[   33.933813] audit: type=1800 audit(1585467084.984:33): pid=7139 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
[   33.961172] audit: type=1800 audit(1585467084.984:34): pid=7139 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   36.787177] random: sshd: uninitialized urandom read (32 bytes read)
[   37.097358] audit: type=1400 audit(1585467088.144:35): avc:  denied  { map } for  pid=7310 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   37.147952] random: sshd: uninitialized urandom read (32 bytes read)
[   37.857442] random: sshd: uninitialized urandom read (32 bytes read)
[   39.612788] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.18' (ECDSA) to the list of known hosts.
[   45.217497] random: sshd: uninitialized urandom read (32 bytes read)
[   45.334004] audit: type=1400 audit(1585467096.384:36): avc:  denied  { map } for  pid=7322 comm="syz-executor483" path="/root/syz-executor483634400" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   45.571098] IPVS: ftp: loaded support on port[0] = 21
[   46.388191] chnl_net:caif_netlink_parms(): no params data found
[   46.435019] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.442017] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.449647] device bridge_slave_0 entered promiscuous mode
[   46.457265] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.464001] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.471745] device bridge_slave_1 entered promiscuous mode
[   46.487302] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   46.496570] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   46.515260] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   46.522542] team0: Port device team_slave_0 added
[   46.528305] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   46.535702] team0: Port device team_slave_1 added
[   46.549392] batman_adv: batadv0: Adding interface: batadv_slave_0
[   46.555868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.581517] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   46.593621] batman_adv: batadv0: Adding interface: batadv_slave_1
[   46.599984] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.625343] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   46.636126] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   46.644074] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   46.692432] device hsr_slave_0 entered promiscuous mode
[   46.730460] device hsr_slave_1 entered promiscuous mode
[   46.770793] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   46.778171] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   46.827579] audit: type=1400 audit(1585467097.874:37): avc:  denied  { create } for  pid=7323 comm="syz-executor483" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   46.846405] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.853089] audit: type=1400 audit(1585467097.874:38): avc:  denied  { write } for  pid=7323 comm="syz-executor483" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   46.859424] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.883804] audit: type=1400 audit(1585467097.874:39): avc:  denied  { read } for  pid=7323 comm="syz-executor483" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   46.890739] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.921749] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.958200] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   46.965518] 8021q: adding VLAN 0 to HW filter on device bond0
[   46.973848] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   46.983681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   46.992241] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.999361] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.009248] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   47.015777] 8021q: adding VLAN 0 to HW filter on device team0
[   47.025774] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   47.033481] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.041591] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.052234] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   47.060009] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.066538] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.082035] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   47.096988] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   47.109202] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   47.120800] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   47.127727] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   47.135295] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   47.143154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   47.151104] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   47.164124] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
[   47.170777] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   47.182705] 8021q: adding VLAN 0 to HW filter on device batadv0
[   47.189608] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   47.196985] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   47.255391] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
[   47.265316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   47.302818] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
[   47.309786] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
[   47.318176] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
[   47.327823] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   47.335522] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   47.342803] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   47.352760] device veth0_vlan entered promiscuous mode
[   47.363230] device veth1_vlan entered promiscuous mode
[   47.369111] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
[   47.378557] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
[   47.385440] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   47.392907] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   47.400586] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   47.417487] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
[   47.426584] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready
[   47.433503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   47.442183] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   47.452099] device veth0_macvtap entered promiscuous mode
[   47.458644] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
[   47.467597] device veth1_macvtap entered promiscuous mode
[   47.474226] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready
[   47.483773] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
[   47.494764] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
[   47.504308] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready
[   47.511931] batman_adv: batadv0: Interface activated: batadv_slave_0
[   47.518916] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   47.526687] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   47.534415] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   47.542463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   47.553560] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
[   47.561285] batman_adv: batadv0: Interface activated: batadv_slave_1
[   47.568163] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   47.576291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[   47.700482] BUG: spinlock recursion on CPU#1, syz-executor483/7323
[   47.707245]  lock: 0xffff88809813dde8, .magic: dead4ead, .owner: syz-executor483/7323, .owner_cpu: 1
[   47.717774] CPU: 1 PID: 7323 Comm: syz-executor483 Not tainted 4.14.174-syzkaller #0
[   47.725824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   47.735172] Call Trace:
[   47.737753]  dump_stack+0x13e/0x194
[   47.741375]  do_raw_spin_lock+0x1cd/0x230
[   47.745510]  dev_mc_sync+0x10b/0x1c0
[   47.749223]  ? vlan_dev_set_mac_address+0x5c0/0x5c0
[   47.754227]  vlan_dev_set_rx_mode+0x38/0x80
[   47.758538]  __dev_set_rx_mode+0x191/0x2a0
[   47.762759]  dev_uc_unsync+0x16c/0x1c0
[   47.766635]  bond_hw_addr_flush+0x5c/0xe0
[   47.770886]  ? bond_set_dev_addr.isra.0+0xb0/0xb0
[   47.775867]  bond_enslave+0x1e53/0x49e0
[   47.779847]  ? bond_update_slave_arr+0x6c0/0x6c0
[   47.785421]  ? rtmsg_ifinfo_event.part.0+0x9a/0xc0
[   47.790459]  ? rtmsg_ifinfo+0x64/0x80
[   47.794267]  ? __dev_notify_flags+0x110/0x210
[   47.798750]  ? dev_change_name+0x990/0x990
[   47.802977]  ? bond_update_slave_arr+0x6c0/0x6c0
[   47.807760]  do_set_master+0x19e/0x200
[   47.811667]  rtnl_newlink+0x1319/0x1720
[   47.815644]  ? trace_hardirqs_on+0x10/0x10
[   47.820777]  ? rtnl_link_unregister+0x1f0/0x1f0
[   47.825468]  ? lock_acquire+0x170/0x3f0
[   47.829439]  ? lock_acquire+0x170/0x3f0
[   47.833943]  ? rtnetlink_rcv_msg+0x31d/0xb10
[   47.839041]  ? __lock_is_held+0xad/0x140
[   47.843104]  ? lock_downgrade+0x6e0/0x6e0
[   47.847242]  ? rtnl_link_unregister+0x1f0/0x1f0
[   47.851981]  rtnetlink_rcv_msg+0x3be/0xb10
[   47.856205]  ? rtnl_bridge_getlink+0x7a0/0x7a0
[   47.860774]  ? netdev_pick_tx+0x2e0/0x2e0
[   47.864930]  ? skb_clone+0x11c/0x310
[   47.868628]  ? save_trace+0x290/0x290
[   47.872421]  netlink_rcv_skb+0x127/0x370
[   47.876497]  ? rtnl_bridge_getlink+0x7a0/0x7a0
[   47.881065]  ? netlink_ack+0x980/0x980
[   47.885098]  netlink_unicast+0x437/0x620
[   47.889194]  ? netlink_attachskb+0x600/0x600
[   47.893752]  netlink_sendmsg+0x733/0xbe0
[   47.897950]  ? netlink_unicast+0x620/0x620
[   47.902302]  ? SYSC_sendto+0x2b0/0x2b0
[   47.906292]  ? security_socket_sendmsg+0x83/0xb0
[   47.911035]  ? netlink_unicast+0x620/0x620
[   47.915342]  sock_sendmsg+0xc5/0x100
[   47.919085]  ___sys_sendmsg+0x70a/0x840
[   47.923200]  ? copy_msghdr_from_user+0x380/0x380
[   47.927939]  ? trace_hardirqs_on+0x10/0x10
[   47.932195]  ? save_trace+0x290/0x290
[   47.935981]  ? trace_hardirqs_on+0x10/0x10
[   47.940301]  ? find_held_lock+0x2d/0x110
[   47.944449]  ? __might_fault+0x104/0x1b0
[   47.948593]  ? lock_acquire+0x170/0x3f0
[   47.952608]  ? lock_downgrade+0x6e0/0x6e0
[   47.956759]  ? __might_fault+0x177/0x1b0
[   47.960817]  ? _copy_to_user+0x82/0xd0
[   47.964701]  ? __fget_light+0x16a/0x1f0
[   47.968666]  ? sockfd_lookup_light+0xb2/0x160
[   47.973258]  __sys_sendmsg+0xa3/0x120
[   47.977192]  ? SyS_shutdown+0x160/0x160
[   47.981225]  ? move_addr_to_kernel+0x60/0x60
[   47.985629]  SyS_sendmsg+0x27/0x40
[   47.989245]  ? __sys_sendmsg+0x120/0x120
[   47.993296]  do_syscall_64+0x1d5/0x640
[   47.997174]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   48.002348] RIP: 0033:0x443d19
[   48.005531] RSP: 002b:00007ffd44188228 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   48.013310] RAX: ffffffffffffffda RBX: 00007ffd441882c0 RCX: 0000000000443d19
[   48.020749] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000010
[   48.028008] RBP: 00007ffd44188240 R08: 00000000bb1414ac R09: 00000000bb1414ac
[   48.035269] R10: 00000000bb1414ac R11: 0000000000000246 R12: 0000000000000003
[   48.042833] R13: 00007ffd44188270 R14: 0000000000000000 R15: 0000000000000000