[ 42.630562][ T25] audit: type=1800 audit(1575423537.656:26): pid=7876 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 42.670340][ T25] audit: type=1800 audit(1575423537.666:27): pid=7876 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 42.690343][ T25] audit: type=1800 audit(1575423537.666:28): pid=7876 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 43.448971][ T25] audit: type=1800 audit(1575423538.496:29): pid=7876 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.221' (ECDSA) to the list of known hosts. 2019/12/04 01:39:05 fuzzer started 2019/12/04 01:39:07 dialing manager at 10.128.0.26:42111 2019/12/04 01:39:07 syscalls: 2689 2019/12/04 01:39:07 code coverage: enabled 2019/12/04 01:39:07 comparison tracing: enabled 2019/12/04 01:39:07 extra coverage: extra coverage is not supported by the kernel 2019/12/04 01:39:07 setuid sandbox: enabled 2019/12/04 01:39:07 namespace sandbox: enabled 2019/12/04 01:39:07 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/04 01:39:07 fault injection: enabled 2019/12/04 01:39:07 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/04 01:39:07 net packet injection: enabled 2019/12/04 01:39:07 net device setup: enabled 2019/12/04 01:39:07 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/04 01:39:07 devlink PCI setup: PCI device 0000:00:10.0 is not available 01:39:08 executing program 0: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = socket(0x400040000000015, 0x805, 0x0) getsockopt(r0, 0x114, 0x8, 0x0, &(0x7f0000000000)=0xf0ff7f) 01:39:08 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='ip6_vti0\x00 \x00', 0x10) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @initdev}, 0x10) write$binfmt_elf32(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="4ef27f45294600000033086c0000000000000000014404051166010000003800000000000044130a000b00000800"/56], 0x38) syzkaller login: [ 53.708747][ T8041] IPVS: ftp: loaded support on port[0] = 21 [ 53.849215][ T8041] chnl_net:caif_netlink_parms(): no params data found [ 53.866082][ T8044] IPVS: ftp: loaded support on port[0] = 21 [ 53.919703][ T8041] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.928297][ T8041] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.937134][ T8041] device bridge_slave_0 entered promiscuous mode [ 53.963263][ T8041] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.970478][ T8041] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.978732][ T8041] device bridge_slave_1 entered promiscuous mode 01:39:09 executing program 2: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@struct={0x0, 0x1, 0x0, 0x5, 0x3, 0x0, [{0x0, 0x2, 0x1000000}]}, @enum]}}, &(0x7f00000002c0)=""/236, 0x3e, 0xec, 0x10}, 0x20) [ 54.007254][ T8041] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.018910][ T8041] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.131597][ T8041] team0: Port device team_slave_0 added [ 54.143311][ T8044] chnl_net:caif_netlink_parms(): no params data found [ 54.155303][ T8041] team0: Port device team_slave_1 added [ 54.187427][ T8047] IPVS: ftp: loaded support on port[0] = 21 01:39:09 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() connect$ax25(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) gettid() socketpair$unix(0x1, 0x1, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) fcntl$setown(0xffffffffffffffff, 0x8, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) prctl$PR_SET_SECUREBITS(0x1c, 0x5) setresuid(0x0, 0xee01, 0x0) getgroups(0x0, 0x0) r3 = socket(0x1e, 0x80005, 0x0) ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000040)={'team0\x00\x00\x01\x00', 0x9843}) ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000240)={'team0\x00\x030\xff\xfd\x00%`\xc3\xff\xff', 0xb5}) [ 54.282744][ T8041] device hsr_slave_0 entered promiscuous mode [ 54.400471][ T8041] device hsr_slave_1 entered promiscuous mode 01:39:09 executing program 4: open(&(0x7f0000000100)='./file0\x00', 0x204c2, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='nfs\x00', 0x0, &(0x7f0000000200)='acl\x00\x00') [ 54.509111][ T8049] IPVS: ftp: loaded support on port[0] = 21 [ 54.537970][ T8044] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.547463][ T8044] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.557367][ T8044] device bridge_slave_0 entered promiscuous mode [ 54.595861][ T8044] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.614717][ T8044] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.623256][ T8044] device bridge_slave_1 entered promiscuous mode [ 54.642744][ T8041] netdevsim netdevsim0 netdevsim0: renamed from eth0 01:39:09 executing program 5: r0 = shmget$private(0x0, 0xf000, 0x0, &(0x7f0000000000/0xf000)=nil) shmat(r0, &(0x7f0000001000/0x1000)=nil, 0x6000) mremap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000000f000/0x3000)=nil) mlock(&(0x7f0000005000/0x4000)=nil, 0x4000) madvise(&(0x7f000000e000/0x3000)=nil, 0x3000, 0x9) [ 54.724676][ T8041] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 54.814656][ T8041] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 54.825650][ T8051] IPVS: ftp: loaded support on port[0] = 21 [ 54.876142][ T8053] IPVS: ftp: loaded support on port[0] = 21 [ 54.899655][ T8041] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 54.953672][ T8044] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.966750][ T8044] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.007011][ T8044] team0: Port device team_slave_0 added [ 55.016779][ T8047] chnl_net:caif_netlink_parms(): no params data found [ 55.035496][ T8044] team0: Port device team_slave_1 added [ 55.083997][ T8049] chnl_net:caif_netlink_parms(): no params data found [ 55.119436][ T8047] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.126661][ T8047] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.135049][ T8047] device bridge_slave_0 entered promiscuous mode [ 55.144172][ T8047] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.152056][ T8047] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.160188][ T8047] device bridge_slave_1 entered promiscuous mode [ 55.198891][ T8047] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.210750][ T8047] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.262221][ T8044] device hsr_slave_0 entered promiscuous mode [ 55.290632][ T8044] device hsr_slave_1 entered promiscuous mode [ 55.330403][ T8044] debugfs: Directory 'hsr0' with parent '/' already present! [ 55.377466][ T8047] team0: Port device team_slave_0 added [ 55.416087][ T8049] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.424116][ T8049] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.432622][ T8049] device bridge_slave_0 entered promiscuous mode [ 55.440862][ T8049] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.447919][ T8049] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.456933][ T8049] device bridge_slave_1 entered promiscuous mode [ 55.474400][ T8049] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.485383][ T8047] team0: Port device team_slave_1 added [ 55.506981][ T8051] chnl_net:caif_netlink_parms(): no params data found [ 55.519009][ T8049] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.554925][ T8044] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 55.606918][ T8044] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 55.656643][ T8044] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 55.703484][ T8044] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 55.823161][ T8047] device hsr_slave_0 entered promiscuous mode [ 55.882929][ T8047] device hsr_slave_1 entered promiscuous mode [ 55.920350][ T8047] debugfs: Directory 'hsr0' with parent '/' already present! [ 55.930097][ T8049] team0: Port device team_slave_0 added [ 55.938324][ T8049] team0: Port device team_slave_1 added [ 55.984767][ T8051] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.992233][ T8051] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.001925][ T8051] device bridge_slave_0 entered promiscuous mode [ 56.036636][ T8041] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.045028][ T8051] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.052541][ T8051] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.060965][ T8051] device bridge_slave_1 entered promiscuous mode [ 56.112944][ T8049] device hsr_slave_0 entered promiscuous mode [ 56.150626][ T8049] device hsr_slave_1 entered promiscuous mode [ 56.190337][ T8049] debugfs: Directory 'hsr0' with parent '/' already present! [ 56.213194][ T8041] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.236272][ T8051] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.249351][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.258520][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.281550][ T8051] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.291403][ T8053] chnl_net:caif_netlink_parms(): no params data found [ 56.312227][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.321979][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.331280][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.338613][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.347024][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.356788][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.365429][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.372613][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.380829][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.389671][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.398535][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.407349][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.415996][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.424328][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.458367][ T8041] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 56.469210][ T8041] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.498389][ T8047] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 56.543120][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.552147][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.562688][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.571167][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.579762][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.588507][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.596919][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.606903][ T8051] team0: Port device team_slave_0 added [ 56.614913][ T8051] team0: Port device team_slave_1 added [ 56.692064][ T8051] device hsr_slave_0 entered promiscuous mode [ 56.730553][ T8051] device hsr_slave_1 entered promiscuous mode [ 56.770298][ T8051] debugfs: Directory 'hsr0' with parent '/' already present! [ 56.781877][ T8047] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 56.867134][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 56.875511][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 56.888170][ T8041] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.896817][ T8047] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 56.942510][ T8047] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 56.988210][ T8049] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 57.044177][ T8049] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 57.103233][ T8053] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.111197][ T8053] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.119190][ T8053] device bridge_slave_0 entered promiscuous mode [ 57.127843][ T8053] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.135608][ T8053] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.144935][ T8053] device bridge_slave_1 entered promiscuous mode [ 57.153367][ T8049] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 57.215503][ T8044] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.239588][ T8049] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 57.302262][ T8051] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 57.333122][ T8051] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 57.399531][ T8053] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.417002][ T8051] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 57.466234][ T8051] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 162.440112][ C1] rcu: INFO: rcu_preempt self-detected stall on CPU [ 162.447276][ C1] rcu: 1-...!: (10499 ticks this GP) idle=97e/1/0x4000000000000002 softirq=11061/11061 fqs=6 [ 162.462026][ C1] (t=10502 jiffies g=5937 q=200) [ 162.469900][ C1] rcu: rcu_preempt kthread starved for 10490 jiffies! g5937 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 162.485392][ C1] rcu: RCU grace-period kthread stack dump: [ 162.492941][ C1] rcu_preempt R running task 29032 10 2 0x80004000 [ 162.500944][ C1] Call Trace: [ 162.504245][ C1] __schedule+0x9a0/0xcc0 [ 162.508766][ C1] schedule+0x181/0x210 [ 162.512917][ C1] schedule_timeout+0x14f/0x240 [ 162.517863][ C1] ? run_local_timers+0x120/0x120 [ 162.522891][ C1] rcu_gp_kthread+0xed8/0x1770 [ 162.528206][ C1] kthread+0x332/0x350 [ 162.532472][ C1] ? rcu_report_qs_rsp+0x140/0x140 [ 162.537575][ C1] ? kthread_blkcg+0xe0/0xe0 [ 162.542363][ C1] ret_from_fork+0x24/0x30 [ 162.546785][ C1] NMI backtrace for cpu 1 [ 162.551216][ C1] CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 5.4.0-syzkaller #0 [ 162.559037][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 162.569293][ C1] Workqueue: events_unbound fsnotify_connector_destroy_workfn [ 162.576913][ C1] Call Trace: [ 162.581134][ C1] [ 162.583985][ C1] dump_stack+0x1fb/0x318 [ 162.588322][ C1] nmi_cpu_backtrace+0xaf/0x1a0 [ 162.593170][ C1] ? nmi_trigger_cpumask_backtrace+0x16d/0x290 [ 162.599322][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 162.605409][ C1] nmi_trigger_cpumask_backtrace+0x174/0x290 [ 162.611491][ C1] arch_trigger_cpumask_backtrace+0x10/0x20 [ 162.617382][ C1] rcu_dump_cpu_stacks+0x15a/0x220 [ 162.622493][ C1] rcu_sched_clock_irq+0xe25/0x1ad0 [ 162.627713][ C1] ? trace_hardirqs_off+0x74/0x80 [ 162.632730][ C1] update_process_times+0x12d/0x180 [ 162.638096][ C1] tick_sched_timer+0x263/0x420 [ 162.642936][ C1] ? tick_setup_sched_timer+0x3d0/0x3d0 [ 162.648474][ C1] __hrtimer_run_queues+0x403/0x840 [ 162.653790][ C1] hrtimer_interrupt+0x38c/0xda0 [ 162.659067][ C1] ? debug_smp_processor_id+0x9/0x20 [ 162.664446][ C1] smp_apic_timer_interrupt+0x109/0x280 [ 162.670091][ C1] apic_timer_interrupt+0xf/0x20 [ 162.675210][ C1] [ 162.678425][ C1] RIP: 0010:free_thread_stack+0x16d/0x590 [ 162.684160][ C1] Code: c3 08 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 25 a4 69 00 48 8b 3b be fc ff ff ff e8 28 04 00 00 43 80 3c 2e 00 <74> 08 4c 89 e7 e8 09 a4 69 00 49 8b 1c 24 48 83 c3 08 48 89 d8 48 [ 162.703942][ C1] RSP: 0018:ffffc90000cdf908 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 162.712348][ C1] RAX: ffffffff81487433 RBX: ffff8880a78b0a08 RCX: ffff8880a9da01c0 [ 162.720548][ C1] RDX: 0000000000000000 RSI: 00000000fffffffc RDI: ffffea00022e1200 [ 162.728598][ C1] RBP: ffffc90000cdf940 R08: 000000000003a768 R09: ffffed101513d73f [ 162.736584][ C1] R10: ffffed101513d73f R11: 0000000000000000 R12: ffff8880a78b0aa0 [ 162.744643][ C1] R13: dffffc0000000000 R14: 1ffff11014f16154 R15: ffff8880a89eb9e8 [ 162.752737][ C1] ? mod_memcg_page_state+0x123/0x190 [ 162.758103][ C1] ? free_thread_stack+0x168/0x590 [ 162.763705][ C1] put_task_stack+0xa3/0x130 [ 162.768452][ C1] finish_task_switch+0x3f1/0x550 [ 162.773482][ C1] __schedule+0x9a8/0xcc0 [ 162.777819][ C1] ? ___preempt_schedule+0x16/0x18 [ 162.782978][ C1] preempt_schedule+0xdb/0x120 [ 162.788523][ C1] ___preempt_schedule+0x16/0x18 [ 162.793629][ C1] _raw_spin_unlock_irqrestore+0xcc/0xe0 [ 162.799271][ C1] __call_srcu+0x7ab/0xb00 [ 162.803692][ C1] __synchronize_srcu+0x1cf/0x260 [ 162.809836][ C1] ? rcu_read_lock_any_held+0x1a0/0x1a0 [ 162.815380][ C1] synchronize_srcu+0x2cb/0x2f0 [ 162.820243][ C1] fsnotify_connector_destroy_workfn+0x44/0xb0 [ 162.826512][ C1] process_one_work+0x7ef/0x10d0 [ 162.831477][ C1] worker_thread+0xc01/0x1630 [ 162.836186][ C1] kthread+0x332/0x350 [ 162.840251][ C1] ? rcu_lock_release+0x30/0x30 [ 162.845094][ C1] ? kthread_blkcg+0xe0/0xe0 [ 162.849690][ C1] ret_from_fork+0x24/0x30