18.827947] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.144' (ECDSA) to the list of known hosts. [ 124.312273] random: sshd: uninitialized urandom read (32 bytes read) [ 124.530497] audit: type=1400 audit(1582982023.584:36): avc: denied { map } for pid=7586 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2020/02/29 13:13:43 parsed 1 programs [ 125.084646] random: cc1: uninitialized urandom read (8 bytes read) 2020/02/29 13:13:45 executed programs: 0 [ 126.077801] audit: type=1400 audit(1582982025.124:37): avc: denied { map } for pid=7586 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=15757 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 126.411154] IPVS: ftp: loaded support on port[0] = 21 [ 127.239504] chnl_net:caif_netlink_parms(): no params data found [ 127.291474] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.298107] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.305642] device bridge_slave_0 entered promiscuous mode [ 127.313002] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.319517] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.326913] device bridge_slave_1 entered promiscuous mode [ 127.343261] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 127.352380] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 127.370563] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 127.377830] team0: Port device team_slave_0 added [ 127.383644] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 127.391232] team0: Port device team_slave_1 added [ 127.405450] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 127.411776] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 127.443408] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 127.454256] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 127.460621] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 127.485854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 127.496314] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 127.503893] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 127.582426] device hsr_slave_0 entered promiscuous mode [ 127.640453] device hsr_slave_1 entered promiscuous mode [ 127.681075] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 127.688343] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 127.738621] audit: type=1400 audit(1582982026.784:38): avc: denied { create } for pid=7603 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 127.758503] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.762916] audit: type=1400 audit(1582982026.784:39): avc: denied { write } for pid=7603 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 127.769095] bridge0: port 2(bridge_slave_1) entered forwarding state [ 127.793329] audit: type=1400 audit(1582982026.794:40): avc: denied { read } for pid=7603 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 127.799874] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.829463] bridge0: port 1(bridge_slave_0) entered forwarding state [ 127.863765] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 127.869976] 8021q: adding VLAN 0 to HW filter on device bond0 [ 127.878959] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 127.888640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 127.907341] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.915829] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.926637] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 127.933332] 8021q: adding VLAN 0 to HW filter on device team0 [ 127.942201] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 127.951075] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.957449] bridge0: port 1(bridge_slave_0) entered forwarding state [ 127.967270] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 127.975602] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.982284] bridge0: port 2(bridge_slave_1) entered forwarding state [ 127.997963] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 128.006201] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 128.016164] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 128.027360] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 128.038773] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 128.049666] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 128.056245] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 128.063345] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 128.077674] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 128.085613] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 128.092629] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 128.105872] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 128.169699] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 128.180741] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 128.218942] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 128.226702] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 128.234090] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 128.240772] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 128.251863] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 128.260181] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 128.267805] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 128.275884] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 128.282960] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 128.289901] device veth0_vlan entered promiscuous mode [ 128.299649] device veth1_vlan entered promiscuous mode [ 128.306590] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 128.316245] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 128.327686] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 128.337424] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 128.344774] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 128.352389] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 128.359860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 128.367858] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 128.377948] device veth0_macvtap entered promiscuous mode [ 128.384206] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 128.392852] device veth1_macvtap entered promiscuous mode [ 128.399056] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 128.407808] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 128.417117] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 128.427090] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 128.434427] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 128.443376] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 128.451064] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 128.458263] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 128.466253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 128.476830] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 128.484282] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 128.491625] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 128.499358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2020/02/29 13:13:50 executed programs: 91 2020/02/29 13:13:55 executed programs: 407 2020/02/29 13:14:00 executed programs: 726 2020/02/29 13:14:05 executed programs: 1047 2020/02/29 13:14:10 executed programs: 1368 2020/02/29 13:14:15 executed programs: 1698 [ 157.911629] NOHZ: local_softirq_pending 08 2020/02/29 13:14:20 executed programs: 2018 2020/02/29 13:14:25 executed programs: 2347 2020/02/29 13:14:30 executed programs: 2680 2020/02/29 13:14:35 executed programs: 3008 [ 178.396084] NOHZ: local_softirq_pending 08 2020/02/29 13:14:40 executed programs: 3349 2020/02/29 13:14:45 executed programs: 3680 2020/02/29 13:14:50 executed programs: 4017 2020/02/29 13:14:55 executed programs: 4356 2020/02/29 13:15:00 executed programs: 4701 2020/02/29 13:15:05 executed programs: 5042 2020/02/29 13:15:10 executed programs: 5385 [ 211.901418] [ 211.903390] ====================================================== [ 211.909701] WARNING: possible circular locking dependency detected [ 211.918665] 4.14.172-syzkaller #0 Not tainted [ 211.923253] ------------------------------------------------------ [ 211.929732] syz-executor.0/27766 is trying to acquire lock: [ 211.935456] (&bdev->bd_mutex){+.+.}, at: [] blkdev_reread_part+0x1b/0x40 [ 211.944553] [ 211.944553] but task is already holding lock: [ 211.950553] (&nbd->config_lock){+.+.}, at: [] nbd_ioctl+0x11f/0xa30 [ 211.958728] [ 211.958728] which lock already depends on the new lock. [ 211.958728] [ 211.967104] [ 211.967104] the existing dependency chain (in reverse order) is: [ 211.975630] [ 211.975630] -> #2 (&nbd->config_lock){+.+.}: [ 211.981659] __mutex_lock+0xe8/0x1470 [ 211.985990] nbd_open+0x1bf/0x380 [ 211.989992] __blkdev_get+0x2a6/0x10d0 [ 211.994460] blkdev_get+0x84/0x8a0 [ 211.998578] blkdev_open+0x1cc/0x250 [ 212.002799] do_dentry_open+0x732/0xe90 [ 212.007284] vfs_open+0x105/0x220 [ 212.011310] path_openat+0x8ca/0x3c50 [ 212.015690] do_filp_open+0x18e/0x250 [ 212.020148] do_sys_open+0x29d/0x3f0 [ 212.024380] do_syscall_64+0x1d5/0x640 [ 212.028853] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 212.034547] [ 212.034547] -> #1 (nbd_index_mutex){+.+.}: [ 212.040350] __mutex_lock+0xe8/0x1470 [ 212.044987] nbd_open+0x24/0x380 [ 212.048860] __blkdev_get+0x2a6/0x10d0 [ 212.053257] blkdev_get+0x84/0x8a0 [ 212.057325] blkdev_open+0x1cc/0x250 [ 212.061681] do_dentry_open+0x732/0xe90 [ 212.066296] vfs_open+0x105/0x220 [ 212.070256] path_openat+0x8ca/0x3c50 [ 212.074665] do_filp_open+0x18e/0x250 [ 212.078980] do_sys_open+0x29d/0x3f0 [ 212.083330] do_syscall_64+0x1d5/0x640 [ 212.087800] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 212.093617] [ 212.093617] -> #0 (&bdev->bd_mutex){+.+.}: [ 212.099343] lock_acquire+0x170/0x3f0 [ 212.103832] __mutex_lock+0xe8/0x1470 [ 212.108136] blkdev_reread_part+0x1b/0x40 [ 212.112799] nbd_ioctl+0x79d/0xa30 [ 212.116866] blkdev_ioctl+0x91d/0x17d0 [ 212.121308] block_ioctl+0xd9/0x120 [ 212.125670] do_vfs_ioctl+0x75a/0xfe0 [ 212.129983] SyS_ioctl+0x7f/0xb0 [ 212.133881] do_syscall_64+0x1d5/0x640 [ 212.138344] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 212.144140] [ 212.144140] other info that might help us debug this: [ 212.144140] [ 212.152389] Chain exists of: [ 212.152389] &bdev->bd_mutex --> nbd_index_mutex --> &nbd->config_lock [ 212.152389] [ 212.163911] Possible unsafe locking scenario: [ 212.163911] [ 212.170001] CPU0 CPU1 [ 212.174804] ---- ---- [ 212.179666] lock(&nbd->config_lock); [ 212.183653] lock(nbd_index_mutex); [ 212.190124] lock(&nbd->config_lock); [ 212.196522] lock(&bdev->bd_mutex); [ 212.200220] [ 212.200220] *** DEADLOCK *** [ 212.200220] [ 212.206519] 1 lock held by syz-executor.0/27766: [ 212.211269] #0: (&nbd->config_lock){+.+.}, at: [] nbd_ioctl+0x11f/0xa30 [ 212.219811] [ 212.219811] stack backtrace: [ 212.224300] CPU: 1 PID: 27766 Comm: syz-executor.0 Not tainted 4.14.172-syzkaller #0 [ 212.232315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 212.241862] Call Trace: [ 212.244450] dump_stack+0x13e/0x194 [ 212.248362] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 212.253733] __lock_acquire+0x2cb3/0x4620 [ 212.257874] ? trace_hardirqs_on+0x10/0x10 [ 212.262265] ? save_trace+0x290/0x290 [ 212.266136] lock_acquire+0x170/0x3f0 [ 212.269962] ? blkdev_reread_part+0x1b/0x40 [ 212.274406] ? blkdev_reread_part+0x1b/0x40 [ 212.278731] __mutex_lock+0xe8/0x1470 [ 212.282675] ? blkdev_reread_part+0x1b/0x40 [ 212.287163] ? nbd_ioctl+0x11f/0xa30 [ 212.290866] ? blkdev_reread_part+0x1b/0x40 [ 212.295184] ? save_trace+0x290/0x290 [ 212.299116] ? mutex_trylock+0x1a0/0x1a0 [ 212.303190] ? find_held_lock+0x2d/0x110 [ 212.307292] ? nbd_ioctl+0x782/0xa30 [ 212.311018] ? lock_downgrade+0x6e0/0x6e0 [ 212.315202] ? blkdev_reread_part+0x1b/0x40 [ 212.319556] blkdev_reread_part+0x1b/0x40 [ 212.323769] nbd_ioctl+0x79d/0xa30 [ 212.327365] ? nbd_add_socket+0x5c0/0x5c0 [ 212.331641] ? __lock_acquire+0x5f7/0x4620 [ 212.335872] ? trace_hardirqs_on+0x10/0x10 [ 212.340102] ? nbd_add_socket+0x5c0/0x5c0 [ 212.344422] blkdev_ioctl+0x91d/0x17d0 [ 212.348347] ? blkpg_ioctl+0x8e0/0x8e0 [ 212.352221] ? trace_hardirqs_on+0x10/0x10 [ 212.356453] block_ioctl+0xd9/0x120 [ 212.360063] ? blkdev_fallocate+0x3a0/0x3a0 [ 212.364378] do_vfs_ioctl+0x75a/0xfe0 [ 212.368175] ? selinux_file_mprotect+0x5c0/0x5c0 [ 212.372945] ? ioctl_preallocate+0x1a0/0x1a0 [ 212.377528] ? security_file_ioctl+0x76/0xb0 [ 212.382033] ? security_file_ioctl+0x83/0xb0 [ 212.386630] SyS_ioctl+0x7f/0xb0 [ 212.390014] ? do_vfs_ioctl+0xfe0/0xfe0 [ 212.394008] do_syscall_64+0x1d5/0x640 [ 212.397895] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 212.403183] RIP: 0033:0x45c479 [ 212.406548] RSP: 002b:00007f32ec3d8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 212.414865] RAX: ffffffffffffffda RBX: 00007f32ec3d96d4 RCX: 000000000045c479 [ 212.422653] RDX: 0000000000000000 RSI: 000000000000ab04 RDI: 0000000000000005 [ 212.429922] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 212.437181] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 212.444624] R13: 0000000000000400 R14: 00000000004c65cf R15: 000000000076bf2c