[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 32.529525] random: sshd: uninitialized urandom read (32 bytes read) [ 32.900432] kauditd_printk_skb: 10 callbacks suppressed [ 32.900441] audit: type=1400 audit(1568078109.101:35): avc: denied { map } for pid=6971 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 32.965558] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.527399] random: sshd: uninitialized urandom read (32 bytes read) [ 139.010331] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.252' (ECDSA) to the list of known hosts. [ 144.545300] random: sshd: uninitialized urandom read (32 bytes read) [ 144.661197] audit: type=1400 audit(1568078220.861:36): avc: denied { map } for pid=6984 comm="syz-executor415" path="/root/syz-executor415241146" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 144.891196] IPVS: ftp: loaded support on port[0] = 21 [ 145.738027] chnl_net:caif_netlink_parms(): no params data found [ 145.768257] bridge0: port 1(bridge_slave_0) entered blocking state [ 145.776393] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.783709] device bridge_slave_0 entered promiscuous mode [ 145.790767] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.797213] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.804610] device bridge_slave_1 entered promiscuous mode [ 145.816857] audit: type=1400 audit(1568078222.011:37): avc: denied { map } for pid=6989 comm="sh" path="/bin/dash" dev="sda1" ino=1473 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 145.847420] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 145.856373] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 145.872624] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 145.879762] team0: Port device team_slave_0 added [ 145.885293] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 145.892346] team0: Port device team_slave_1 added [ 145.897471] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 145.904800] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 145.962124] device hsr_slave_0 entered promiscuous mode [ 146.030342] device hsr_slave_1 entered promiscuous mode [ 146.090729] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 146.097654] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 146.109916] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.116400] bridge0: port 2(bridge_slave_1) entered forwarding state [ 146.123339] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.129709] bridge0: port 1(bridge_slave_0) entered forwarding state [ 146.156431] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 146.163486] 8021q: adding VLAN 0 to HW filter on device bond0 [ 146.172438] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 146.181879] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 146.202351] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.209517] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.219297] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 146.225946] 8021q: adding VLAN 0 to HW filter on device team0 [ 146.234143] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 146.241789] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.251738] bridge0: port 1(bridge_slave_0) entered forwarding state [ 146.271043] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 146.278605] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.285014] bridge0: port 2(bridge_slave_1) entered forwarding state [ 146.292857] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 146.300645] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 146.308147] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 146.318320] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 146.329314] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 146.335623] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 146.343273] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 146.351241] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 146.363028] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 146.373182] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 251.410026] INFO: rcu_preempt self-detected stall on CPU [ 251.415605] 1-...: (1 GPs behind) idle=1f6/140000000000001/0 softirq=10868/10872 fqs=5 [ 251.423811] (t=10500 jiffies g=1138 c=1137 q=108) [ 251.428874] rcu_preempt kthread starved for 10490 jiffies! g1138 c1137 f0x0 RCU_GP_WAIT_FQS(3) ->state=0x0 ->cpu=0 [ 251.439337] rcu_preempt R running task 29776 8 2 0x80000000 [ 251.446538] Call Trace: [ 251.449191] __schedule+0x7b8/0x1cd0 [ 251.452894] ? pci_mmcfg_check_reserved+0x150/0x150 [ 251.457887] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 251.462974] schedule+0x92/0x1c0 [ 251.466320] schedule_timeout+0x43e/0xe10 [ 251.470448] ? usleep_range+0x130/0x130 [ 251.474403] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 251.479524] ? prepare_to_swait+0xcc/0x100 [ 251.483744] ? call_timer_fn+0x670/0x670 [ 251.487791] rcu_gp_kthread+0xbf4/0x1ec0 [ 251.491854] ? force_qs_rnp+0x4d0/0x4d0 [ 251.495821] kthread+0x319/0x430 [ 251.499165] ? force_qs_rnp+0x4d0/0x4d0 [ 251.503127] ? kthread_create_on_node+0xd0/0xd0 [ 251.507785] ret_from_fork+0x24/0x30 [ 251.512931] NMI backtrace for cpu 1 [ 251.516758] CPU: 1 PID: 18 Comm: kworker/1:0 Not tainted 4.14.142 #0 [ 251.523227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 251.532660] Workqueue: ipv6_addrconf addrconf_dad_work [ 251.537931] Call Trace: [ 251.540495] [ 251.542692] dump_stack+0x138/0x197 [ 251.546325] nmi_cpu_backtrace.cold+0x57/0x94 [ 251.550812] ? irq_force_complete_move.cold+0x7d/0x7d [ 251.555988] nmi_trigger_cpumask_backtrace+0x141/0x189 [ 251.561247] arch_trigger_cpumask_backtrace+0x14/0x20 [ 251.566426] rcu_dump_cpu_stacks+0x186/0x1d2 [ 251.570817] rcu_check_callbacks.cold+0x43d/0xd0a [ 251.575640] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 251.581083] update_process_times+0x31/0x70 [ 251.585385] tick_sched_handle+0x85/0x160 [ 251.589512] tick_sched_timer+0x43/0x130 [ 251.593554] __hrtimer_run_queues+0x270/0xbc0 [ 251.598030] ? tick_sched_do_timer+0xe0/0xe0 [ 251.602420] ? hrtimer_start_range_ns+0x10d0/0x10d0 [ 251.607419] hrtimer_interrupt+0x1d8/0x5d0 [ 251.611693] smp_apic_timer_interrupt+0x11c/0x5e0 [ 251.616517] apic_timer_interrupt+0x96/0xa0 [ 251.620815] [ 251.623037] RIP: 0010:__sanitizer_cov_trace_pc+0x28/0x60 [ 251.628465] RSP: 0018:ffff8880a9d6f008 EFLAGS: 00000297 ORIG_RAX: ffffffffffffff10 [ 251.636153] RAX: ffff8880a9d5e4c0 RBX: ffff88807e45f8b8 RCX: 0000000000000000 [ 251.643403] RDX: 0000000000000000 RSI: ffff88807e45f950 RDI: ffff88807e45f958 [ 251.650652] RBP: ffff8880a9d6f060 R08: 0000000000000000 R09: ffff8880a9d5eec8 [ 251.657901] R10: ffff8880a9d5eea8 R11: ffff8880a9d5e4c0 R12: dffffc0000000000 [ 251.665150] R13: ffff88807e45f6c0 R14: ffff88807e45f950 R15: ffff88807e45f940 [ 251.672466] ? hhf_dequeue+0x628/0xa60 [ 251.676376] __qdisc_run+0x2b8/0xe00 [ 251.680114] __dev_queue_xmit+0x1571/0x25e0 [ 251.684416] ? __lock_is_held+0xb6/0x140 [ 251.688458] ? check_preemption_disabled+0x3c/0x250 [ 251.693468] ? netdev_pick_tx+0x300/0x300 [ 251.697607] ? save_trace+0x290/0x290 [ 251.701427] ? br_nf_post_routing+0x27d/0xf00 [ 251.705934] ? br_forward_finish+0x1cc/0x320 [ 251.710322] ? find_held_lock+0x35/0x130 [ 251.714383] ? br_forward_finish+0x1cc/0x320 [ 251.718774] dev_queue_xmit+0x18/0x20 [ 251.722552] ? dev_queue_xmit+0x18/0x20 [ 251.726508] br_dev_queue_push_xmit+0x367/0x530 [ 251.731159] br_forward_finish+0xbc/0x320 [ 251.735288] ? br_dev_queue_push_xmit+0x530/0x530 [ 251.740155] ? br_fdb_add.cold+0x84/0x84 [ 251.744201] __br_forward+0x560/0x9c0 [ 251.747991] ? br_forward_finish+0x320/0x320 [ 251.752381] ? br_dev_queue_push_xmit+0x530/0x530 [ 251.757204] deliver_clone+0x61/0xc0 [ 251.760899] br_flood+0x3c8/0x530 [ 251.764336] br_dev_xmit+0x9a4/0xd40 [ 251.768033] ? check_preemption_disabled+0x3c/0x250 [ 251.773041] ? br_poll_controller+0x10/0x10 [ 251.777345] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 251.782776] dev_hard_start_xmit+0x18c/0x8b0 [ 251.787164] ? assoc_array_gc+0x1130/0x11d0 [ 251.791470] __dev_queue_xmit+0x1d95/0x25e0 [ 251.795772] ? trace_hardirqs_on+0x10/0x10 [ 251.799991] ? netdev_pick_tx+0x300/0x300 [ 251.804126] ? ip6_finish_output2+0x9ab/0x21b0 [ 251.808692] ? memcpy+0x46/0x50 [ 251.811964] dev_queue_xmit+0x18/0x20 [ 251.815744] ? dev_queue_xmit+0x18/0x20 [ 251.819750] neigh_resolve_output+0x4d8/0x870 [ 251.824232] ip6_finish_output2+0x9ab/0x21b0 [ 251.828625] ? ip6_forward_finish+0x480/0x480 [ 251.833109] ? lock_downgrade+0x6e0/0x6e0 [ 251.837239] ip6_finish_output+0x4f4/0xb50 [ 251.841464] ? ip6_finish_output+0x4f4/0xb50 [ 251.845854] ip6_output+0x20f/0x6d0 [ 251.849471] ? ip6_finish_output+0xb50/0xb50 [ 251.853860] ? __lock_is_held+0xb6/0x140 [ 251.857902] ? ip6_fragment+0x32c0/0x32c0 [ 251.862077] ndisc_send_skb+0xb56/0x11e0 [ 251.866134] ? ndisc_error_report+0x190/0x190 [ 251.870703] ndisc_send_ns+0x360/0x7e0 [ 251.874582] ? ndisc_netdev_event+0x3b0/0x3b0 [ 251.879059] ? trace_hardirqs_on_caller+0x400/0x590 [ 251.884057] ? addrconf_dad_work+0x97c/0xff0 [ 251.888443] ? trace_hardirqs_on+0xd/0x10 [ 251.892570] ? __local_bh_enable_ip+0x99/0x1a0 [ 251.897135] addrconf_dad_work+0xa40/0xff0 [ 251.901351] ? addrconf_dad_completed+0xa70/0xa70 [ 251.906170] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 251.911599] process_one_work+0x863/0x1600 [ 251.915816] ? pwq_dec_nr_in_flight+0x2e0/0x2e0 [ 251.920470] worker_thread+0x5d9/0x1050 [ 251.924431] kthread+0x319/0x430 [ 251.927786] ? process_one_work+0x1600/0x1600 [ 251.932258] ? kthread_create_on_node+0xd0/0xd0 [ 251.936906] ret_from_fork+0x24/0x30 [ 251.950027] INFO: rcu_sched detected stalls on CPUs/tasks: [ 251.955698] 1-...: (1 GPs behind) idle=1f6/140000000000000/0 softirq=10868/10872 fqs=5 [ 251.963910] (detected by 0, t=10555 jiffies, g=791, c=790, q=8) [ 251.970060] Sending NMI from CPU 0 to CPUs 1: [ 251.975104] NMI backtrace for cpu 1 [ 251.975107] CPU: 1 PID: 18 Comm: kworker/1:0 Not tainted 4.14.142 #0 [ 251.975111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 251.975113] Workqueue: ipv6_addrconf addrconf_dad_work [ 251.975117] task: ffff8880a9d5e4c0 task.stack: ffff8880a9d68000 [ 251.975120] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 [ 251.975122] RSP: 0018:ffff8880a9d6f008 EFLAGS: 00000202 [ 251.975126] RAX: 0000000000000001 RBX: ffff88807e45f8b8 RCX: 0000000000000000 [ 251.975129] RDX: ffff88807e45f8b8 RSI: ffff88807e45f950 RDI: ffff88807e45f958 [ 251.975132] RBP: ffff8880a9d6f060 R08: 0000000000000000 R09: ffff8880a9d5eec8 [ 251.975135] R10: ffff8880a9d5eea8 R11: ffff8880a9d5e4c0 R12: dffffc0000000000 [ 251.975137] R13: ffff88807e45f6c0 R14: 0000000000000000 R15: ffff88807e45f940 [ 251.975140] FS: 0000000000000000(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000 [ 251.975143] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 251.975146] CR2: 0000000020000610 CR3: 000000000766a000 CR4: 00000000001406e0 [ 251.975149] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 251.975151] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 251.975153] Call Trace: [ 251.975155] ? hhf_dequeue+0x588/0xa60 [ 251.975157] __qdisc_run+0x2b8/0xe00 [ 251.975159] __dev_queue_xmit+0x1571/0x25e0 [ 251.975161] ? __lock_is_held+0xb6/0x140 [ 251.975163] ? check_preemption_disabled+0x3c/0x250 [ 251.975165] ? netdev_pick_tx+0x300/0x300 [ 251.975167] ? save_trace+0x290/0x290 [ 251.975169] ? br_nf_post_routing+0x27d/0xf00 [ 251.975171] ? br_forward_finish+0x1cc/0x320 [ 251.975173] ? find_held_lock+0x35/0x130 [ 251.975175] ? br_forward_finish+0x1cc/0x320 [ 251.975177] dev_queue_xmit+0x18/0x20 [ 251.975179] ? dev_queue_xmit+0x18/0x20 [ 251.975181] br_dev_queue_push_xmit+0x367/0x530 [ 251.975183] br_forward_finish+0xbc/0x320 [ 251.975186] ? br_dev_queue_push_xmit+0x530/0x530 [ 251.975187] ? br_fdb_add.cold+0x84/0x84 [ 251.975189] __br_forward+0x560/0x9c0 [ 251.975192] ? br_forward_finish+0x320/0x320 [ 251.975194] ? br_dev_queue_push_xmit+0x530/0x530 [ 251.975196] deliver_clone+0x61/0xc0 [ 251.975197] br_flood+0x3c8/0x530 [ 251.975199] br_dev_xmit+0x9a4/0xd40 [ 251.975202] ? check_preemption_disabled+0x3c/0x250 [ 251.975203] ? br_poll_controller+0x10/0x10 [ 251.975206] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 251.975208] dev_hard_start_xmit+0x18c/0x8b0 [ 251.975210] ? assoc_array_gc+0x1130/0x11d0 [ 251.975212] __dev_queue_xmit+0x1d95/0x25e0 [ 251.975214] ? trace_hardirqs_on+0x10/0x10 [ 251.975216] ? netdev_pick_tx+0x300/0x300 [ 251.975218] ? ip6_finish_output2+0x9ab/0x21b0 [ 251.975220] ? memcpy+0x46/0x50 [ 251.975222] dev_queue_xmit+0x18/0x20 [ 251.975224] ? dev_queue_xmit+0x18/0x20 [ 251.975226] neigh_resolve_output+0x4d8/0x870 [ 251.975228] ip6_finish_output2+0x9ab/0x21b0 [ 251.975230] ? ip6_forward_finish+0x480/0x480 [ 251.975232] ? lock_downgrade+0x6e0/0x6e0 [ 251.975234] ip6_finish_output+0x4f4/0xb50 [ 251.975236] ? ip6_finish_output+0x4f4/0xb50 [ 251.975238] ip6_output+0x20f/0x6d0 [ 251.975240] ? ip6_finish_output+0xb50/0xb50 [ 251.975242] ? __lock_is_held+0xb6/0x140 [ 251.975244] ? ip6_fragment+0x32c0/0x32c0 [ 251.975246] ndisc_send_skb+0xb56/0x11e0 [ 251.975248] ? ndisc_error_report+0x190/0x190 [ 251.975250] ndisc_send_ns+0x360/0x7e0 [ 251.975252] ? ndisc_netdev_event+0x3b0/0x3b0 [ 251.975254] ? trace_hardirqs_on_caller+0x400/0x590 [ 251.975256] ? addrconf_dad_work+0x97c/0xff0 [ 251.975258] ? trace_hardirqs_on+0xd/0x10 [ 251.975260] ? __local_bh_enable_ip+0x99/0x1a0 [ 251.975262] addrconf_dad_work+0xa40/0xff0 [ 251.975264] ? addrconf_dad_completed+0xa70/0xa70 [ 251.975267] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 251.975268] process_one_work+0x863/0x1600 [ 251.975271] ? pwq_dec_nr_in_flight+0x2e0/0x2e0 [ 251.975272] worker_thread+0x5d9/0x1050 [ 251.975274] kthread+0x319/0x430 [ 251.975276] ? process_one_work+0x1600/0x1600 [ 251.975278] ? kthread_create_on_node+0xd0/0xd0 [ 251.975280] ret_from_fork+0x24/0x30 [ 251.975281] Code: 00 00 48 c7 c7 80 99 6e 86 4c 89 35 eb 3f be 07 41 be f4 ff ff ff e8 13 3c ee ff 48 c7 05 d5 3f be 07 00 00 00 00 e9 2f ec ff ff <65> 48 8b 04 25 40 ee 01 00 48 85 c0 74 1a 65 8b 15 4b fb a4 7e [ 251.975560] rcu_sched kthread starved for 10546 jiffies! g791 c790 f0x0 RCU_GP_WAIT_FQS(3) ->state=0x0 ->cpu=0 [ 252.389295] rcu_sched R running task 29776 9 2 0x80000000 [ 252.396492] Call Trace: [ 252.399083] __schedule+0x7b8/0x1cd0 [ 252.402794] ? pci_mmcfg_check_reserved+0x150/0x150 [ 252.407801] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 252.412895] schedule+0x92/0x1c0 [ 252.416251] schedule_timeout+0x43e/0xe10 [ 252.420389] ? usleep_range+0x130/0x130 [ 252.424349] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 252.429450] ? prepare_to_swait+0xcc/0x100 [ 252.433676] ? call_timer_fn+0x670/0x670 [ 252.437734] rcu_gp_kthread+0xbf4/0x1ec0 [ 252.441800] ? force_qs_rnp+0x4d0/0x4d0 [ 252.445769] kthread+0x319/0x430 [ 252.449121] ? force_qs_rnp+0x4d0/0x4d0 [ 252.453082] ? kthread_create_on_node+0xd0/0xd0 [ 252.457742] ret_from_fork+0x24/0x30