[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 76.232818][ T27] audit: type=1800 audit(1584779090.872:25): pid=9631 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 76.272477][ T27] audit: type=1800 audit(1584779090.872:26): pid=9631 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 76.322039][ T27] audit: type=1800 audit(1584779090.882:27): pid=9631 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.57' (ECDSA) to the list of known hosts. 2020/03/21 08:25:07 parsed 1 programs 2020/03/21 08:25:09 executed programs: 0 syzkaller login: [ 94.447855][ T9801] IPVS: ftp: loaded support on port[0] = 21 [ 94.516608][ T9801] chnl_net:caif_netlink_parms(): no params data found [ 94.561182][ T9801] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.569212][ T9801] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.577771][ T9801] device bridge_slave_0 entered promiscuous mode [ 94.586837][ T9801] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.594012][ T9801] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.601864][ T9801] device bridge_slave_1 entered promiscuous mode [ 94.621803][ T9801] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.634444][ T9801] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.656275][ T9801] team0: Port device team_slave_0 added [ 94.664118][ T9801] team0: Port device team_slave_1 added [ 94.681318][ T9801] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.688427][ T9801] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.715040][ T9801] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.727785][ T9801] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.734829][ T9801] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.760963][ T9801] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.824700][ T9801] device hsr_slave_0 entered promiscuous mode [ 94.872681][ T9801] device hsr_slave_1 entered promiscuous mode [ 94.994977][ T9801] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 95.065642][ T9801] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 95.126071][ T9801] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 95.185011][ T9801] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.240894][ T9801] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.248148][ T9801] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.256250][ T9801] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.263388][ T9801] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.310599][ T9801] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.325396][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 95.336636][ T2680] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.344840][ T2680] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.353829][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 95.367573][ T9801] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.380959][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 95.390010][ T2680] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.397087][ T2680] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.410559][ T2873] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 95.419561][ T2873] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.426814][ T2873] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.454449][ T2873] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 95.464243][ T2873] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 95.473938][ T2873] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 95.482425][ T2873] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 95.494261][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 95.520286][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 95.528747][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 95.544959][ T9801] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.569428][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 95.579038][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 95.600748][ T9801] device veth0_vlan entered promiscuous mode [ 95.608070][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 95.617821][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 95.627714][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 95.636581][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 95.649490][ T9801] device veth1_vlan entered promiscuous mode [ 95.672010][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 95.680757][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 95.689961][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 95.699221][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 95.710940][ T9801] device veth0_macvtap entered promiscuous mode [ 95.722252][ T9801] device veth1_macvtap entered promiscuous mode [ 95.741374][ T9801] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.749274][ T2873] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 95.758674][ T2873] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 95.767588][ T2873] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 95.776683][ T2873] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 95.795913][ T9801] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.803693][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 95.814098][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 96.088601][ T9808] [ 96.090972][ T9808] ====================================================== [ 96.097988][ T9808] WARNING: possible circular locking dependency detected [ 96.105006][ T9808] 5.6.0-rc3-next-20200228-syzkaller #0 Not tainted [ 96.111525][ T9808] ------------------------------------------------------ [ 96.118645][ T9808] syz-executor.0/9808 is trying to acquire lock: [ 96.124951][ T9808] ffff8880a79692a0 (&tty->termios_rwsem){++++}, at: n_tty_receive_buf_common+0x87/0x2ac0 [ 96.134902][ T9808] [ 96.134902][ T9808] but task is already holding lock: [ 96.142257][ T9808] ffffffff89f414c0 (sel_lock){+.+.}, at: paste_selection+0x155/0x490 [ 96.150356][ T9808] [ 96.150356][ T9808] which lock already depends on the new lock. [ 96.150356][ T9808] [ 96.160744][ T9808] [ 96.160744][ T9808] the existing dependency chain (in reverse order) is: [ 96.169741][ T9808] [ 96.169741][ T9808] -> #2 (sel_lock){+.+.}: [ 96.176244][ T9808] __mutex_lock+0x156/0x13c0 [ 96.181339][ T9808] set_selection_kernel+0x38a/0x13c0 [ 96.187219][ T9808] set_selection_user+0x94/0xd7 [ 96.192575][ T9808] tioclinux+0x115/0x480 [ 96.197327][ T9808] vt_ioctl+0x18a6/0x2450 [ 96.202159][ T9808] tty_ioctl+0xedd/0x1440 [ 96.207014][ T9808] ksys_ioctl+0x11a/0x180 [ 96.211839][ T9808] __x64_sys_ioctl+0x6f/0xb0 [ 96.216952][ T9808] do_syscall_64+0xf6/0x790 [ 96.221955][ T9808] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 96.228341][ T9808] [ 96.228341][ T9808] -> #1 (console_lock){+.+.}: [ 96.235186][ T9808] console_lock+0x44/0x80 [ 96.240022][ T9808] con_flush_chars+0x35/0x90 [ 96.245182][ T9808] n_tty_write+0xd49/0xf90 [ 96.250148][ T9808] tty_write+0x48f/0x7f0 [ 96.254893][ T9808] __vfs_write+0x76/0x100 [ 96.259884][ T9808] vfs_write+0x262/0x5c0 [ 96.264640][ T9808] ksys_write+0x127/0x250 [ 96.269543][ T9808] do_syscall_64+0xf6/0x790 [ 96.274569][ T9808] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 96.280963][ T9808] [ 96.280963][ T9808] -> #0 (&tty->termios_rwsem){++++}: [ 96.288426][ T9808] __lock_acquire+0x24b3/0x5270 [ 96.293878][ T9808] lock_acquire+0x197/0x420 [ 96.298889][ T9808] down_read+0x96/0x430 [ 96.303674][ T9808] n_tty_receive_buf_common+0x87/0x2ac0 [ 96.309728][ T9808] tty_ldisc_receive_buf+0xa9/0x190 [ 96.315439][ T9808] paste_selection+0x1e5/0x490 [ 96.320718][ T9808] tioclinux+0x12c/0x480 [ 96.325466][ T9808] vt_ioctl+0x18a6/0x2450 [ 96.330387][ T9808] tty_ioctl+0xedd/0x1440 [ 96.335219][ T9808] ksys_ioctl+0x11a/0x180 [ 96.340077][ T9808] __x64_sys_ioctl+0x6f/0xb0 [ 96.345179][ T9808] do_syscall_64+0xf6/0x790 [ 96.350185][ T9808] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 96.356586][ T9808] [ 96.356586][ T9808] other info that might help us debug this: [ 96.356586][ T9808] [ 96.366790][ T9808] Chain exists of: [ 96.366790][ T9808] &tty->termios_rwsem --> console_lock --> sel_lock [ 96.366790][ T9808] [ 96.379261][ T9808] Possible unsafe locking scenario: [ 96.379261][ T9808] [ 96.386695][ T9808] CPU0 CPU1 [ 96.392080][ T9808] ---- ---- [ 96.397430][ T9808] lock(sel_lock); [ 96.401249][ T9808] lock(console_lock); [ 96.407900][ T9808] lock(sel_lock); [ 96.414199][ T9808] lock(&tty->termios_rwsem); [ 96.418968][ T9808] [ 96.418968][ T9808] *** DEADLOCK *** [ 96.418968][ T9808] [ 96.427099][ T9808] 3 locks held by syz-executor.0/9808: [ 96.432527][ T9808] #0: ffff8880a7969090 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 [ 96.441707][ T9808] #1: ffff8880a78a80a8 (&buf->lock){+.+.}, at: paste_selection+0x122/0x490 [ 96.450569][ T9808] #2: ffffffff89f414c0 (sel_lock){+.+.}, at: paste_selection+0x155/0x490 [ 96.459125][ T9808] [ 96.459125][ T9808] stack backtrace: [ 96.465009][ T9808] CPU: 1 PID: 9808 Comm: syz-executor.0 Not tainted 5.6.0-rc3-next-20200228-syzkaller #0 [ 96.474793][ T9808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 96.484826][ T9808] Call Trace: [ 96.488104][ T9808] dump_stack+0x188/0x20d [ 96.492415][ T9808] check_noncircular+0x32e/0x3e0 [ 96.497325][ T9808] ? print_circular_bug.isra.0+0x220/0x220 [ 96.503124][ T9808] ? find_held_lock+0x2d/0x110 [ 96.507893][ T9808] ? graph_lock+0x7e/0x210 [ 96.512337][ T9808] ? alloc_list_entry+0xb0/0xb0 [ 96.517185][ T9808] ? mark_lock+0xbc/0x1220 [ 96.521589][ T9808] __lock_acquire+0x24b3/0x5270 [ 96.526711][ T9808] ? __schedule+0x93c/0x1f90 [ 96.531280][ T9808] ? mark_held_locks+0xe0/0xe0 [ 96.536029][ T9808] ? __sched_text_start+0x8/0x8 [ 96.540859][ T9808] lock_acquire+0x197/0x420 [ 96.545343][ T9808] ? n_tty_receive_buf_common+0x87/0x2ac0 [ 96.551099][ T9808] down_read+0x96/0x430 [ 96.555235][ T9808] ? n_tty_receive_buf_common+0x87/0x2ac0 [ 96.560929][ T9808] ? down_read_killable+0x460/0x460 [ 96.566110][ T9808] ? __mutex_lock+0xf73/0x13c0 [ 96.570848][ T9808] n_tty_receive_buf_common+0x87/0x2ac0 [ 96.576380][ T9808] ? paste_selection+0x147/0x490 [ 96.581312][ T9808] ? mark_lock+0xbc/0x1220 [ 96.585724][ T9808] tty_ldisc_receive_buf+0xa9/0x190 [ 96.590908][ T9808] ? n_tty_receive_buf_common+0x2ac0/0x2ac0 [ 96.596788][ T9808] paste_selection+0x1e5/0x490 [ 96.601525][ T9808] ? sel_pos+0x90/0x90 [ 96.605576][ T9808] ? wake_up_q+0x140/0x140 [ 96.609971][ T9808] tioclinux+0x12c/0x480 [ 96.614200][ T9808] vt_ioctl+0x18a6/0x2450 [ 96.618505][ T9808] ? complete_change_console+0x390/0x390 [ 96.624156][ T9808] ? tomoyo_path_number_perm+0x238/0x4d0 [ 96.629787][ T9808] ? tomoyo_execute_permission+0x470/0x470 [ 96.635601][ T9808] ? find_held_lock+0x2d/0x110 [ 96.640347][ T9808] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 96.646222][ T9808] ? complete_change_console+0x390/0x390 [ 96.651853][ T9808] tty_ioctl+0xedd/0x1440 [ 96.656177][ T9808] ? tty_vhangup+0x30/0x30 [ 96.660751][ T9808] ? do_vfs_ioctl+0x506/0x12c0 [ 96.665505][ T9808] ? ioctl_file_clone+0x180/0x180 [ 96.670508][ T9808] ? __fget_files+0x329/0x4f0 [ 96.675163][ T9808] ? do_dup2+0x520/0x520 [ 96.679391][ T9808] ? __x64_sys_futex+0x380/0x4f0 [ 96.684321][ T9808] ? tty_vhangup+0x30/0x30 [ 96.688732][ T9808] ksys_ioctl+0x11a/0x180 [ 96.693098][ T9808] __x64_sys_ioctl+0x6f/0xb0 [ 96.697670][ T9808] ? lockdep_hardirqs_on+0x417/0x5d0 [ 96.703028][ T9808] do_syscall_64+0xf6/0x790 [ 96.707680][ T9808] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 96.713562][ T9808] RIP: 0033:0x45c849 [ 96.717444][ T9808] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 96.737036][ T9808] RSP: 002b:00007f81fbfbfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 96.745438][ T9808] RAX: ffffffffffffffda RBX: 00007f81fbfc06d4 RCX: 000000000045c849 [ 96.753483][ T9808] RDX: 0000000020000040 RSI: 000000000000541c RDI: 0000000000000003 [ 96.761454][ T9808] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 96.769518][ T9808] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 96.777546][ T9808] R13: 0000000000000573 R14: 00000000004c8075 R15: 000000000076bf0c