULL>'
device veth5 entered promiscuous mode
kobject: 'brport' (ffff888091c18150): kobject_uevent_env
kobject: 'brport' (ffff888091c18150): kobject_uevent_env: filter function
caused the event to drop!
netlink: 4 bytes leftover after parsing attributes in process
`syz-executor.2'.
kobject: 'veth6' (ffff88800b29e630): kobject_add_internal: parent: 'net',
set: 'devices'
kobject: 'veth6' (ffff88800b29e630): kobject_uevent_env
kobject: 'veth6' (ffff88800b29e630): fill_kobj_path: path
= '/devices/virtual/net/veth6'
kobject: 'queues' (ffff88809c186048): kobject_add_internal:
parent: 'veth6', set: '<NULL>'
kobject: 'queues' (ffff88809c186048): kobject_uevent_env
kobject: 'queues' (ffff88809c186048): kobject_uevent_env: filter function
caused the event to drop!
kobject: 'rx-0' (ffff8880867ccb50): kobject_add_internal: parent: 'queues',
set: 'queues'
kobject: 'rx-0' (ffff8880867ccb50): kobject_uevent_env
kobject: 'rx-0' (ffff8880867ccb50): fill_kobj_path: path
= '/devices/virtual/net/veth6/queues/rx-0'
kobject: 'tx-0' (ffff888051a905d8): kobject_add_internal: parent: 'queues',
set: 'queues'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'tx-0' (ffff888051a905d8): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'tx-0' (ffff888051a905d8): fill_kobj_path: path
= '/devices/virtual/net/veth6/queues/tx-0'
kobject: 'batman_adv' (ffff88808b135e00): kobject_add_internal:
parent: 'veth6', set: '<NULL>'
kobject: 'veth7' (ffff88804d8d85f0): kobject_add_internal: parent: 'net',
set: 'devices'
kobject: 'veth7' (ffff88804d8d85f0): kobject_uevent_env
kobject: 'veth7' (ffff88804d8d85f0): fill_kobj_path: path
= '/devices/virtual/net/veth7'
kobject: 'queues' (ffff888092dc4b48): kobject_add_internal:
parent: 'veth7', set: '<NULL>'
kobject: 'queues' (ffff888092dc4b48): kobject_uevent_env
kobject: 'queues' (ffff888092dc4b48): kobject_uevent_env: filter function
caused the event to drop!
kobject: 'rx-0' (ffff88805e9c9a90): kobject_add_internal: parent: 'queues',
set: 'queues'
kobject: 'rx-0' (ffff88805e9c9a90): kobject_uevent_env
kobject: 'rx-0' (ffff88805e9c9a90): fill_kobj_path: path
= '/devices/virtual/net/veth7/queues/rx-0'
kobject: 'tx-0' (ffff888051a90ad8): kobject_add_internal: parent: 'queues',
set: 'queues'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'tx-0' (ffff888051a90ad8): kobject_uevent_env
kobject: 'tx-0' (ffff888051a90ad8): fill_kobj_path: path
= '/devices/virtual/net/veth7/queues/tx-0'
kobject: 'batman_adv' (ffff88809ffd4c00): kobject_add_internal:
parent: 'veth7', set: '<NULL>'
bridge1: port 2(veth7) entered blocking state
bridge1: port 2(veth7) entered disabled state
kobject: 'brport' (ffff88805708d7d0): kobject_add_internal:
parent: 'veth7', set: '<NULL>'
device veth7 entered promiscuous mode
kobject: 'brport' (ffff88805708d7d0): kobject_uevent_env
kobject: 'brport' (ffff88805708d7d0): kobject_uevent_env: filter function
caused the event to drop!
kobject: 'loop4' (ffff8880a4a8b7e0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop4' (ffff8880a4a8b7e0): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
selinux_nlmsg_perm: 22 callbacks suppressed
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30455 comm=syz-executor.4
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30455 comm=syz-executor.4
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30455 comm=syz-executor.4
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30455 comm=syz-executor.4
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30455 comm=syz-executor.4
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30455 comm=syz-executor.4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30455 comm=syz-executor.4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30455 comm=syz-executor.4
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30455 comm=syz-executor.4
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30455 comm=syz-executor.4
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop4' (ffff8880a4a8b7e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a8b7e0): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
audit: type=1400 audit(1572187907.502:946): avc: denied { map } for
pid=30487 comm="syz-executor.4" path="socket:[252961]" dev="sockfs"
ino=252961 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tclass=unix_stream_socket permissive=1
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop4' (ffff8880a4a8b7e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a8b7e0): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
net_ratelimit: 6 callbacks suppressed
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'loop4' (ffff8880a4a8b7e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a8b7e0): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop4' (ffff8880a4a8b7e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a8b7e0): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
netlink: 14 bytes leftover after parsing attributes in process
`syz-executor.1'.
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
netlink: 14 bytes leftover after parsing attributes in process
`syz-executor.1'.
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop4' (ffff8880a4a8b7e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a8b7e0): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
9pnet: p9_fd_create_tcp (30685): problem connecting socket to -27.0.0.1
9pnet: p9_fd_create_tcp (30687): problem connecting socket to -27.0.0.1
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop4' (ffff8880a4a8b7e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a8b7e0): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'loop4' (ffff8880a4a8b7e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a8b7e0): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
selinux_nlmsg_perm: 66 callbacks suppressed
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30763 comm=syz-executor.4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30763 comm=syz-executor.4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30763 comm=syz-executor.4
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30763 comm=syz-executor.4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30763 comm=syz-executor.4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30763 comm=syz-executor.4
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30763 comm=syz-executor.4
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30763 comm=syz-executor.4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30763 comm=syz-executor.4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30763 comm=syz-executor.4
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop4' (ffff8880a4a8b7e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a8b7e0): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop4' (ffff8880a4a8b7e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a8b7e0): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop4' (ffff8880a4a8b7e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a8b7e0): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
net_ratelimit: 4 callbacks suppressed
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: b98aebd2 Linux 4.14.150
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13296c4ce00000
kernel config: https://syzkaller.appspot.com/x/.config?x=c52c93b368dac5a7
dashboard link: https://syzkaller.appspot.com/bug?extid=fb469ad2c0cb8f47e8b2
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+fb469a...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
4.14.150 #0 Not tainted
------------------------------------------------------
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
syz-executor.4/30392 is trying to acquire lock:
(&sig->cred_guard_mutex){+.+.}, at: [<ffffffff81a75f33>]
proc_pid_attr_write+0x163/0x290 fs/proc/base.c:2585
but task is already holding lock:
(&pipe->mutex/1){+.+.}, at: [<ffffffff818f3e93>] pipe_lock_nested
fs/pipe.c:67 [inline]
(&pipe->mutex/1){+.+.}, at: [<ffffffff818f3e93>] pipe_lock+0x63/0x80
fs/pipe.c:75
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #3 (&pipe->mutex/1){+.+.}:
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xe8/0x1470 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
protocol 88fb is buggy, dev hsr_slave_0
pipe_lock_nested fs/pipe.c:67 [inline]
pipe_lock+0x63/0x80 fs/pipe.c:75
iter_file_splice_write+0x15e/0xad0 fs/splice.c:699
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0xd92/0x1430 fs/splice.c:1382
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
-> #2 (sb_writers#4){.+.+}
protocol 88fb is buggy, dev hsr_slave_1
:
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36
[inline]
percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
__sb_start_write+0x1ae/0x2f0 fs/super.c:1363
sb_start_write include/linux/fs.h:1548 [inline]
mnt_want_write+0x3f/0xb0 fs/namespace.c:386
ovl_want_write+0x76/0xa0 fs/overlayfs/util.c:25
ovl_create_object+0x79/0x1e0 fs/overlayfs/dir.c:538
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
ovl_create+0x28/0x30 fs/overlayfs/dir.c:563
lookup_open+0x11a6/0x1860 fs/namei.c:3240
do_last fs/namei.c:3331 [inline]
path_openat+0xfca/0x3f70 fs/namei.c:3566
do_filp_open+0x18e/0x250 fs/namei.c:3600
do_sys_open+0x2c5/0x430 fs/open.c:1084
SYSC_open fs/open.c:1102 [inline]
SyS_open fs/open.c:1097 [inline]
SYSC_creat fs/open.c:1142 [inline]
SyS_creat+0x27/0x30 fs/open.c:1140
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
-> #1
9pnet: Insufficient options for proto=fd
(&ovl_i_mutex_dir_key[depth]){++++}:
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
down_read+0x3b/0xb0 kernel/locking/rwsem.c:24
inode_lock_shared include/linux/fs.h:728 [inline]
do_last fs/namei.c:3330 [inline]
path_openat+0x191c/0x3f70 fs/namei.c:3566
do_filp_open+0x18e/0x250 fs/namei.c:3600
do_open_execat+0xe7/0x4a0 fs/exec.c:849
do_execveat_common.isra.0+0x6d5/0x1dd0 fs/exec.c:1740
do_execve fs/exec.c:1847 [inline]
SYSC_execve fs/exec.c:1928 [inline]
SyS_execve+0x39/0x50 fs/exec.c:1923
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
netlink: 4 bytes leftover after parsing attributes in process
`syz-executor.2'.
entry_SYSCALL_64_after_hwframe+0x42/0xb7
-> #0 (&sig->cred_guard_mutex){+.+.}:
check_prev_add kernel/locking/lockdep.c:1901 [inline]
check_prevs_add kernel/locking/lockdep.c:2018 [inline]
validate_chain kernel/locking/lockdep.c:2460 [inline]
__lock_acquire+0x2cb3/0x4620 kernel/locking/lockdep.c:3487
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
kobject: 'bridge1' (ffff88804afb1a70): kobject_add_internal: parent: 'net',
set: 'devices'
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xe8/0x1470 kernel/locking/mutex.c:893
mutex_lock_interruptible_nested+0x16/0x20 kernel/locking/mutex.c:930
proc_pid_attr_write+0x163/0x290 fs/proc/base.c:2585
__vfs_write+0x105/0x6b0 fs/read_write.c:480
kobject: 'bridge1' (ffff88804afb1a70): kobject_uevent_env
__kernel_write+0xfc/0x370 fs/read_write.c:501
write_pipe_buf+0x148/0x1c0 fs/splice.c:797
splice_from_pipe_feed fs/splice.c:502 [inline]
__splice_from_pipe+0x348/0x780 fs/splice.c:626
splice_from_pipe+0xf0/0x150 fs/splice.c:661
default_file_splice_write+0x3c/0x80 fs/splice.c:809
kobject: 'bridge1' (ffff88804afb1a70): fill_kobj_path: path
= '/devices/virtual/net/bridge1'
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0xd92/0x1430 fs/splice.c:1382
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
other info that might help us debug this:
Chain exists of:
&sig->cred_guard_mutex --> sb_writers#4 -->
kobject: 'queues' (ffff88804f232348): kobject_add_internal:
parent: 'bridge1', set: '<NULL>'
&pipe->mutex/1
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&pipe->mutex/1);
lock(sb_writers#4);
lock(&pipe->mutex/1);
lock(&sig->cred_guard_mutex);
*** DEADLOCK ***
2 locks held by syz-executor.4/30392:
#0: (sb_writers#7){.+.+}, at: [<ffffffff8198ed8a>] file_start_write
include/linux/fs.h:2707 [inline]
#0: (sb_writers#7){.+.+}, at: [<ffffffff8198ed8a>] do_splice
fs/splice.c:1146 [inline]
#0: (sb_writers#7){.+.+}, at: [<ffffffff8198ed8a>] SYSC_splice
fs/splice.c:1402 [inline]
#0: (sb_writers#7){.+.+}, at: [<ffffffff8198ed8a>]
SyS_splice+0xf3a/0x1430 fs/splice.c:1382
#1:
kobject: 'queues' (ffff88804f232348): kobject_uevent_env
(&pipe->mutex/1){+.+.}, at: [<ffffffff818f3e93>] pipe_lock_nested
fs/pipe.c:67 [inline]
(&pipe->mutex/1){+.+.}, at: [<ffffffff818f3e93>] pipe_lock+0x63/0x80
fs/pipe.c:75
stack backtrace:
CPU: 1 PID: 30392 Comm: syz-executor.4 Not tainted 4.14.150 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
kobject: 'queues' (ffff88804f232348): kobject_uevent_env: filter function
caused the event to drop!
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x138/0x197 lib/dump_stack.c:53
print_circular_bug.isra.0.cold+0x1cc/0x28f kernel/locking/lockdep.c:1258
check_prev_add kernel/locking/lockdep.c:1901 [inline]
check_prevs_add kernel/locking/lockdep.c:2018 [inline]
validate_chain kernel/locking/lockdep.c:2460 [inline]
__lock_acquire+0x2cb3/0x4620 kernel/locking/lockdep.c:3487
EXT4-fs warning (device sda1): ext4_group_extend:1770: can't read last
block, resize aborted
kobject: 'rx-0' (ffff88808ed69010): kobject_add_internal: parent: 'queues',
set: 'queues'
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
kobject: 'rx-0' (ffff88808ed69010): kobject_uevent_env
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xe8/0x1470 kernel/locking/mutex.c:893
kobject: 'rx-0' (ffff88808ed69010): fill_kobj_path: path
= '/devices/virtual/net/bridge1/queues/rx-0'
mutex_lock_interruptible_nested+0x16/0x20 kernel/locking/mutex.c:930
devpts: called with bogus options
proc_pid_attr_write+0x163/0x290 fs/proc/base.c:2585
__vfs_write+0x105/0x6b0 fs/read_write.c:480
__kernel_write+0xfc/0x370 fs/read_write.c:501
write_pipe_buf+0x148/0x1c0 fs/splice.c:797
kobject: 'tx-0' (ffff88804d6a1858): kobject_add_internal: parent: 'queues',
set: 'queues'
splice_from_pipe_feed fs/splice.c:502 [inline]
__splice_from_pipe+0x348/0x780 fs/splice.c:626
splice_from_pipe+0xf0/0x150 fs/splice.c:661
default_file_splice_write+0x3c/0x80 fs/splice.c:809
kobject: 'tx-0' (ffff88804d6a1858): kobject_uevent_env
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0xd92/0x1430 fs/splice.c:1382
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x459f39
RSP: 002b:00007f2ea3098c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000459f39
RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000006
RBP: 000000000075bfc8 R08: 0000000000010005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2ea30996d4
R13: 00000000004c9c73 R14: 00000000004e0910 R15: 00000000ffffffff
kobject: 'loop4' (ffff8880a4a8b7e0): kobject_uevent_env
kobject: 'tx-0' (ffff88804d6a1858): fill_kobj_path: path
= '/devices/virtual/net/bridge1/queues/tx-0'
kobject: 'loop4' (ffff8880a4a8b7e0): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'brif' (ffff88808f6df500): kobject_add_internal:
parent: 'bridge1', set: '<NULL>'
kobject: '9p-14' (ffff88804d897610): kobject_add_internal: parent: 'bdi',
set: 'devices'
kobject: 'batman_adv' (ffff88808f6df200): kobject_add_internal:
parent: 'bridge1', set: '<NULL>'
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
kobject: 'veth4' (ffff8880546133b0): kobject_add_internal: parent: 'net',
set: 'devices'
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'veth4' (ffff8880546133b0): kobject_uevent_env
kobject: '9p-14' (ffff88804d897610): kobject_uevent_env
kobject: 'veth4' (ffff8880546133b0): fill_kobj_path: path
= '/devices/virtual/net/veth4'
kobject: '9p-14' (ffff88804d897610): fill_kobj_path: path
= '/devices/virtual/bdi/9p-14'
kobject: 'queues' (ffff88809c186c48): kobject_add_internal:
parent: 'veth4', set: '<NULL>'
kobject: '9p-14' (ffff88804d897610): kobject_uevent_env
kobject: 'queues' (ffff88809c186c48): kobject_uevent_env
kobject: '9p-14' (ffff88804d897610): fill_kobj_path: path
= '/devices/virtual/bdi/9p-14'
kobject: 'queues' (ffff88809c186c48): kobject_uevent_env: filter function
caused the event to drop!
kobject: '9p-14' (ffff88804d897610): kobject_cleanup, parent
(null)
kobject: '9p-14' (ffff88804d897610): calling ktype release
kobject: 'rx-0' (ffff8880953c3c10): kobject_add_internal: parent: 'queues',
set: 'queues'
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: '9p-14': free name
kobject: 'rx-0' (ffff8880953c3c10): kobject_uevent_env
kobject: 'rx-0' (ffff8880953c3c10): fill_kobj_path: path
= '/devices/virtual/net/veth4/queues/rx-0'
kobject: 'tx-0' (ffff88808c20ba98): kobject_add_internal: parent: 'queues',
set: 'queues'
kobject: 'tx-0' (ffff88808c20ba98): kobject_uevent_env
kobject: 'tx-0' (ffff88808c20ba98): fill_kobj_path: path
= '/devices/virtual/net/veth4/queues/tx-0'
kobject: 'batman_adv' (ffff8880a5496900): kobject_add_internal:
parent: 'veth4', set: '<NULL>'
kobject: 'veth5' (ffff888054611370): kobject_add_internal: parent: 'net',
set: 'devices'
kobject: 'veth5' (ffff888054611370): kobject_uevent_env
kobject: 'veth5' (ffff888054611370): fill_kobj_path: path
= '/devices/virtual/net/veth5'
kobject: 'queues' (ffff88809c186848): kobject_add_internal:
parent: 'veth5', set: '<NULL>'
kobject: 'queues' (ffff88809c186848): kobject_uevent_env
kobject: 'queues' (ffff88809c186848): kobject_uevent_env: filter function
caused the event to drop!
kobject: 'rx-0' (ffff888098d1d0d0): kobject_add_internal: parent: 'queues',
set: 'queues'
kobject: 'rx-0' (ffff888098d1d0d0): kobject_uevent_env
kobject: 'rx-0' (ffff888098d1d0d0): fill_kobj_path: path
= '/devices/virtual/net/veth5/queues/rx-0'
kobject: 'tx-0' (ffff8880836592d8): kobject_add_internal: parent: 'queues',
set: 'queues'
kobject: 'tx-0' (ffff8880836592d8): kobject_uevent_env
kobject: 'tx-0' (ffff8880836592d8): fill_kobj_path: path
= '/devices/virtual/net/veth5/queues/tx-0'
kobject: 'batman_adv' (ffff888086b73400): kobject_add_internal:
parent: 'veth5', set: '<NULL>'
bridge1: port 1(veth5) entered blocking state
bridge1: port 1(veth5) entered disabled state
kobject: 'brport' (ffff888091c18150): kobject_add_internal:
parent: 'veth5', set: '<NULL>'
device veth5 entered promiscuous mode
kobject: 'brport' (ffff888091c18150): kobject_uevent_env
kobject: 'brport' (ffff888091c18150): kobject_uevent_env: filter function
caused the event to drop!
netlink: 4 bytes leftover after parsing attributes in process
`syz-executor.2'.
kobject: 'veth6' (ffff88800b29e630): kobject_add_internal: parent: 'net',
set: 'devices'
kobject: 'veth6' (ffff88800b29e630): kobject_uevent_env
kobject: 'veth6' (ffff88800b29e630): fill_kobj_path: path
= '/devices/virtual/net/veth6'
kobject: 'queues' (ffff88809c186048): kobject_add_internal:
parent: 'veth6', set: '<NULL>'
kobject: 'queues' (ffff88809c186048): kobject_uevent_env
kobject: 'queues' (ffff88809c186048): kobject_uevent_env: filter function
caused the event to drop!
kobject: 'rx-0' (ffff8880867ccb50): kobject_add_internal: parent: 'queues',
set: 'queues'
kobject: 'rx-0' (ffff8880867ccb50): kobject_uevent_env
kobject: 'rx-0' (ffff8880867ccb50): fill_kobj_path: path
= '/devices/virtual/net/veth6/queues/rx-0'
kobject: 'tx-0' (ffff888051a905d8): kobject_add_internal: parent: 'queues',
set: 'queues'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'tx-0' (ffff888051a905d8): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'tx-0' (ffff888051a905d8): fill_kobj_path: path
= '/devices/virtual/net/veth6/queues/tx-0'
kobject: 'batman_adv' (ffff88808b135e00): kobject_add_internal:
parent: 'veth6', set: '<NULL>'
kobject: 'veth7' (ffff88804d8d85f0): kobject_add_internal: parent: 'net',
set: 'devices'
kobject: 'veth7' (ffff88804d8d85f0): kobject_uevent_env
kobject: 'veth7' (ffff88804d8d85f0): fill_kobj_path: path
= '/devices/virtual/net/veth7'
kobject: 'queues' (ffff888092dc4b48): kobject_add_internal:
parent: 'veth7', set: '<NULL>'
kobject: 'queues' (ffff888092dc4b48): kobject_uevent_env
kobject: 'queues' (ffff888092dc4b48): kobject_uevent_env: filter function
caused the event to drop!
kobject: 'rx-0' (ffff88805e9c9a90): kobject_add_internal: parent: 'queues',
set: 'queues'
kobject: 'rx-0' (ffff88805e9c9a90): kobject_uevent_env
kobject: 'rx-0' (ffff88805e9c9a90): fill_kobj_path: path
= '/devices/virtual/net/veth7/queues/rx-0'
kobject: 'tx-0' (ffff888051a90ad8): kobject_add_internal: parent: 'queues',
set: 'queues'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'tx-0' (ffff888051a90ad8): kobject_uevent_env
kobject: 'tx-0' (ffff888051a90ad8): fill_kobj_path: path
= '/devices/virtual/net/veth7/queues/tx-0'
kobject: 'batman_adv' (ffff88809ffd4c00): kobject_add_internal:
parent: 'veth7', set: '<NULL>'
bridge1: port 2(veth7) entered blocking state
bridge1: port 2(veth7) entered disabled state
kobject: 'brport' (ffff88805708d7d0): kobject_add_internal:
parent: 'veth7', set: '<NULL>'
device veth7 entered promiscuous mode
kobject: 'brport' (ffff88805708d7d0): kobject_uevent_env
kobject: 'brport' (ffff88805708d7d0): kobject_uevent_env: filter function
caused the event to drop!
kobject: 'loop4' (ffff8880a4a8b7e0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop4' (ffff8880a4a8b7e0): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
selinux_nlmsg_perm: 22 callbacks suppressed
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30455 comm=syz-executor.4
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30455 comm=syz-executor.4
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30455 comm=syz-executor.4
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30455 comm=syz-executor.4
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30455 comm=syz-executor.4
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30455 comm=syz-executor.4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30455 comm=syz-executor.4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30455 comm=syz-executor.4
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30455 comm=syz-executor.4
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30455 comm=syz-executor.4
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop4' (ffff8880a4a8b7e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a8b7e0): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
audit: type=1400 audit(1572187907.502:946): avc: denied { map } for
pid=30487 comm="syz-executor.4" path="socket:[252961]" dev="sockfs"
ino=252961 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tclass=unix_stream_socket permissive=1
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop4' (ffff8880a4a8b7e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a8b7e0): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
net_ratelimit: 6 callbacks suppressed
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'loop4' (ffff8880a4a8b7e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a8b7e0): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop4' (ffff8880a4a8b7e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a8b7e0): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
netlink: 14 bytes leftover after parsing attributes in process
`syz-executor.1'.
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
netlink: 14 bytes leftover after parsing attributes in process
`syz-executor.1'.
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop0' (ffff8880860ba560): kobject_uevent_env
kobject: 'loop0' (ffff8880860ba560): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop4' (ffff8880a4a8b7e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a8b7e0): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
9pnet: p9_fd_create_tcp (30685): problem connecting socket to -27.0.0.1
9pnet: p9_fd_create_tcp (30687): problem connecting socket to -27.0.0.1
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop4' (ffff8880a4a8b7e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a8b7e0): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'loop4' (ffff8880a4a8b7e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a8b7e0): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
selinux_nlmsg_perm: 66 callbacks suppressed
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30763 comm=syz-executor.4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30763 comm=syz-executor.4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30763 comm=syz-executor.4
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30763 comm=syz-executor.4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30763 comm=syz-executor.4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30763 comm=syz-executor.4
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30763 comm=syz-executor.4
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30763 comm=syz-executor.4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30763 comm=syz-executor.4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=30763 comm=syz-executor.4
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop4' (ffff8880a4a8b7e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a8b7e0): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop4' (ffff8880a4a8b7e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a8b7e0): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop4' (ffff8880a4a8b7e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a8b7e0): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
net_ratelimit: 4 callbacks suppressed
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff8880a6eb0ad0): kobject_uevent_env
kobject: 'loop2' (ffff8880a494e5e0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6eb0ad0): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8880a494e5e0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
May 23, 2020, 11:46:09 AM5/23/20
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages