[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   34.161869] random: sshd: uninitialized urandom read (32 bytes read)
[   34.489879] audit: type=1400 audit(1537530105.490:6): avc:  denied  { map } for  pid=5509 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   34.539434] random: sshd: uninitialized urandom read (32 bytes read)
[   35.188643] random: sshd: uninitialized urandom read (32 bytes read)
[  132.348096] random: sshd: uninitialized urandom read (32 bytes read)
[  132.528579] sshd (5518) used greatest stack depth: 15976 bytes left
Warning: Permanently added '10.128.10.43' (ECDSA) to the list of known hosts.
[  137.942657] random: sshd: uninitialized urandom read (32 bytes read)
[  138.076272] audit: type=1400 audit(1537530209.080:7): avc:  denied  { map } for  pid=5523 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/09/21 11:43:29 parsed 1 programs
[  138.569545] audit: type=1400 audit(1537530209.570:8): avc:  denied  { map } for  pid=5523 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14719 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[  139.031024] random: cc1: uninitialized urandom read (8 bytes read)
2018/09/21 11:43:31 executed programs: 0
[  140.594401] audit: type=1400 audit(1537530211.600:9): avc:  denied  { map } for  pid=5523 comm="syz-execprog" path="/root/syzkaller-shm416681042" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[  140.628722] IPVS: ftp: loaded support on port[0] = 21
[  140.871560] bridge0: port 1(bridge_slave_0) entered blocking state
[  140.878276] bridge0: port 1(bridge_slave_0) entered disabled state
[  140.885514] device bridge_slave_0 entered promiscuous mode
[  140.903630] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.910002] bridge0: port 2(bridge_slave_1) entered disabled state
[  140.916995] device bridge_slave_1 entered promiscuous mode
[  140.934010] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  140.952215] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  141.000739] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  141.021367] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  141.095828] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  141.103215] team0: Port device team_slave_0 added
[  141.121017] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  141.128294] team0: Port device team_slave_1 added
[  141.145029] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  141.164609] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  141.183516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  141.205073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  141.353403] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.359857] bridge0: port 2(bridge_slave_1) entered forwarding state
[  141.366800] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.373248] bridge0: port 1(bridge_slave_0) entered forwarding state
[  141.883317] 8021q: adding VLAN 0 to HW filter on device bond0
[  141.934349] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  141.987162] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  141.993352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  142.001352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  142.053717] 8021q: adding VLAN 0 to HW filter on device team0
[  142.360527] netlink: 'syz-executor0': attribute type 1 has an invalid length.
[  142.377497] netlink: 'syz-executor0': attribute type 1 has an invalid length.
[  142.385295] 
[  142.386920] ======================================================
[  142.393213] WARNING: possible circular locking dependency detected
[  142.399510] 4.19.0-rc4+ #27 Not tainted
[  142.403464] ------------------------------------------------------
[  142.409762] syz-executor0/5794 is trying to acquire lock:
[  142.415276] 000000007157f60c ((wq_completion)bond_dev->name){+.+.}, at: flush_workqueue+0x2db/0x1e10
[  142.424545] 
[  142.424545] but task is already holding lock:
[  142.430497] 000000003eb4934e (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x40e/0xc20
[  142.438310] 
[  142.438310] which lock already depends on the new lock.
[  142.438310] 
[  142.446625] 
[  142.446625] the existing dependency chain (in reverse order) is:
[  142.454223] 
[  142.454223] -> #2 (rtnl_mutex){+.+.}:
[  142.459493]        __mutex_lock+0x166/0x1700
[  142.463894]        mutex_lock_nested+0x16/0x20
[  142.468458]        rtnl_lock+0x17/0x20
[  142.472328]        bond_netdev_notify_work+0x44/0xd0
[  142.477418]        process_one_work+0xc90/0x1b90
[  142.482171]        worker_thread+0x17f/0x1390
[  142.486682]        kthread+0x35a/0x420
[  142.490567]        ret_from_fork+0x3a/0x50
[  142.494788] 
[  142.494788] -> #1 ((work_completion)(&(&nnw->work)->work)){+.+.}:
[  142.502510]        process_one_work+0xc0a/0x1b90
[  142.507259]        worker_thread+0x17f/0x1390
[  142.511749]        kthread+0x35a/0x420
[  142.515631]        ret_from_fork+0x3a/0x50
[  142.519850] 
[  142.519850] -> #0 ((wq_completion)bond_dev->name){+.+.}:
[  142.526810]        lock_acquire+0x1ed/0x520
[  142.531130]        flush_workqueue+0x30a/0x1e10
[  142.535793]        drain_workqueue+0x2a9/0x640
[  142.540370]        destroy_workqueue+0xc6/0x9c0
[  142.545034]        __alloc_workqueue_key+0xed8/0x1170
[  142.550215]        bond_init+0x274/0x970
[  142.554273]        register_netdevice+0x332/0x10f0
[  142.559195]        bond_newlink+0x49/0xa0
[  142.563599]        rtnl_newlink+0xec6/0x1d40
[  142.567999]        rtnetlink_rcv_msg+0x46a/0xc20
[  142.572753]        netlink_rcv_skb+0x172/0x440
[  142.577331]        rtnetlink_rcv+0x1c/0x20
[  142.581575]        netlink_unicast+0x5a5/0x760
[  142.586158]        netlink_sendmsg+0xa18/0xfc0
[  142.590735]        sock_sendmsg+0xd5/0x120
[  142.594980]        ___sys_sendmsg+0x7fd/0x930
[  142.599471]        __sys_sendmsg+0x11d/0x280
[  142.603893]        __x64_sys_sendmsg+0x78/0xb0
[  142.608474]        do_syscall_64+0x1b9/0x820
[  142.612895]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  142.618596] 
[  142.618596] other info that might help us debug this:
[  142.618596] 
[  142.626742] Chain exists of:
[  142.626742]   (wq_completion)bond_dev->name --> (work_completion)(&(&nnw->work)->work) --> rtnl_mutex
[  142.626742] 
[  142.640461]  Possible unsafe locking scenario:
[  142.640461] 
[  142.646510]        CPU0                    CPU1
[  142.651168]        ----                    ----
[  142.655822]   lock(rtnl_mutex);
[  142.659118]                                lock((work_completion)(&(&nnw->work)->work));
[  142.667340]                                lock(rtnl_mutex);
[  142.673130]   lock((wq_completion)bond_dev->name);
[  142.678070] 
[  142.678070]  *** DEADLOCK ***
[  142.678070] 
[  142.684132] 1 lock held by syz-executor0/5794:
[  142.688702]  #0: 000000003eb4934e (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x40e/0xc20
[  142.696862] 
[  142.696862] stack backtrace:
[  142.701377] CPU: 0 PID: 5794 Comm: syz-executor0 Not tainted 4.19.0-rc4+ #27
[  142.708553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  142.717901] Call Trace:
[  142.720488]  dump_stack+0x1c4/0x2b4
[  142.724115]  ? dump_stack_print_info.cold.2+0x52/0x52
[  142.729304]  ? vprintk_func+0x85/0x181
[  142.733193]  print_circular_bug.isra.33.cold.54+0x1bd/0x27d
[  142.738905]  ? save_trace+0xe0/0x290
[  142.742619]  __lock_acquire+0x33e4/0x4ec0
[  142.746762]  ? graph_lock+0x170/0x170
[  142.750566]  ? mark_held_locks+0x130/0x130
[  142.754799]  ? graph_lock+0x170/0x170
[  142.758596]  ? __lock_is_held+0xb5/0x140
[  142.762663]  ? __lock_is_held+0xb5/0x140
[  142.766743]  ? select_task_rq_fair+0x34f0/0x34f0
[  142.771511]  ? graph_lock+0x170/0x170
[  142.775310]  ? print_usage_bug+0xc0/0xc0
[  142.779368]  ? pick_next_task_fair+0x98e/0x17c0
[  142.784046]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  142.789577]  ? check_preemption_disabled+0x48/0x200
[  142.794610]  lock_acquire+0x1ed/0x520
[  142.798427]  ? flush_workqueue+0x2db/0x1e10
[  142.802751]  ? lock_release+0x970/0x970
[  142.806724]  ? lockdep_init_map+0x9/0x10
[  142.810783]  ? __init_waitqueue_head+0x9e/0x150
[  142.815452]  ? init_wait_entry+0x1c0/0x1c0
[  142.819690]  flush_workqueue+0x30a/0x1e10
[  142.823833]  ? flush_workqueue+0x2db/0x1e10
[  142.828172]  ? lock_acquire+0x1ed/0x520
[  142.832142]  ? drain_workqueue+0xa9/0x640
[  142.836291]  ? lock_release+0x970/0x970
[  142.840268]  ? preempt_notifier_register+0x200/0x200
[  142.845369]  ? __switch_to_asm+0x34/0x70
[  142.849433]  ? __switch_to_asm+0x34/0x70
[  142.853493]  ? __switch_to_asm+0x40/0x70
[  142.857556]  ? flush_rcu_work+0x90/0x90
[  142.861539]  ? graph_lock+0x170/0x170
[  142.865352]  ? __mutex_lock+0x85e/0x1700
[  142.869412]  ? __schedule+0x874/0x1ed0
[  142.873299]  ? drain_workqueue+0xa9/0x640
[  142.877447]  ? find_held_lock+0x36/0x1c0
[  142.881510]  ? drain_workqueue+0x13f/0x640
[  142.885742]  ? lock_downgrade+0x900/0x900
[  142.889913]  ? graph_lock+0x170/0x170
[  142.893712]  ? find_held_lock+0x36/0x1c0
[  142.898233]  ? kasan_check_write+0x14/0x20
[  142.902483]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  142.907416]  ? wait_for_completion+0x8a0/0x8a0
[  142.912004]  ? do_raw_spin_unlock+0xa7/0x2f0
[  142.916416]  drain_workqueue+0x2a9/0x640
[  142.920479]  ? drain_workqueue+0x2a9/0x640
[  142.924716]  ? flush_workqueue+0x1e10/0x1e10
[  142.929119]  ? save_stack+0xa9/0xd0
[  142.932742]  ? save_stack+0x43/0xd0
[  142.936369]  ? __kasan_slab_free+0x102/0x150
[  142.940773]  ? kasan_slab_free+0xe/0x10
[  142.944743]  ? kfree+0xcf/0x230
[  142.948022]  ? print_usage_bug+0xc0/0xc0
[  142.952092]  ? register_netdevice+0x332/0x10f0
[  142.956671]  ? bond_newlink+0x49/0xa0
[  142.960493]  ? rtnl_newlink+0xec6/0x1d40
[  142.964549]  ? rtnetlink_rcv_msg+0x46a/0xc20
[  142.968955]  ? netlink_rcv_skb+0x172/0x440
[  142.973185]  ? rtnetlink_rcv+0x1c/0x20
[  142.977086]  ? netlink_unicast+0x5a5/0x760
[  142.981320]  ? netlink_sendmsg+0xa18/0xfc0
[  142.985592]  ? sock_sendmsg+0xd5/0x120
[  142.989483]  destroy_workqueue+0xc6/0x9c0
[  142.993632]  ? kasan_check_write+0x14/0x20
[  142.997862]  ? wq_watchdog_timer_fn+0x810/0x810
[  143.002825]  ? mark_held_locks+0xc7/0x130
[  143.006969]  ? kfree+0x107/0x230
[  143.010334]  ? kfree+0x107/0x230
[  143.013699]  ? lockdep_hardirqs_on+0x421/0x5c0
[  143.018278]  ? trace_hardirqs_on+0xbd/0x310
[  143.022628]  ? init_rescuer.part.25+0x155/0x190
[  143.027309]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  143.032756]  ? __kasan_slab_free+0x119/0x150
[  143.037163]  ? init_rescuer.part.25+0x155/0x190
[  143.041834]  __alloc_workqueue_key+0xed8/0x1170
[  143.046502]  ? workqueue_sysfs_register+0x3f0/0x3f0
[  143.051518]  ? put_dec+0xf0/0xf0
[  143.054893]  ? format_decode+0x1b2/0xaf0
[  143.058953]  ? set_precision+0xe0/0xe0
[  143.062835]  ? simple_strtoll+0xa0/0xa0
[  143.066812]  ? graph_lock+0x170/0x170
[  143.070614]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  143.076150]  ? find_held_lock+0x36/0x1c0
[  143.080210]  ? lock_downgrade+0x900/0x900
[  143.084354]  ? check_preemption_disabled+0x48/0x200
[  143.089374]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[  143.095189]  ? kasan_check_read+0x11/0x20
[  143.099337]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  143.104612]  ? rcu_bh_qs+0xc0/0xc0
[  143.108155]  bond_init+0x274/0x970
[  143.111705]  ? __dev_get_by_name+0x170/0x170
[  143.116107]  ? bond_set_rx_mode+0x560/0x560
[  143.120426]  ? rtnl_is_locked+0xb5/0xf0
[  143.124398]  ? bond_set_rx_mode+0x560/0x560
[  143.128744]  register_netdevice+0x332/0x10f0
[  143.133159]  ? netdev_change_features+0x110/0x110
[  143.138003]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  143.143538]  ? ns_capable_common+0x13f/0x170
[  143.147948]  bond_newlink+0x49/0xa0
[  143.151572]  ? bond_changelink+0x2370/0x2370
[  143.155981]  rtnl_newlink+0xec6/0x1d40
[  143.159887]  ? rtnl_link_unregister+0x390/0x390
[  143.164560]  ? print_usage_bug+0xc0/0xc0
[  143.168619]  ? __lock_acquire+0x7ec/0x4ec0
[  143.172852]  ? graph_lock+0x170/0x170
[  143.176667]  ? print_usage_bug+0xc0/0xc0
[  143.180724]  ? __lock_acquire+0x7ec/0x4ec0
[  143.184955]  ? print_usage_bug+0xc0/0xc0
[  143.189012]  ? mark_held_locks+0x130/0x130
[  143.193249]  ? find_held_lock+0x36/0x1c0
[  143.197305]  ? lock_acquire+0x1ed/0x520
[  143.201274]  ? rtnetlink_rcv_msg+0x40e/0xc20
[  143.205681]  ? lock_release+0x970/0x970
[  143.209660]  ? arch_local_save_flags+0x40/0x40
[  143.214251]  ? mutex_trylock+0x2b0/0x2b0
[  143.218312]  ? __lock_acquire+0x7ec/0x4ec0
[  143.222548]  ? is_bpf_text_address+0xd3/0x170
[  143.227039]  ? graph_lock+0x170/0x170
[  143.230858]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  143.236402]  ? rtnl_get_link+0x170/0x370
[  143.240462]  ? rtnl_dump_all+0x600/0x600
[  143.244522]  ? kasan_check_read+0x11/0x20
[  143.248669]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  143.253941]  ? ns_capable_common+0x13f/0x170
[  143.258350]  ? rtnl_link_unregister+0x390/0x390
[  143.263015]  rtnetlink_rcv_msg+0x46a/0xc20
[  143.267271]  ? rtnetlink_put_metrics+0x690/0x690
[  143.272037]  netlink_rcv_skb+0x172/0x440
[  143.276098]  ? rtnetlink_put_metrics+0x690/0x690
[  143.280851]  ? netlink_ack+0xb80/0xb80
[  143.284768]  rtnetlink_rcv+0x1c/0x20
[  143.288483]  netlink_unicast+0x5a5/0x760
[  143.292546]  ? netlink_attachskb+0x9a0/0x9a0
[  143.296954]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  143.302492]  netlink_sendmsg+0xa18/0xfc0
[  143.306555]  ? netlink_unicast+0x760/0x760
[  143.310788]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  143.316325]  ? security_socket_sendmsg+0x94/0xc0
[  143.321079]  ? netlink_unicast+0x760/0x760
[  143.325313]  sock_sendmsg+0xd5/0x120
[  143.329023]  ___sys_sendmsg+0x7fd/0x930
[  143.332999]  ? copy_msghdr_from_user+0x580/0x580
[  143.337755]  ? __fd_install+0x2b5/0x8f0
[  143.341728]  ? check_preemption_disabled+0x48/0x200
[  143.346744]  ? __fget_light+0x2e9/0x430
[  143.350714]  ? fget_raw+0x20/0x20
[  143.354194]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  143.359726]  ? __fd_install+0x2f9/0x8f0
[  143.363701]  ? get_unused_fd_flags+0x1a0/0x1a0
[  143.368285]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  143.373817]  ? sockfd_lookup_light+0xc5/0x160
[  143.378316]  __sys_sendmsg+0x11d/0x280
[  143.382200]  ? __ia32_sys_shutdown+0x80/0x80
[  143.386618]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[  143.391722]  ? __x64_sys_futex+0x47f/0x6a0
[  143.395954]  ? do_syscall_64+0x9a/0x820
[  143.399927]  ? do_syscall_64+0x9a/0x820
[  143.403915]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  143.409364]  ? trace_hardirqs_off+0xb8/0x310
[  143.413772]  __x64_sys_sendmsg+0x78/0xb0
[  143.417831]  do_syscall_64+0x1b9/0x820
[  143.421749]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  143.427122]  ? syscall_return_slowpath+0x5e0/0x5e0
[  143.432082]  ? trace_hardirqs_on_caller+0x310/0x310
[  143.437102]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  143.442133]  ? recalc_sigpending_tsk+0x180/0x180
[  143.446900]  ? kasan_check_write+0x14/0x20
[  143.451140]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  143.455986]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  143.461173] RIP: 0033:0x457679
[  143.464367] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  143.483266] RSP: 002b:00007fb6d605dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  143.490994] RAX: ffffffffffffffda RBX: 00007fb6d605e6d4 RCX: 0000000000457679
[  143.498257] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000004
[  143.505524] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  143.512787] R10: 00000000000000