[ 33.337418] audit: type=1800 audit(1567878702.448:33): pid=6917 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 33.366059] audit: type=1800 audit(1567878702.448:34): pid=6917 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 37.485142] random: sshd: uninitialized urandom read (32 bytes read) [ 37.736903] audit: type=1400 audit(1567878706.848:35): avc: denied { map } for pid=7089 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 37.801461] random: sshd: uninitialized urandom read (32 bytes read) [ 38.337968] random: sshd: uninitialized urandom read (32 bytes read) [ 225.931105] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.77' (ECDSA) to the list of known hosts. [ 231.489764] random: sshd: uninitialized urandom read (32 bytes read) [ 231.612181] audit: type=1400 audit(1567878900.728:36): avc: denied { map } for pid=7101 comm="syz-executor160" path="/root/syz-executor160074473" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 231.841139] IPVS: ftp: loaded support on port[0] = 21 [ 232.660365] chnl_net:caif_netlink_parms(): no params data found [ 232.690901] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.697672] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.705168] device bridge_slave_0 entered promiscuous mode [ 232.712542] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.718951] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.726134] device bridge_slave_1 entered promiscuous mode [ 232.741483] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 232.750533] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 232.766845] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 232.774328] team0: Port device team_slave_0 added [ 232.779887] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 232.787126] team0: Port device team_slave_1 added [ 232.792410] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 232.800803] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 232.852279] device hsr_slave_0 entered promiscuous mode [ 232.930464] device hsr_slave_1 entered promiscuous mode [ 232.970651] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 232.977900] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 232.991577] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.998059] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.005186] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.011597] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.038147] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 233.045436] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.053679] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 233.063112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 233.071880] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.078891] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.089354] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 233.095877] 8021q: adding VLAN 0 to HW filter on device team0 [ 233.105258] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 233.113202] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.119772] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.128930] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 233.137192] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.143815] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.157862] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 233.166551] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 233.180940] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 233.191277] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 233.202145] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 233.209142] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 233.217439] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 233.225662] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 233.233704] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 233.245775] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 233.256126] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 338.420037] INFO: rcu_preempt self-detected stall on CPU [ 338.426031] 0-...: (1 GPs behind) idle=66a/140000000000001/0 softirq=11728/11729 fqs=24 [ 338.434567] (t=10500 jiffies g=1244 c=1243 q=180) [ 338.440029] rcu_preempt kthread starved for 10451 jiffies! g1244 c1243 f0x0 RCU_GP_WAIT_FQS(3) ->state=0x402 ->cpu=1 [ 338.451247] rcu_preempt I29824 8 2 0x80000000 [ 338.458589] Call Trace: [ 338.461730] __schedule+0x7b8/0x1cd0 [ 338.465768] ? pci_mmcfg_check_reserved+0x150/0x150 [ 338.471957] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 338.477865] schedule+0x92/0x1c0 [ 338.481332] schedule_timeout+0x43e/0xe10 [ 338.485562] ? usleep_range+0x130/0x130 [ 338.489639] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 338.495730] ? prepare_to_swait+0xcc/0x100 [ 338.500696] ? call_timer_fn+0x670/0x670 [ 338.504850] rcu_gp_kthread+0xbf4/0x1ec0 [ 338.509101] ? force_qs_rnp+0x4d0/0x4d0 [ 338.513079] kthread+0x319/0x430 [ 338.516797] ? force_qs_rnp+0x4d0/0x4d0 [ 338.520910] ? kthread_create_on_node+0xd0/0xd0 [ 338.526463] ret_from_fork+0x24/0x30 [ 338.530898] NMI backtrace for cpu 0 [ 338.535001] CPU: 0 PID: 7105 Comm: kworker/0:3 Not tainted 4.14.142 #0 [ 338.542164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 338.552664] Workqueue: ipv6_addrconf addrconf_dad_work [ 338.558077] Call Trace: [ 338.560922] [ 338.563258] dump_stack+0x138/0x197 [ 338.567019] nmi_cpu_backtrace.cold+0x57/0x94 [ 338.571595] ? irq_force_complete_move.cold+0x7d/0x7d [ 338.577047] nmi_trigger_cpumask_backtrace+0x141/0x189 [ 338.582518] arch_trigger_cpumask_backtrace+0x14/0x20 [ 338.587712] rcu_dump_cpu_stacks+0x186/0x1d2 [ 338.592307] rcu_check_callbacks.cold+0x43d/0xd0a [ 338.597266] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 338.602951] update_process_times+0x31/0x70 [ 338.607580] tick_sched_handle+0x85/0x160 [ 338.612326] tick_sched_timer+0x43/0x130 [ 338.616525] __hrtimer_run_queues+0x270/0xbc0 [ 338.621191] ? tick_sched_do_timer+0xe0/0xe0 [ 338.625880] ? hrtimer_start_range_ns+0x10d0/0x10d0 [ 338.631778] hrtimer_interrupt+0x1d8/0x5d0 [ 338.636185] smp_apic_timer_interrupt+0x11c/0x5e0 [ 338.641035] apic_timer_interrupt+0x96/0xa0 [ 338.645404] [ 338.647653] RIP: 0010:__sanitizer_cov_trace_pc+0x15/0x60 [ 338.653279] RSP: 0018:ffff88808f737008 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff10 [ 338.661877] RAX: ffff888093f1a6c0 RBX: ffff888075dc3d38 RCX: 0000000000000000 [ 338.669508] RDX: 0000000000000601 RSI: ffff888075dc3dd0 RDI: ffff888075dc3d40 [ 338.678023] RBP: ffff88808f737060 R08: 0000000000000000 R09: ffff888093f1b0c8 [ 338.685824] R10: ffff888093f1b0a8 R11: ffff888093f1a6c0 R12: dffffc0000000000 [ 338.693852] R13: ffff888075dc3b40 R14: ffff888075dc3dc0 R15: ffff888075dc3dc0 [ 338.702087] ? hhf_dequeue+0x4b3/0xa60 [ 338.706498] __qdisc_run+0x2b8/0xe00 [ 338.710959] __dev_queue_xmit+0x1571/0x25e0 [ 338.715481] ? __lock_is_held+0xb6/0x140 [ 338.721186] ? check_preemption_disabled+0x3c/0x250 [ 338.726618] ? netdev_pick_tx+0x300/0x300 [ 338.731254] ? save_trace+0x290/0x290 [ 338.735639] ? br_nf_post_routing+0x27d/0xf00 [ 338.740629] ? br_forward_finish+0x1cc/0x320 [ 338.745755] ? find_held_lock+0x35/0x130 [ 338.750178] ? br_forward_finish+0x1cc/0x320 [ 338.754705] dev_queue_xmit+0x18/0x20 [ 338.758773] ? dev_queue_xmit+0x18/0x20 [ 338.762938] br_dev_queue_push_xmit+0x367/0x530 [ 338.767872] br_forward_finish+0xbc/0x320 [ 338.772026] ? br_dev_queue_push_xmit+0x530/0x530 [ 338.777149] ? br_fdb_add.cold+0x84/0x84 [ 338.781389] __br_forward+0x560/0x9c0 [ 338.786011] ? br_forward_finish+0x320/0x320 [ 338.790609] ? br_dev_queue_push_xmit+0x530/0x530 [ 338.795935] deliver_clone+0x61/0xc0 [ 338.799832] br_flood+0x3c8/0x530 [ 338.803402] br_dev_xmit+0x9a4/0xd40 [ 338.807111] ? check_preemption_disabled+0x3c/0x250 [ 338.812599] ? br_poll_controller+0x10/0x10 [ 338.817011] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 338.822464] dev_hard_start_xmit+0x18c/0x8b0 [ 338.828620] ? assoc_array_gc+0x1130/0x11d0 [ 338.835414] __dev_queue_xmit+0x1d95/0x25e0 [ 338.840221] ? trace_hardirqs_on+0x10/0x10 [ 338.845307] ? netdev_pick_tx+0x300/0x300 [ 338.849661] ? ip6_finish_output2+0x9ab/0x21b0 [ 338.854333] ? memcpy+0x46/0x50 [ 338.858246] dev_queue_xmit+0x18/0x20 [ 338.864484] ? dev_queue_xmit+0x18/0x20 [ 338.868791] neigh_resolve_output+0x4d8/0x870 [ 338.873589] ip6_finish_output2+0x9ab/0x21b0 [ 338.878357] ? ip6_forward_finish+0x480/0x480 [ 338.883126] ? lock_downgrade+0x6e0/0x6e0 [ 338.887641] ip6_finish_output+0x4f4/0xb50 [ 338.892136] ? ip6_finish_output+0x4f4/0xb50 [ 338.896861] ip6_output+0x20f/0x6d0 [ 338.900494] ? ip6_finish_output+0xb50/0xb50 [ 338.904900] ? __lock_is_held+0xb6/0x140 [ 338.909288] ? ip6_fragment+0x32c0/0x32c0 [ 338.914979] ndisc_send_skb+0xb56/0x11e0 [ 338.919131] ? ndisc_error_report+0x190/0x190 [ 338.923908] ndisc_send_ns+0x360/0x7e0 [ 338.928063] ? ndisc_netdev_event+0x3b0/0x3b0 [ 338.932633] ? trace_hardirqs_on_caller+0x400/0x590 [ 338.937657] ? addrconf_dad_work+0x97c/0xff0 [ 338.942417] ? trace_hardirqs_on+0xd/0x10 [ 338.946931] ? __local_bh_enable_ip+0x99/0x1a0 [ 338.951639] addrconf_dad_work+0xa40/0xff0 [ 338.956347] ? addrconf_dad_completed+0xa70/0xa70 [ 338.962086] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 338.968147] process_one_work+0x863/0x1600 [ 338.972386] ? pwq_dec_nr_in_flight+0x2e0/0x2e0 [ 338.977255] worker_thread+0x5d9/0x1050 [ 338.981517] kthread+0x319/0x430 [ 338.984895] ? process_one_work+0x1600/0x1600 [ 338.990056] ? kthread_create_on_node+0xd0/0xd0 [ 338.994731] ret_from_fork+0x24/0x30 [ 339.000038] INFO: rcu_sched detected stalls on CPUs/tasks: [ 339.006004] 0-...: (1 GPs behind) idle=66a/140000000000000/0 softirq=11728/11729 fqs=24 [ 339.015496] (detected by 1, t=10559 jiffies, g=890, c=889, q=4) [ 339.022356] Sending NMI from CPU 1 to CPUs 0: [ 339.028145] NMI backtrace for cpu 0 [ 339.028150] CPU: 0 PID: 7105 Comm: kworker/0:3 Not tainted 4.14.142 #0 [ 339.028153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 339.028155] Workqueue: ipv6_addrconf addrconf_dad_work [ 339.028159] task: ffff888093f1a6c0 task.stack: ffff88808f730000 [ 339.028162] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 [ 339.028164] RSP: 0018:ffff88808f737008 EFLAGS: 00000202 [ 339.028168] RAX: 0000000000000001 RBX: ffff888075dc3d38 RCX: 0000000000000000 [ 339.028171] RDX: ffff888075dc3d38 RSI: ffff888075dc3dd0 RDI: ffff888075dc3dd8 [ 339.028173] RBP: ffff88808f737060 R08: 0000000000000000 R09: ffff888093f1b0c8 [ 339.028176] R10: ffff888093f1b0a8 R11: ffff888093f1a6c0 R12: dffffc0000000000 [ 339.028179] R13: ffff888075dc3b40 R14: 0000000000000000 R15: ffff888075dc3dc0 [ 339.028182] FS: 0000000000000000(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 [ 339.028185] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 339.028187] CR2: 00007fff18af9550 CR3: 0000000093364000 CR4: 00000000001406f0 [ 339.028190] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 339.028193] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 339.028194] Call Trace: [ 339.028196] ? hhf_dequeue+0x588/0xa60 [ 339.028198] __qdisc_run+0x2b8/0xe00 [ 339.028200] __dev_queue_xmit+0x1571/0x25e0 [ 339.028202] ? __lock_is_held+0xb6/0x140 [ 339.028204] ? check_preemption_disabled+0x3c/0x250 [ 339.028206] ? netdev_pick_tx+0x300/0x300 [ 339.028208] ? save_trace+0x290/0x290 [ 339.028210] ? br_nf_post_routing+0x27d/0xf00 [ 339.028212] ? br_forward_finish+0x1cc/0x320 [ 339.028214] ? find_held_lock+0x35/0x130 [ 339.028216] ? br_forward_finish+0x1cc/0x320 [ 339.028218] dev_queue_xmit+0x18/0x20 [ 339.028220] ? dev_queue_xmit+0x18/0x20 [ 339.028222] br_dev_queue_push_xmit+0x367/0x530 [ 339.028224] br_forward_finish+0xbc/0x320 [ 339.028226] ? br_dev_queue_push_xmit+0x530/0x530 [ 339.028229] ? br_fdb_add.cold+0x84/0x84 [ 339.028230] __br_forward+0x560/0x9c0 [ 339.028232] ? br_forward_finish+0x320/0x320 [ 339.028235] ? br_dev_queue_push_xmit+0x530/0x530 [ 339.028237] deliver_clone+0x61/0xc0 [ 339.028238] br_flood+0x3c8/0x530 [ 339.028240] br_dev_xmit+0x9a4/0xd40 [ 339.028242] ? check_preemption_disabled+0x3c/0x250 [ 339.028244] ? br_poll_controller+0x10/0x10 [ 339.028247] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 339.028249] dev_hard_start_xmit+0x18c/0x8b0 [ 339.028251] ? assoc_array_gc+0x1130/0x11d0 [ 339.028253] __dev_queue_xmit+0x1d95/0x25e0 [ 339.028255] ? trace_hardirqs_on+0x10/0x10 [ 339.028257] ? netdev_pick_tx+0x300/0x300 [ 339.028259] ? ip6_finish_output2+0x9ab/0x21b0 [ 339.028260] ? memcpy+0x46/0x50 [ 339.028262] dev_queue_xmit+0x18/0x20 [ 339.028264] ? dev_queue_xmit+0x18/0x20 [ 339.028266] neigh_resolve_output+0x4d8/0x870 [ 339.028268] ip6_finish_output2+0x9ab/0x21b0 [ 339.028270] ? ip6_forward_finish+0x480/0x480 [ 339.028272] ? lock_downgrade+0x6e0/0x6e0 [ 339.028274] ip6_finish_output+0x4f4/0xb50 [ 339.028276] ? ip6_finish_output+0x4f4/0xb50 [ 339.028278] ip6_output+0x20f/0x6d0 [ 339.028280] ? ip6_finish_output+0xb50/0xb50 [ 339.028282] ? __lock_is_held+0xb6/0x140 [ 339.028284] ? ip6_fragment+0x32c0/0x32c0 [ 339.028285] ndisc_send_skb+0xb56/0x11e0 [ 339.028287] ? ndisc_error_report+0x190/0x190 [ 339.028289] ndisc_send_ns+0x360/0x7e0 [ 339.028291] ? ndisc_netdev_event+0x3b0/0x3b0 [ 339.028294] ? trace_hardirqs_on_caller+0x400/0x590 [ 339.028296] ? addrconf_dad_work+0x97c/0xff0 [ 339.028297] ? trace_hardirqs_on+0xd/0x10 [ 339.028299] ? __local_bh_enable_ip+0x99/0x1a0 [ 339.028301] addrconf_dad_work+0xa40/0xff0 [ 339.028304] ? addrconf_dad_completed+0xa70/0xa70 [ 339.028306] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 339.028308] process_one_work+0x863/0x1600 [ 339.028310] ? pwq_dec_nr_in_flight+0x2e0/0x2e0 [ 339.028312] worker_thread+0x5d9/0x1050 [ 339.028314] kthread+0x319/0x430 [ 339.028316] ? process_one_work+0x1600/0x1600 [ 339.028318] ? kthread_create_on_node+0xd0/0xd0 [ 339.028320] ret_from_fork+0x24/0x30 [ 339.028321] Code: 00 00 48 c7 c7 80 99 6e 86 4c 89 35 eb 3f be 07 41 be f4 ff ff ff e8 13 3c ee ff 48 c7 05 d5 3f be 07 00 00 00 00 e9 2f ec ff ff <65> 48 8b 04 25 40 ee 01 00 48 85 c0 74 1a 65 8b 15 4b fb a4 7e [ 339.028431] rcu_sched kthread starved for 10511 jiffies! g890 c889 f0x0 RCU_GP_WAIT_FQS(3) ->state=0x402 ->cpu=1 [ 339.472864] rcu_sched I29704 9 2 0x80000000 [ 339.478694] Call Trace: [ 339.481381] __schedule+0x7b8/0x1cd0 [ 339.485297] ? pci_mmcfg_check_reserved+0x150/0x150 [ 339.490402] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 339.495869] schedule+0x92/0x1c0 [ 339.499243] schedule_timeout+0x43e/0xe10 [ 339.503484] ? usleep_range+0x130/0x130 [ 339.507523] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 339.512804] ? prepare_to_swait+0xcc/0x100 [ 339.517304] ? call_timer_fn+0x670/0x670 [ 339.521720] rcu_gp_kthread+0xbf4/0x1ec0 [ 339.525886] ? force_qs_rnp+0x4d0/0x4d0 [ 339.529872] kthread+0x319/0x430 [ 339.533422] ? force_qs_rnp+0x4d0/0x4d0 [ 339.537414] ? kthread_create_on_node+0xd0/0xd0 [ 339.542092] ret_from_fork+0x24/0x30