[ 35.402341] audit: type=1800 audit(1583096055.346:33): pid=7260 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 35.431066] audit: type=1800 audit(1583096055.346:34): pid=7260 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 37.648310] random: sshd: uninitialized urandom read (32 bytes read) [ 37.831356] audit: type=1400 audit(1583096057.776:35): avc: denied { map } for pid=7430 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 37.880750] random: sshd: uninitialized urandom read (32 bytes read) [ 38.599799] random: sshd: uninitialized urandom read (32 bytes read) [ 38.793820] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts. [ 44.361287] random: sshd: uninitialized urandom read (32 bytes read) [ 44.485845] audit: type=1400 audit(1583096064.426:36): avc: denied { map } for pid=7442 comm="syz-executor260" path="/root/syz-executor260996687" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 44.761073] IPVS: ftp: loaded support on port[0] = 21 [ 45.571172] chnl_net:caif_netlink_parms(): no params data found [ 45.618513] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.625303] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.632919] device bridge_slave_0 entered promiscuous mode [ 45.640000] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.646503] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.653516] device bridge_slave_1 entered promiscuous mode [ 45.669449] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 45.678294] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 45.695180] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 45.702379] team0: Port device team_slave_0 added [ 45.707914] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 45.715269] team0: Port device team_slave_1 added [ 45.729029] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.735335] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.760585] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.771617] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.777840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.803054] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.813459] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 45.821023] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 45.872332] device hsr_slave_0 entered promiscuous mode [ 45.910342] device hsr_slave_1 entered promiscuous mode [ 45.980792] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 45.987833] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 46.037138] audit: type=1400 audit(1583096065.976:37): avc: denied { create } for pid=7443 comm="syz-executor260" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 46.056049] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.061853] audit: type=1400 audit(1583096065.976:38): avc: denied { write } for pid=7443 comm="syz-executor260" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 46.067562] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.091680] audit: type=1400 audit(1583096065.986:39): avc: denied { read } for pid=7443 comm="syz-executor260" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 46.098373] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.128086] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.162232] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 46.168304] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.176876] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 46.186479] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.194517] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.211526] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.221238] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 46.227309] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.236036] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.243749] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.250136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.259326] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.267269] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.273702] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.291365] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.299080] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.308806] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 46.315802] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.326253] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.335830] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 46.341996] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 46.355803] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 46.364296] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 46.371456] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 46.383318] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.441351] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 46.453611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 46.487223] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 46.494300] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 46.501133] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 46.509842] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 46.517884] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 46.524885] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 46.533458] device veth0_vlan entered promiscuous mode [ 46.542624] device veth1_vlan entered promiscuous mode [ 46.548362] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 46.556899] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 46.568226] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 46.575414] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 46.582994] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 46.590166] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 46.599203] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 46.606246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 46.613977] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 46.623031] device veth0_macvtap entered promiscuous mode [ 46.629021] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 46.637543] device veth1_macvtap entered promiscuous mode [ 46.644021] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 46.652554] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 46.662006] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 46.671107] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 46.678131] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.686480] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 46.693876] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 46.701156] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 46.708709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.719383] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 46.726981] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.734032] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 46.742013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 47.177379] [ 47.179098] ============================================ [ 47.184525] WARNING: possible recursive locking detected [ 47.189948] 4.14.172-syzkaller #0 Not tainted [ 47.194411] -------------------------------------------- [ 47.199831] swapper/0/0 is trying to acquire lock: [ 47.204729] (&port_lock_key){-.-.}, at: [] uart_write+0x109/0x4e0 [ 47.212633] [ 47.212633] but task is already holding lock: [ 47.218631] (&port_lock_key){-.-.}, at: [] serial8250_handle_irq.part.0+0x20/0x240 [ 47.227979] [ 47.227979] other info that might help us debug this: [ 47.234620] Possible unsafe locking scenario: [ 47.234620] [ 47.240650] CPU0 [ 47.243205] ---- [ 47.245781] lock(&port_lock_key); [ 47.249397] lock(&port_lock_key); [ 47.252996] [ 47.252996] *** DEADLOCK *** [ 47.252996] [ 47.259026] May be due to missing lock nesting notation [ 47.259026] [ 47.265924] 3 locks held by swapper/0/0: [ 47.270047] #0: (&(&i->lock)->rlock){-.-.}, at: [] serial8250_interrupt+0x2b/0x1a0 [ 47.279472] #1: (&port_lock_key){-.-.}, at: [] serial8250_handle_irq.part.0+0x20/0x240 [ 47.289249] #2: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref+0x1b/0x80 [ 47.297728] [ 47.297728] stack backtrace: [ 47.302204] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.14.172-syzkaller #0 [ 47.309282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.318615] Call Trace: [ 47.321176] [ 47.323305] dump_stack+0x13e/0x194 [ 47.326908] __lock_acquire.cold+0x2bf/0x8dc [ 47.331299] ? __lock_acquire+0x5f7/0x4620 [ 47.335513] ? trace_hardirqs_on+0x10/0x10 [ 47.339724] ? trace_hardirqs_on+0x10/0x10 [ 47.343935] ? save_trace+0x290/0x290 [ 47.347722] ? __lock_acquire+0x5f7/0x4620 [ 47.351972] lock_acquire+0x170/0x3f0 [ 47.355748] ? uart_write+0x109/0x4e0 [ 47.359523] ? lock_acquire+0x170/0x3f0 [ 47.363485] _raw_spin_lock_irqsave+0x8c/0xbf [ 47.367955] ? uart_write+0x109/0x4e0 [ 47.371731] uart_write+0x109/0x4e0 [ 47.375334] ? n_hdlc_buf_get+0x194/0x220 [ 47.379457] ? uart_wait_until_sent+0x480/0x480 [ 47.384100] n_hdlc_send_frames+0x23c/0x3f0 [ 47.388403] n_hdlc_tty_wakeup+0x95/0xb0 [ 47.392476] ? n_hdlc_tty_receive+0x2a0/0x2a0 [ 47.396958] tty_wakeup+0xc3/0xf0 [ 47.400391] tty_port_default_wakeup+0x26/0x40 [ 47.404949] serial8250_tx_chars+0x400/0x9e0 [ 47.409337] serial8250_handle_irq.part.0+0x1f8/0x240 [ 47.414506] serial8250_default_handle_irq+0x96/0x110 [ 47.419687] serial8250_interrupt+0xe4/0x1a0 [ 47.424084] ? serial8250_backup_timeout+0x440/0x440 [ 47.429172] __handle_irq_event_percpu+0x125/0x7e0 [ 47.434126] handle_irq_event_percpu+0x66/0x120 [ 47.438776] ? __handle_irq_event_percpu+0x7e0/0x7e0 [ 47.443892] ? do_raw_spin_unlock+0x164/0x250 [ 47.448492] handle_irq_event+0xa2/0x12d [ 47.452534] handle_edge_irq+0x215/0x810 [ 47.456584] handle_irq+0x35/0x50 [ 47.460028] do_IRQ+0x93/0x1d0 [ 47.463309] common_interrupt+0x8f/0x8f [ 47.467263] [ 47.469503] RIP: 0010:native_safe_halt+0xe/0x10 [ 47.474153] RSP: 0018:ffffffff87c07e78 EFLAGS: 00000282 ORIG_RAX: ffffffffffffffc8 [ 47.481891] RAX: 1ffffffff0fa2ce4 RBX: dffffc0000000000 RCX: 0000000000000000 [ 47.489139] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff87c76abc [ 47.496384] RBP: ffffffff87d16710 R08: 1ffffffff1124101 R09: 0000000000000000 [ 47.503681] R10: 0000000000000000 R11: 0000000000000000 R12: fffffbfff0f8ec48 [ 47.510927] R13: ffffffff87c76240 R14: 0000000000000000 R15: 0000000000000000 [ 47.518181] default_idle+0x47/0x370 [ 47.521871] do_idle+0x250/0x3c0 [ 47.525213] ? trace_event_define_fields_x86_irq_vector+0x28/0x28 [ 47.531422] cpu_startup_entry+0x14/0x20 [ 47.535465] start_kernel+0x659/0x676 [ 47.539242] ? mem_encrypt_init+0x5/0x5 [ 47.543193] ? load_ucode_bsp+0x1ae/0x1e4 [ 47.547357] secondary_startup_64+0xa5/0xb0