[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   32.547715] random: sshd: uninitialized urandom read (32 bytes read)
[   32.815132] kauditd_printk_skb: 9 callbacks suppressed
[   32.815144] audit: type=1400 audit(1568131436.243:35): avc:  denied  { map } for  pid=6827 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   32.887519] random: sshd: uninitialized urandom read (32 bytes read)
[   33.416950] random: sshd: uninitialized urandom read (32 bytes read)
[  153.060674] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.27' (ECDSA) to the list of known hosts.
[  158.637154] random: sshd: uninitialized urandom read (32 bytes read)
[  158.751917] audit: type=1400 audit(1568131562.183:36): avc:  denied  { map } for  pid=6840 comm="syz-executor609" path="/root/syz-executor609699737" dev="sda1" ino=2233 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[  159.120894] IPVS: ftp: loaded support on port[0] = 21
[  159.934182] chnl_net:caif_netlink_parms(): no params data found
[  159.962802] bridge0: port 1(bridge_slave_0) entered blocking state
[  159.969358] bridge0: port 1(bridge_slave_0) entered disabled state
[  159.976497] device bridge_slave_0 entered promiscuous mode
[  159.983421] bridge0: port 2(bridge_slave_1) entered blocking state
[  159.989777] bridge0: port 2(bridge_slave_1) entered disabled state
[  159.996820] device bridge_slave_1 entered promiscuous mode
[  160.010550] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  160.019033] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  160.035444] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  160.043237] team0: Port device team_slave_0 added
[  160.048601] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  160.055794] team0: Port device team_slave_1 added
[  160.061027] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  160.068121] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  160.151782] device hsr_slave_0 entered promiscuous mode
[  160.210318] device hsr_slave_1 entered promiscuous mode
[  160.250527] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  160.257430] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  160.270014] bridge0: port 2(bridge_slave_1) entered blocking state
[  160.276451] bridge0: port 2(bridge_slave_1) entered forwarding state
[  160.283508] bridge0: port 1(bridge_slave_0) entered blocking state
[  160.289910] bridge0: port 1(bridge_slave_0) entered forwarding state
[  160.315530] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  160.322647] 8021q: adding VLAN 0 to HW filter on device bond0
[  160.332154] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  160.341193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  160.359305] bridge0: port 1(bridge_slave_0) entered disabled state
[  160.366616] bridge0: port 2(bridge_slave_1) entered disabled state
[  160.376431] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  160.382654] 8021q: adding VLAN 0 to HW filter on device team0
[  160.390848] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  160.398360] bridge0: port 1(bridge_slave_0) entered blocking state
[  160.404869] bridge0: port 1(bridge_slave_0) entered forwarding state
[  160.414197] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  160.421899] bridge0: port 2(bridge_slave_1) entered blocking state
[  160.428212] bridge0: port 2(bridge_slave_1) entered forwarding state
[  160.445805] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  160.456134] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  160.466711] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  160.474487] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  160.482051] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  160.489402] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  160.498809] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  160.506325] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
executing program
[  160.513259] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  160.523786] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  160.533990] 8021q: adding VLAN 0 to HW filter on device batadv0
[  265.690024] INFO: rcu_preempt self-detected stall on CPU
[  265.695550] 	1-...: (1 GPs behind) idle=cc6/140000000000001/0 softirq=9467/9475 fqs=5246 
[  265.703839] 	 (t=10500 jiffies g=1053 c=1052 q=21)
[  265.710160] NMI backtrace for cpu 1
[  265.713947] CPU: 1 PID: 6844 Comm: kworker/1:3 Not tainted 4.14.143 #0
[  265.720596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  265.730073] Workqueue: ipv6_addrconf addrconf_dad_work
[  265.735352] Call Trace:
[  265.737923]  <IRQ>
[  265.740113]  dump_stack+0x138/0x197
[  265.743727]  nmi_cpu_backtrace.cold+0x57/0x94
[  265.748266]  ? irq_force_complete_move.cold+0x7d/0x7d
[  265.753435]  nmi_trigger_cpumask_backtrace+0x141/0x189
[  265.758692]  arch_trigger_cpumask_backtrace+0x14/0x20
[  265.763859]  rcu_dump_cpu_stacks+0x186/0x1d2
[  265.768247]  rcu_check_callbacks.cold+0x43d/0xd0a
[  265.773070]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[  265.778501]  update_process_times+0x31/0x70
[  265.782799]  tick_sched_handle+0x85/0x160
[  265.786925]  tick_sched_timer+0x43/0x130
[  265.790961]  __hrtimer_run_queues+0x270/0xbc0
[  265.795443]  ? tick_sched_do_timer+0xe0/0xe0
[  265.799829]  ? hrtimer_start_range_ns+0x10d0/0x10d0
[  265.804841]  hrtimer_interrupt+0x1d8/0x5d0
[  265.809120]  smp_apic_timer_interrupt+0x11c/0x5e0
[  265.813945]  apic_timer_interrupt+0x96/0xa0
[  265.818257]  </IRQ>
[  265.820514] RIP: 0010:hhf_dequeue+0x5dd/0xa60
[  265.824985] RSP: 0018:ffff88807d92f010 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10
[  265.832668] RAX: ffff8880a11ee710 RBX: ffff8880a11ee678 RCX: 0000000000000000
[  265.839926] RDX: 1ffff1101423dce2 RSI: ffff8880a11ee710 RDI: ffff8880a11ee718
[  265.847309] RBP: ffff88807d92f060 R08: 0000000000000000 R09: ffff8880a8ab2f08
[  265.854750] R10: ffff8880a8ab2ee8 R11: ffff8880a8ab2500 R12: dffffc0000000000
[  265.862000] R13: ffff8880a11ee480 R14: ffff8880a11ee710 R15: ffff8880a11ee700
[  265.869383]  __qdisc_run+0x2b8/0xe00
[  265.873127]  __dev_queue_xmit+0x1571/0x25e0
[  265.877436]  ? __lock_is_held+0xb6/0x140
[  265.881570]  ? check_preemption_disabled+0x3c/0x250
[  265.886581]  ? netdev_pick_tx+0x300/0x300
[  265.890705]  ? save_trace+0x290/0x290
[  265.894537]  ? br_nf_post_routing+0x27d/0xf00
[  265.899026]  ? br_forward_finish+0x1cc/0x320
[  265.903417]  ? find_held_lock+0x35/0x130
[  265.907458]  ? br_forward_finish+0x1cc/0x320
[  265.911858]  dev_queue_xmit+0x18/0x20
[  265.915635]  ? dev_queue_xmit+0x18/0x20
[  265.919586]  br_dev_queue_push_xmit+0x367/0x530
[  265.924231]  br_forward_finish+0xbc/0x320
[  265.928377]  ? br_dev_queue_push_xmit+0x530/0x530
[  265.933207]  ? br_fdb_add.cold+0x84/0x84
[  265.937525]  __br_forward+0x560/0x9c0
[  265.941305]  ? br_forward_finish+0x320/0x320
[  265.945692]  ? br_dev_queue_push_xmit+0x530/0x530
[  265.950513]  deliver_clone+0x61/0xc0
[  265.954203]  br_flood+0x3c8/0x530
[  265.957638]  br_dev_xmit+0x9a4/0xd40
[  265.961327]  ? check_preemption_disabled+0x3c/0x250
[  265.966319]  ? br_poll_controller+0x10/0x10
[  265.971589]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[  265.977019]  dev_hard_start_xmit+0x18c/0x8b0
[  265.981419]  ? assoc_array_gc+0x11b0/0x11d0
[  265.985717]  __dev_queue_xmit+0x1d95/0x25e0
[  265.990017]  ? trace_hardirqs_on+0x10/0x10
[  265.994238]  ? netdev_pick_tx+0x300/0x300
[  265.998367]  ? ip6_finish_output2+0x9ab/0x21b0
[  266.002956]  ? memcpy+0x46/0x50
[  266.006231]  dev_queue_xmit+0x18/0x20
[  266.010022]  ? dev_queue_xmit+0x18/0x20
[  266.014068]  neigh_resolve_output+0x4d8/0x870
[  266.018557]  ip6_finish_output2+0x9ab/0x21b0
[  266.022956]  ? ip6_forward_finish+0x480/0x480
[  266.027451]  ? lock_downgrade+0x6e0/0x6e0
[  266.031623]  ip6_finish_output+0x4f4/0xb50
[  266.035843]  ? ip6_finish_output+0x4f4/0xb50
[  266.040389]  ip6_output+0x20f/0x6d0
[  266.044006]  ? ip6_finish_output+0xb50/0xb50
[  266.048410]  ? __lock_is_held+0xb6/0x140
[  266.052452]  ? ip6_fragment+0x32c0/0x32c0
[  266.056637]  ndisc_send_skb+0xb56/0x11e0
[  266.060693]  ? ndisc_error_report+0x190/0x190
[  266.065169]  ndisc_send_ns+0x360/0x7e0
[  266.069053]  ? ndisc_netdev_event+0x3b0/0x3b0
[  266.073541]  ? trace_hardirqs_on_caller+0x400/0x590
[  266.078541]  ? addrconf_dad_work+0x97c/0xff0
[  266.082986]  ? trace_hardirqs_on+0xd/0x10
[  266.087131]  ? __local_bh_enable_ip+0x99/0x1a0
[  266.091719]  addrconf_dad_work+0xa40/0xff0
[  266.095940]  ? addrconf_dad_completed+0xa70/0xa70
[  266.100769]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[  266.106199]  process_one_work+0x863/0x1600
[  266.110415]  ? pwq_dec_nr_in_flight+0x2e0/0x2e0
[  266.115065]  worker_thread+0x5d9/0x1050
[  266.119023]  kthread+0x319/0x430
[  266.122366]  ? process_one_work+0x1600/0x1600
[  266.126836]  ? kthread_create_on_node+0xd0/0xd0
[  266.131483]  ret_from_fork+0x24/0x30