[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 63.916256][ T26] kauditd_printk_skb: 7 callbacks suppressed [ 63.916266][ T26] audit: type=1800 audit(1568371309.335:29): pid=9641 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 63.951817][ T26] audit: type=1800 audit(1568371309.335:30): pid=9641 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.47' (ECDSA) to the list of known hosts. syzkaller login: [ 299.874925][ T9797] IPVS: ftp: loaded support on port[0] = 21 [ 299.926497][ T9797] chnl_net:caif_netlink_parms(): no params data found [ 299.950342][ T9797] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.957751][ T9797] bridge0: port 1(bridge_slave_0) entered disabled state [ 299.965371][ T9797] device bridge_slave_0 entered promiscuous mode [ 299.972831][ T9797] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.980032][ T9797] bridge0: port 2(bridge_slave_1) entered disabled state [ 299.987824][ T9797] device bridge_slave_1 entered promiscuous mode [ 300.001718][ T9797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 300.012785][ T9797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 300.030246][ T9797] team0: Port device team_slave_0 added [ 300.037703][ T9797] team0: Port device team_slave_1 added [ 300.116079][ T9797] device hsr_slave_0 entered promiscuous mode [ 300.174400][ T9797] device hsr_slave_1 entered promiscuous mode [ 300.260467][ T9797] bridge0: port 2(bridge_slave_1) entered blocking state [ 300.267753][ T9797] bridge0: port 2(bridge_slave_1) entered forwarding state [ 300.275114][ T9797] bridge0: port 1(bridge_slave_0) entered blocking state [ 300.282473][ T9797] bridge0: port 1(bridge_slave_0) entered forwarding state [ 300.307306][ T9797] 8021q: adding VLAN 0 to HW filter on device bond0 [ 300.318726][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 300.337372][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 300.345096][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 300.352984][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 300.364797][ T9797] 8021q: adding VLAN 0 to HW filter on device team0 [ 300.375241][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 300.383840][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 300.391024][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 300.400536][ T9799] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 300.409261][ T9799] bridge0: port 2(bridge_slave_1) entered blocking state [ 300.416367][ T9799] bridge0: port 2(bridge_slave_1) entered forwarding state [ 300.430417][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 300.439430][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 300.450217][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready executing program [ 300.460312][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 300.470824][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 300.480239][ T9797] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 300.494495][ T9797] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 405.523972][ C0] rcu: INFO: rcu_preempt self-detected stall on CPU [ 405.530626][ C0] rcu: 0-...!: (1 GPs behind) idle=df2/1/0x4000000000000002 softirq=9047/9048 fqs=24 [ 405.540238][ C0] (t=10500 jiffies g=9161 q=87) [ 405.545157][ C0] rcu: rcu_preempt kthread starved for 10451 jiffies! g9161 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1 [ 405.556407][ C0] rcu: RCU grace-period kthread stack dump: [ 405.562282][ C0] rcu_preempt I29688 10 2 0x80004000 [ 405.568595][ C0] Call Trace: [ 405.571958][ C0] __schedule+0x755/0x1580 [ 405.576396][ C0] ? __sched_text_start+0x8/0x8 [ 405.581243][ C0] schedule+0xd9/0x260 [ 405.585295][ C0] schedule_timeout+0x486/0xc50 [ 405.590124][ C0] ? rwlock_bug.part.0+0x90/0x90 [ 405.595050][ C0] ? usleep_range+0x170/0x170 [ 405.599707][ C0] ? trace_hardirqs_on+0x67/0x240 [ 405.604709][ C0] ? __kasan_check_read+0x11/0x20 [ 405.609723][ C0] ? __next_timer_interrupt+0x1a0/0x1a0 [ 405.615247][ C0] ? swake_up_one+0x60/0x60 [ 405.619730][ C0] rcu_gp_kthread+0x9b2/0x18c0 [ 405.624474][ C0] ? rcu_barrier+0x310/0x310 [ 405.629040][ C0] ? trace_hardirqs_on+0x67/0x240 [ 405.634052][ C0] ? __kasan_check_read+0x11/0x20 [ 405.639067][ C0] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 405.645291][ C0] ? __kthread_parkme+0x108/0x1c0 [ 405.650295][ C0] ? __kasan_check_read+0x11/0x20 [ 405.655317][ C0] kthread+0x361/0x430 [ 405.659364][ C0] ? rcu_barrier+0x310/0x310 [ 405.663949][ C0] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 405.670173][ C0] ret_from_fork+0x24/0x30 [ 405.674595][ C0] NMI backtrace for cpu 0 [ 405.679098][ C0] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.3.0-rc8+ #0 [ 405.686439][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 405.696580][ C0] Workqueue: ipv6_addrconf addrconf_dad_work [ 405.702538][ C0] Call Trace: [ 405.705801][ C0] [ 405.708666][ C0] dump_stack+0x172/0x1f0 [ 405.712978][ C0] nmi_cpu_backtrace.cold+0x70/0xb2 [ 405.718171][ C0] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 405.724392][ C0] ? lapic_can_unplug_cpu.cold+0x45/0x45 [ 405.730002][ C0] nmi_trigger_cpumask_backtrace+0x23b/0x28b [ 405.735980][ C0] arch_trigger_cpumask_backtrace+0x14/0x20 [ 405.741855][ C0] rcu_dump_cpu_stacks+0x183/0x1cf [ 405.746948][ C0] rcu_sched_clock_irq.cold+0x4dd/0xc13 [ 405.752480][ C0] ? raise_softirq+0x138/0x340 [ 405.757223][ C0] update_process_times+0x32/0x80 [ 405.762225][ C0] tick_sched_handle+0xa2/0x190 [ 405.767056][ C0] tick_sched_timer+0x53/0x140 [ 405.771800][ C0] __hrtimer_run_queues+0x364/0xe40 [ 405.776976][ C0] ? tick_sched_do_timer+0x1b0/0x1b0 [ 405.782242][ C0] ? hrtimer_start_range_ns+0xcb0/0xcb0 [ 405.787764][ C0] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 405.793469][ C0] ? ktime_get_update_offsets_now+0x2d3/0x440 [ 405.799542][ C0] hrtimer_interrupt+0x314/0x770 [ 405.804546][ C0] smp_apic_timer_interrupt+0x160/0x610 [ 405.810078][ C0] apic_timer_interrupt+0xf/0x20 [ 405.814993][ C0] [ 405.817961][ C0] RIP: 0010:hhf_dequeue+0x5f7/0xa20 [ 405.823148][ C0] Code: 1f 16 ac fb 45 84 f6 74 63 e8 d5 14 ac fb 48 89 d8 48 c1 e8 03 42 80 3c 20 00 0f 85 f3 03 00 00 48 8d 7b 08 4c 8b 3b 48 89 fa <48> c1 ea 03 42 80 3c 22 00 0f 85 d0 03 00 00 49 8d 7f 08 4c 8b 73 [ 405.842732][ C0] RSP: 0018:ffff8880a98d6d58 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 405.851141][ C0] RAX: 1ffff1101142ef37 RBX: ffff88808a1779b8 RCX: ffffffff85c66051 [ 405.859101][ C0] RDX: ffff88808a1779c0 RSI: ffffffff85c6605b RDI: ffff88808a1779c0 [ 405.867059][ C0] RBP: ffff8880a98d6da8 R08: ffff8880a98c2300 R09: 0000000000000000 [ 405.875011][ C0] R10: fffffbfff134afaf R11: ffff8880a98c2300 R12: dffffc0000000000 [ 405.882961][ C0] R13: ffff88808a1776c0 R14: 0000000000000001 R15: ffff88808a177a50 [ 405.890927][ C0] ? hhf_dequeue+0x5d1/0xa20 [ 405.895499][ C0] ? hhf_dequeue+0x5db/0xa20 [ 405.900070][ C0] ? hhf_dequeue+0x5db/0xa20 [ 405.904733][ C0] __qdisc_run+0x1e7/0x19d0 [ 405.909239][ C0] ? dev_queue_xmit+0x18/0x20 [ 405.913899][ C0] __dev_queue_xmit+0x16f1/0x3650 [ 405.918906][ C0] ? __local_bh_enable_ip+0x15a/0x270 [ 405.924271][ C0] ? netdev_core_pick_tx+0x2f0/0x2f0 [ 405.929548][ C0] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 405.935801][ C0] ? br_nf_post_routing+0xd73/0x1d30 [ 405.941087][ C0] ? br_forward_finish+0x235/0x400 [ 405.946181][ C0] ? __kasan_check_read+0x11/0x20 [ 405.951188][ C0] ? __dev_queue_xmit+0x2b15/0x3650 [ 405.956363][ C0] dev_queue_xmit+0x18/0x20 [ 405.960842][ C0] ? dev_queue_xmit+0x18/0x20 [ 405.965496][ C0] br_dev_queue_push_xmit+0x3f3/0x5c0 [ 405.970940][ C0] ? nf_hook_slow+0xf0/0x1e0 [ 405.975514][ C0] br_forward_finish+0xfa/0x400 [ 405.980347][ C0] ? br_dev_queue_push_xmit+0x5c0/0x5c0 [ 405.985878][ C0] ? br_fdb_add.cold+0x8c/0x8c [ 405.990626][ C0] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 405.996335][ C0] ? nf_hook_slow+0xf0/0x1e0 [ 406.000905][ C0] __br_forward+0x641/0xb00 [ 406.005396][ C0] ? br_forward_finish+0x400/0x400 [ 406.010496][ C0] ? br_dev_queue_push_xmit+0x5c0/0x5c0 [ 406.016020][ C0] deliver_clone+0x61/0xc0 [ 406.020423][ C0] maybe_deliver+0x2c7/0x390 [ 406.025003][ C0] br_flood+0x13a/0x3d0 [ 406.029197][ C0] br_dev_xmit+0x98c/0x15a0 [ 406.033685][ C0] ? br_poll_controller+0x10/0x10 [ 406.038689][ C0] ? netif_skb_features+0x6c2/0xb90 [ 406.043900][ C0] ? netdev_set_sb_channel+0xe0/0xe0 [ 406.049201][ C0] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 406.055456][ C0] ? validate_xmit_xfrm+0x43c/0xf10 [ 406.060632][ C0] ? rwlock_bug.part.0+0x90/0x90 [ 406.065549][ C0] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 406.071773][ C0] dev_hard_start_xmit+0x1a3/0x9c0 [ 406.076863][ C0] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 406.083080][ C0] __dev_queue_xmit+0x2b15/0x3650 [ 406.088133][ C0] ? ndisc_constructor+0x1a5/0xb40 [ 406.093232][ C0] ? netdev_core_pick_tx+0x2f0/0x2f0 [ 406.098514][ C0] ? ip6_finish_output2+0x1034/0x2520 [ 406.103889][ C0] ? __kasan_check_read+0x11/0x20 [ 406.108918][ C0] ? lock_downgrade+0x920/0x920 [ 406.113761][ C0] dev_queue_xmit+0x18/0x20 [ 406.118253][ C0] ? dev_queue_xmit+0x18/0x20 [ 406.122987][ C0] neigh_resolve_output+0x5a5/0x970 [ 406.128180][ C0] ip6_finish_output2+0x1034/0x2520 [ 406.133355][ C0] ? ip6_mtu+0x2e6/0x460 [ 406.137576][ C0] ? ip6_forward_finish+0x530/0x530 [ 406.142755][ C0] ? lock_downgrade+0x920/0x920 [ 406.147593][ C0] ? ip6_mtu+0x16f/0x460 [ 406.151816][ C0] __ip6_finish_output+0x444/0xa50 [ 406.156906][ C0] ? __ip6_finish_output+0x444/0xa50 [ 406.162177][ C0] ip6_finish_output+0x38/0x1f0 [ 406.167004][ C0] ip6_output+0x235/0x7c0 [ 406.171313][ C0] ? ip6_finish_output+0x1f0/0x1f0 [ 406.176400][ C0] ? __ip6_finish_output+0xa50/0xa50 [ 406.181672][ C0] ? ndisc_send_skb+0x803/0x1450 [ 406.186590][ C0] ndisc_send_skb+0xf29/0x1450 [ 406.191336][ C0] ? nf_hook.constprop.0+0x560/0x560 [ 406.196660][ C0] ? skb_set_owner_w+0x21b/0x320 [ 406.203604][ C0] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 406.209322][ C0] ndisc_send_ns+0x3a9/0x850 [ 406.213899][ C0] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 406.220158][ C0] ? ndisc_netdev_event+0x4e0/0x4e0 [ 406.225341][ C0] ? addrconf_dad_work+0xac4/0x1150 [ 406.230580][ C0] ? trace_hardirqs_on+0x67/0x240 [ 406.235716][ C0] ? addrconf_dad_work+0xac4/0x1150 [ 406.240903][ C0] addrconf_dad_work+0xb88/0x1150 [ 406.245916][ C0] ? addrconf_dad_completed+0xbb0/0xbb0 [ 406.251576][ C0] ? lock_acquire+0x190/0x410 [ 406.256250][ C0] ? trace_hardirqs_on+0x67/0x240 [ 406.261386][ C0] process_one_work+0x9af/0x1740 [ 406.266324][ C0] ? pwq_dec_nr_in_flight+0x320/0x320 [ 406.271693][ C0] ? lock_acquire+0x190/0x410 [ 406.276363][ C0] worker_thread+0x98/0xe40 [ 406.280859][ C0] ? trace_hardirqs_on+0x67/0x240 [ 406.285872][ C0] kthread+0x361/0x430 [ 406.289923][ C0] ? process_one_work+0x1740/0x1740 [ 406.295102][ C0] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 406.301332][ C0] ret_from_fork+0x24/0x30