[ 33.933923] audit: type=1800 audit(1582782628.426:33): pid=7188 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 33.961603] audit: type=1800 audit(1582782628.426:34): pid=7188 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 38.109420] random: sshd: uninitialized urandom read (32 bytes read) [ 38.395324] audit: type=1400 audit(1582782632.886:35): avc: denied { map } for pid=7362 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 38.474300] random: sshd: uninitialized urandom read (32 bytes read) [ 39.272568] random: sshd: uninitialized urandom read (32 bytes read) [ 39.484962] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.127' (ECDSA) to the list of known hosts. [ 45.131298] random: sshd: uninitialized urandom read (32 bytes read) [ 45.253991] audit: type=1400 audit(1582782639.746:36): avc: denied { map } for pid=7374 comm="syz-executor498" path="/root/syz-executor498361013" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 45.521080] IPVS: ftp: loaded support on port[0] = 21 [ 46.266907] audit: type=1400 audit(1582782640.756:37): avc: denied { create } for pid=7375 comm="syz-executor498" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 46.291011] audit: type=1400 audit(1582782640.756:38): avc: denied { write } for pid=7375 comm="syz-executor498" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 46.315101] audit: type=1400 audit(1582782640.756:39): avc: denied { read } for pid=7375 comm="syz-executor498" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 46.361910] chnl_net:caif_netlink_parms(): no params data found [ 46.410376] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.416985] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.424191] device bridge_slave_0 entered promiscuous mode [ 46.432317] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.438777] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.445984] device bridge_slave_1 entered promiscuous mode [ 46.461395] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.470674] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.486986] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.494460] team0: Port device team_slave_0 added [ 46.500218] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 46.507313] team0: Port device team_slave_1 added [ 46.521392] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.527644] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.553064] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.565217] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.571542] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.596749] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.607155] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 46.614684] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 46.662169] device hsr_slave_0 entered promiscuous mode [ 46.700420] device hsr_slave_1 entered promiscuous mode [ 46.770798] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 46.777967] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 46.838102] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.844595] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.851603] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.857970] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.894508] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 46.900685] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.908976] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 46.917919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.936502] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.943864] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.954661] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 46.961106] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.969666] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.977605] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.983989] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.995166] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.002832] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.009193] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.024173] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.032286] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 47.042450] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.056011] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 47.066411] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 47.077350] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 47.083738] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.091663] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.099199] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 47.111591] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 47.120950] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 47.127656] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 47.137768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.198986] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 47.209100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 47.238013] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 47.245884] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 47.252949] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 47.263037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 47.270600] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 47.277525] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 47.286222] device veth0_vlan entered promiscuous mode [ 47.296071] device veth1_vlan entered promiscuous mode [ 47.302141] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 47.311698] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 47.324067] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 47.333848] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 47.341462] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 47.348574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 47.356669] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 47.365335] device veth0_macvtap entered promiscuous mode [ 47.373573] device veth1_macvtap entered promiscuous mode [ 47.383014] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 47.392675] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 47.401708] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 47.408774] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.417824] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 47.425791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 47.435620] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 47.442911] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.449739] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 47.458342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 47.600277] FAULT_INJECTION: forcing a failure. [ 47.600277] name failslab, interval 1, probability 0, space 0, times 1 [ 47.611827] CPU: 1 PID: 7375 Comm: syz-executor498 Not tainted 4.14.171-syzkaller #0 [ 47.619706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.629048] Call Trace: [ 47.631623] dump_stack+0x13e/0x194 [ 47.635231] should_fail.cold+0x10a/0x14b [ 47.639363] should_failslab+0xd6/0x130 [ 47.643366] kmem_cache_alloc_trace+0x2db/0x7b0 [ 47.648028] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 47.653466] ? kfree_const+0x33/0x40 [ 47.657158] ? rcu_read_lock_sched_held+0x10a/0x130 [ 47.662190] ? kfree+0x205/0x260 [ 47.665627] device_private_init+0x45/0x180 [ 47.670022] device_add+0xcd6/0x1400 [ 47.673724] ? device_initialize+0x420/0x420 [ 47.678121] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 47.683549] ? device_private_init+0x180/0x180 [ 47.688112] netdev_register_kobject+0x180/0x390 [ 47.692856] register_netdevice+0x7ce/0xc70 [ 47.697191] ? netdev_change_features+0x80/0x80 [ 47.701858] ? hsr_add_port+0x41c/0x600 [ 47.705816] hsr_dev_finalize+0x57b/0x7fe [ 47.709950] hsr_newlink+0x248/0x330 [ 47.713650] ? send_hsr_supervision_frame.cold+0x22/0x22 [ 47.719083] rtnl_newlink+0xecb/0x1720 [ 47.722962] ? send_hsr_supervision_frame.cold+0x22/0x22 [ 47.728482] ? trace_hardirqs_on+0x10/0x10 [ 47.732749] ? rtnl_link_unregister+0x1f0/0x1f0 [ 47.737412] ? lock_acquire+0x170/0x3f0 [ 47.741377] ? lock_acquire+0x170/0x3f0 [ 47.745333] ? rtnetlink_rcv_msg+0x31d/0xb10 [ 47.749798] ? __lock_is_held+0xad/0x140 [ 47.753859] ? lock_downgrade+0x6e0/0x6e0 [ 47.757992] ? rtnl_link_unregister+0x1f0/0x1f0 [ 47.762654] rtnetlink_rcv_msg+0x3be/0xb10 [ 47.766889] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 47.771468] ? netdev_pick_tx+0x2e0/0x2e0 [ 47.775597] ? skb_clone+0x11c/0x310 [ 47.779300] ? save_trace+0x290/0x290 [ 47.783093] netlink_rcv_skb+0x127/0x370 [ 47.787153] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 47.791731] ? netlink_ack+0x960/0x960 [ 47.795606] netlink_unicast+0x437/0x620 [ 47.799665] ? netlink_attachskb+0x600/0x600 [ 47.804074] netlink_sendmsg+0x733/0xbe0 [ 47.808122] ? netlink_unicast+0x620/0x620 [ 47.812349] ? SYSC_sendto+0x2b0/0x2b0 [ 47.816275] ? security_socket_sendmsg+0x83/0xb0 [ 47.821103] ? netlink_unicast+0x620/0x620 [ 47.825317] sock_sendmsg+0xc5/0x100 [ 47.829023] ___sys_sendmsg+0x70a/0x840 [ 47.832989] ? find_held_lock+0x2d/0x110 [ 47.837074] ? copy_msghdr_from_user+0x380/0x380 [ 47.841845] ? lock_downgrade+0x6e0/0x6e0 [ 47.845989] ? get_pid_task+0xb8/0x130 [ 47.849856] ? proc_fail_nth_write+0x7b/0x180 [ 47.854334] ? proc_cwd_link+0x1b0/0x1b0 [ 47.858374] ? save_trace+0x290/0x290 [ 47.862160] ? proc_cwd_link+0x1b0/0x1b0 [ 47.866196] ? save_trace+0x290/0x290 [ 47.869973] ? save_trace+0x290/0x290 [ 47.873764] ? find_held_lock+0x2d/0x110 [ 47.877816] ? vfs_write+0x25b/0x4e0 [ 47.881507] ? __fget_light+0x16a/0x1f0 [ 47.885462] ? sockfd_lookup_light+0xb2/0x160 [ 47.889958] __sys_sendmsg+0xa3/0x120 [ 47.893737] ? SyS_shutdown+0x160/0x160 [ 47.897694] ? SyS_read+0x210/0x210 [ 47.901323] SyS_sendmsg+0x27/0x40 [ 47.904864] ? __sys_sendmsg+0x120/0x120 [ 47.908919] do_syscall_64+0x1d5/0x640 [ 47.912798] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 47.917969] RIP: 0033:0x4446a9 [ 47.921143] RSP: 002b:00007ffd8c71b7b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 47.928856] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004446a9 [ 47.936119] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 47.943475] RBP: 0000000000000004 R08: 0000000000000002 R09: 0000000000003231 [ 47.950729] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 47.957992] R13: 0000000000000006 R14: 0000000000000000 R15: 0000000000000000 [ 47.967089] [ 47.968709] ============================================ [ 47.974131] WARNING: possible recursive locking detected [ 47.979555] 4.14.171-syzkaller #0 Not tainted [ 47.984024] -------------------------------------------- [ 47.989449] syz-executor498/7375 is trying to acquire lock: [ 47.995144] (rtnl_mutex){+.+.}, at: [] hsr_dev_destroy+0x1b/0xb0 [ 48.002930] [ 48.002930] but task is already holding lock: [ 48.008879] (rtnl_mutex){+.+.}, at: [] rtnetlink_rcv_msg+0x31d/0xb10 [ 48.017018] [ 48.017018] other info that might help us debug this: [ 48.023667] Possible unsafe locking scenario: [ 48.023667] [ 48.029709] CPU0 [ 48.032277] ---- [ 48.034832] lock(rtnl_mutex); [ 48.038086] lock(rtnl_mutex); [ 48.041350] [ 48.041350] *** DEADLOCK *** [ 48.041350] [ 48.047402] May be due to missing lock nesting notation [ 48.047402] [ 48.054301] 1 lock held by syz-executor498/7375: [ 48.059039] #0: (rtnl_mutex){+.+.}, at: [] rtnetlink_rcv_msg+0x31d/0xb10 [ 48.067600] [ 48.067600] stack backtrace: [ 48.072077] CPU: 1 PID: 7375 Comm: syz-executor498 Not tainted 4.14.171-syzkaller #0 [ 48.079944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.089275] Call Trace: [ 48.091848] dump_stack+0x13e/0x194 [ 48.095455] __lock_acquire.cold+0x2bf/0x8dc [ 48.099848] ? trace_hardirqs_on+0x10/0x10 [ 48.104059] ? retint_kernel+0x2d/0x2d [ 48.107923] ? save_trace+0x290/0x290 [ 48.111703] lock_acquire+0x170/0x3f0 [ 48.115481] ? hsr_dev_destroy+0x1b/0xb0 [ 48.119516] ? hsr_dev_destroy+0x1b/0xb0 [ 48.123564] __mutex_lock+0xe8/0x1470 [ 48.127348] ? hsr_dev_destroy+0x1b/0xb0 [ 48.131387] ? rcu_read_lock_sched_held+0x10a/0x130 [ 48.136395] ? kmem_cache_alloc_trace+0x63e/0x7b0 [ 48.141214] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 48.146669] ? hsr_dev_destroy+0x1b/0xb0 [ 48.150886] ? kfree+0x205/0x260 [ 48.154227] ? mutex_trylock+0x1a0/0x1a0 [ 48.158264] ? device_add+0x5f6/0x1400 [ 48.162130] ? device_initialize+0x420/0x420 [ 48.166529] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 48.171979] ? device_private_init+0x180/0x180 [ 48.176548] ? hsr_dev_close+0x10/0x10 [ 48.180423] ? hsr_dev_destroy+0x1b/0xb0 [ 48.184463] ? rtnl_lock+0x5/0x20 [ 48.187889] hsr_dev_destroy+0x1b/0xb0 [ 48.191770] ? hsr_dev_close+0x10/0x10 [ 48.195656] register_netdevice+0x793/0xc70 [ 48.199955] ? netdev_change_features+0x80/0x80 [ 48.204638] ? hsr_add_port+0x41c/0x600 [ 48.208628] hsr_dev_finalize+0x57b/0x7fe [ 48.212771] hsr_newlink+0x248/0x330 [ 48.216467] ? send_hsr_supervision_frame.cold+0x22/0x22 [ 48.221911] rtnl_newlink+0xecb/0x1720 [ 48.225788] ? send_hsr_supervision_frame.cold+0x22/0x22 [ 48.231225] ? trace_hardirqs_on+0x10/0x10 [ 48.235443] ? rtnl_link_unregister+0x1f0/0x1f0 [ 48.240105] ? lock_acquire+0x170/0x3f0 [ 48.244070] ? lock_acquire+0x170/0x3f0 [ 48.248141] ? rtnetlink_rcv_msg+0x31d/0xb10 [ 48.252558] ? __lock_is_held+0xad/0x140 [ 48.256607] ? lock_downgrade+0x6e0/0x6e0 [ 48.260853] ? rtnl_link_unregister+0x1f0/0x1f0 [ 48.265529] rtnetlink_rcv_msg+0x3be/0xb10 [ 48.269761] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 48.274328] ? netdev_pick_tx+0x2e0/0x2e0 [ 48.278467] ? skb_clone+0x11c/0x310 [ 48.282180] ? save_trace+0x290/0x290 [ 48.285961] netlink_rcv_skb+0x127/0x370 [ 48.290018] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 48.294603] ? netlink_ack+0x960/0x960 [ 48.298479] netlink_unicast+0x437/0x620 [ 48.302529] ? netlink_attachskb+0x600/0x600 [ 48.306999] netlink_sendmsg+0x733/0xbe0 [ 48.311048] ? netlink_unicast+0x620/0x620 [ 48.315349] ? SYSC_sendto+0x2b0/0x2b0 [ 48.319212] ? security_socket_sendmsg+0x83/0xb0 [ 48.323943] ? netlink_unicast+0x620/0x620 [ 48.328162] sock_sendmsg+0xc5/0x100 [ 48.331855] ___sys_sendmsg+0x70a/0x840 [ 48.336058] ? find_held_lock+0x2d/0x110 [ 48.340108] ? copy_msghdr_from_user+0x380/0x380 [ 48.344862] ? lock_downgrade+0x6e0/0x6e0 [ 48.349551] ? get_pid_task+0xb8/0x130 [ 48.353428] ? proc_fail_nth_write+0x7b/0x180 [ 48.357938] ? proc_cwd_link+0x1b0/0x1b0 [ 48.361992] ? save_trace+0x290/0x290 [ 48.365776] ? proc_cwd_link+0x1b0/0x1b0 [ 48.369918] ? save_trace+0x290/0x290 [ 48.373740] ? save_trace+0x290/0x290 [ 48.377524] ? find_held_lock+0x2d/0x110 [ 48.381570] ? vfs_write+0x25b/0x4e0 [ 48.385263] ? __fget_light+0x16a/0x1f0 [ 48.389218] ? sockfd_lookup_light+0xb2/0x160 [ 48.393705] __sys_sendmsg+0xa3/0x120 [ 48.397485] ? SyS_shutdown+0x160/0x160 [ 48.401443] ? SyS_read+0x210/0x210 [ 48.405049] SyS_sendmsg+0x27/0x40 [ 48.408563] ? __sys_sendmsg+0x120/0x120 [ 48.412612] do_syscall_64+0x1d5/0x640 [ 48.416478] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 48.421655] RIP: 0033:0x4446a9 [ 48.424819] RSP: 002b:00007ffd8c71b7b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 48.432503] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004446a9 [ 48.439841] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 48.447100] RBP: 0000000000000004 R08: 0000000000000002 R09: 0000000000003231 [ 48.454346] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 48.461612] R13: 0000000000000006 R14: 0000000000000000 R15: 0000000000000000