[ 43.790843][ T23] audit: type=1800 audit(1575409068.765:25): pid=8051 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 43.820550][ T23] audit: type=1800 audit(1575409068.765:26): pid=8051 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 43.852998][ T23] audit: type=1800 audit(1575409068.765:27): pid=8051 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 43.910149][ T23] audit: type=1800 audit(1575409068.765:28): pid=8051 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.202' (ECDSA) to the list of known hosts. 2019/12/03 21:37:59 fuzzer started 2019/12/03 21:38:01 dialing manager at 10.128.0.26:42111 2019/12/03 21:38:01 syscalls: 2689 2019/12/03 21:38:01 code coverage: enabled 2019/12/03 21:38:01 comparison tracing: enabled 2019/12/03 21:38:01 extra coverage: extra coverage is not supported by the kernel 2019/12/03 21:38:01 setuid sandbox: enabled 2019/12/03 21:38:01 namespace sandbox: enabled 2019/12/03 21:38:01 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/03 21:38:01 fault injection: enabled 2019/12/03 21:38:01 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/03 21:38:01 net packet injection: enabled 2019/12/03 21:38:01 net device setup: enabled 2019/12/03 21:38:01 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/03 21:38:01 devlink PCI setup: PCI device 0000:00:10.0 is not available 21:38:02 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000dc0)={0xa, 0x0, 0x0, @mcast1, 0x6}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000240), 0x4) sendto$inet6(r0, &(0x7f0000000300), 0xfdb8, 0x0, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) 21:38:03 executing program 1: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose, @rose, @bcast]}, 0x48) ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0) syzkaller login: [ 58.041131][ T8213] IPVS: ftp: loaded support on port[0] = 21 21:38:03 executing program 2: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x4, @broadcast, 'ip_vti0\x00'}}, 0x1e) ioctl$PPPOEIOCSFWD(r0, 0x4008b100, &(0x7f0000000080)={0x18, 0x0, {0x0, @dev, '%unl0\x00'}}) [ 58.224376][ T8213] chnl_net:caif_netlink_parms(): no params data found [ 58.241777][ T8216] IPVS: ftp: loaded support on port[0] = 21 [ 58.293009][ T8213] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.314533][ T8213] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.331108][ T8213] device bridge_slave_0 entered promiscuous mode [ 58.357438][ T8213] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.365406][ T8213] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.384236][ T8213] device bridge_slave_1 entered promiscuous mode [ 58.430377][ T8213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.465107][ T8213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.509693][ T8213] team0: Port device team_slave_0 added [ 58.528016][ T8213] team0: Port device team_slave_1 added 21:38:03 executing program 3: mmap(&(0x7f0000000000/0xfd4000)=nil, 0xfd4000, 0x1, 0x40000000000031, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x66, &(0x7f0000000040), 0x4) [ 58.550928][ T8218] IPVS: ftp: loaded support on port[0] = 21 [ 58.678352][ T8213] device hsr_slave_0 entered promiscuous mode 21:38:03 executing program 4: r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x7c, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000100007031dfffd946fa2830020200a0009000100000000010000aba20400ff7e28000000110affffba01000000ff000000000000008be3518546c8243929db2406b20cd37ed01cc0", 0xff04}], 0x1}, 0x0) [ 58.754316][ T8213] device hsr_slave_1 entered promiscuous mode [ 58.881398][ T8216] chnl_net:caif_netlink_parms(): no params data found [ 58.910440][ T8221] IPVS: ftp: loaded support on port[0] = 21 [ 58.919618][ T8223] IPVS: ftp: loaded support on port[0] = 21 [ 58.933424][ T8213] netdevsim netdevsim0 netdevsim0: renamed from eth0 21:38:04 executing program 5: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20, @dev}, 0x80) r1 = socket$inet(0x2, 0x2, 0x0) bind(r1, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x80) [ 59.020768][ T8213] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 59.087052][ T8213] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 59.157865][ T8213] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 59.250531][ T8225] IPVS: ftp: loaded support on port[0] = 21 [ 59.275107][ T8213] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.282370][ T8213] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.290565][ T8213] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.297830][ T8213] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.308637][ T47] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.317227][ T47] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.327595][ T8216] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.335797][ T8216] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.343704][ T8216] device bridge_slave_0 entered promiscuous mode [ 59.352912][ T8216] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.360922][ T8216] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.370892][ T8216] device bridge_slave_1 entered promiscuous mode [ 59.415197][ T8216] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.458129][ T8216] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.497356][ T8218] chnl_net:caif_netlink_parms(): no params data found [ 59.519141][ T8216] team0: Port device team_slave_0 added [ 59.533402][ T8216] team0: Port device team_slave_1 added [ 59.569857][ T8221] chnl_net:caif_netlink_parms(): no params data found [ 59.636266][ T8216] device hsr_slave_0 entered promiscuous mode [ 59.673852][ T8216] device hsr_slave_1 entered promiscuous mode [ 59.733780][ T8216] debugfs: Directory 'hsr0' with parent '/' already present! [ 59.751515][ T8213] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.791023][ T8218] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.799651][ T8218] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.808867][ T8218] device bridge_slave_0 entered promiscuous mode [ 59.858285][ T8218] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.865483][ T8218] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.873060][ T8218] device bridge_slave_1 entered promiscuous mode [ 59.898105][ T8218] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.928793][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.938436][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.961327][ T8218] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.984135][ T8218] team0: Port device team_slave_0 added [ 59.993780][ T8218] team0: Port device team_slave_1 added [ 60.000041][ T8225] chnl_net:caif_netlink_parms(): no params data found [ 60.011837][ T8216] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 60.066453][ T8221] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.073695][ T8221] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.081318][ T8221] device bridge_slave_0 entered promiscuous mode [ 60.097470][ T8213] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.122072][ T8216] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 60.197587][ T8221] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.205098][ T8221] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.213265][ T8221] device bridge_slave_1 entered promiscuous mode [ 60.230444][ T8231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 60.240279][ T8231] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.252502][ T8231] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.260438][ T8231] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.315310][ T8218] device hsr_slave_0 entered promiscuous mode [ 60.364031][ T8218] device hsr_slave_1 entered promiscuous mode [ 60.423676][ T8218] debugfs: Directory 'hsr0' with parent '/' already present! [ 60.442908][ T8216] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 60.505928][ T8216] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 60.554194][ T8221] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.567037][ T8231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.575643][ T8231] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.584344][ T8231] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.591375][ T8231] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.605111][ T8223] chnl_net:caif_netlink_parms(): no params data found [ 60.616305][ T8221] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.646179][ T8225] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.654376][ T8225] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.662160][ T8225] device bridge_slave_0 entered promiscuous mode [ 60.670467][ T8226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 60.680384][ T8226] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 60.689103][ T8226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 60.698702][ T8226] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.707294][ T8226] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.716171][ T8226] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.729600][ T8226] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.745748][ T8225] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.753042][ T8225] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.764611][ T8225] device bridge_slave_1 entered promiscuous mode [ 60.779138][ T8221] team0: Port device team_slave_0 added [ 60.790750][ T8221] team0: Port device team_slave_1 added [ 60.798150][ T3744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 60.808084][ T3744] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.828451][ T8213] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 60.840102][ T8213] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 60.879197][ T3744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 60.889498][ T3744] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 60.911195][ T8225] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.921740][ T8218] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 61.045895][ T8221] device hsr_slave_0 entered promiscuous mode [ 61.093954][ T8221] device hsr_slave_1 entered promiscuous mode [ 61.153734][ T8221] debugfs: Directory 'hsr0' with parent '/' already present! [ 61.162722][ T8225] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.172353][ T8223] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.181225][ T8223] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.189053][ T8223] device bridge_slave_0 entered promiscuous mode [ 61.204801][ T8218] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 61.257401][ T8218] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 61.310139][ T8218] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 61.365724][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 61.373139][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 61.381229][ T8223] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.388722][ T8223] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.396824][ T8223] device bridge_slave_1 entered promiscuous mode [ 61.447380][ T8213] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.456729][ T8225] team0: Port device team_slave_0 added [ 61.467891][ T8223] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.491015][ T8225] team0: Port device team_slave_1 added [ 61.508234][ T8223] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.586388][ T8225] device hsr_slave_0 entered promiscuous mode [ 61.633853][ T8225] device hsr_slave_1 entered promiscuous mode [ 61.673638][ T8225] debugfs: Directory 'hsr0' with parent '/' already present! [ 61.687020][ T8221] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 61.727460][ T8221] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 61.815059][ T8223] team0: Port device team_slave_0 added [ 61.831632][ T8221] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 166.833475][ C0] rcu: INFO: rcu_preempt self-detected stall on CPU [ 166.840700][ C0] rcu: 0-...!: (10499 ticks this GP) idle=87a/1/0x4000000000000002 softirq=10900/10900 fqs=1 [ 166.853016][ C0] (t=10501 jiffies g=6193 q=72) [ 166.858506][ C0] rcu: rcu_preempt kthread starved for 10500 jiffies! g6193 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 166.870680][ C0] rcu: RCU grace-period kthread stack dump: [ 166.876606][ C0] rcu_preempt R running task 29032 10 2 0x80004000 [ 166.885161][ C0] Call Trace: [ 166.888676][ C0] __schedule+0x9a0/0xcc0 [ 166.893619][ C0] schedule+0x181/0x210 [ 166.897784][ C0] schedule_timeout+0x14f/0x240 [ 166.902805][ C0] ? run_local_timers+0x120/0x120 [ 166.907936][ C0] rcu_gp_kthread+0xed8/0x1770 [ 166.912707][ C0] kthread+0x332/0x350 [ 166.917086][ C0] ? rcu_report_qs_rsp+0x140/0x140 [ 166.923416][ C0] ? kthread_blkcg+0xe0/0xe0 [ 166.931020][ C0] ret_from_fork+0x24/0x30 [ 166.937105][ C0] NMI backtrace for cpu 0 [ 166.943392][ C0] CPU: 0 PID: 4081 Comm: udevd Not tainted 5.4.0-syzkaller #0 [ 166.954120][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 166.967593][ C0] Call Trace: [ 166.972229][ C0] [ 166.976778][ C0] dump_stack+0x1fb/0x318 [ 166.982393][ C0] nmi_cpu_backtrace+0xaf/0x1a0 [ 166.988473][ C0] ? nmi_trigger_cpumask_backtrace+0x16d/0x290 [ 166.995372][ C0] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 167.001801][ C0] nmi_trigger_cpumask_backtrace+0x174/0x290 [ 167.007959][ C0] arch_trigger_cpumask_backtrace+0x10/0x20 [ 167.013940][ C0] rcu_dump_cpu_stacks+0x15a/0x220 [ 167.019875][ C0] rcu_sched_clock_irq+0xe25/0x1ad0 [ 167.025782][ C0] ? trace_hardirqs_off+0x74/0x80 [ 167.031287][ C0] update_process_times+0x12d/0x180 [ 167.036727][ C0] tick_sched_timer+0x263/0x420 [ 167.043923][ C0] ? tick_setup_sched_timer+0x3d0/0x3d0 [ 167.049706][ C0] __hrtimer_run_queues+0x403/0x840 [ 167.055010][ C0] hrtimer_interrupt+0x38c/0xda0 [ 167.062779][ C0] ? debug_smp_processor_id+0x9/0x20 [ 167.068471][ C0] smp_apic_timer_interrupt+0x109/0x280 [ 167.074422][ C0] apic_timer_interrupt+0xf/0x20 [ 167.079815][ C0] [ 167.083734][ C0] RIP: 0010:mod_memcg_page_state+0x16/0x190 [ 167.090638][ C0] Code: 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 54 53 41 89 f6 48 89 fb e8 da 28 2e 00 <48> 83 c3 38 48 89 d8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 [ 167.113302][ C0] RSP: 0018:ffffc900018f7ae0 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13 [ 167.125035][ C0] RAX: ffffffff81487326 RBX: ffffea0002475d40 RCX: ffff888094f5c140 [ 167.135968][ C0] RDX: 0000000000000000 RSI: 00000000fffffffc RDI: ffffea0002475d40 [ 167.145067][ C0] RBP: ffffc900018f7b00 R08: dffffc0000000000 R09: fffffbfff120248a [ 167.153840][ C0] R10: fffffbfff120248a R11: 0000000000000000 R12: ffff8880a233e2a0 [ 167.163654][ C0] R13: dffffc0000000000 R14: 00000000fffffffc R15: ffff888096927568 [ 167.173087][ C0] ? mod_memcg_page_state+0x16/0x190 [ 167.179293][ C0] free_thread_stack+0x168/0x590 [ 167.186000][ C0] put_task_stack+0xa3/0x130 [ 167.191722][ C0] finish_task_switch+0x3f1/0x550 [ 167.197621][ C0] __schedule+0x9a8/0xcc0 [ 167.204758][ C0] schedule+0x181/0x210 [ 167.209455][ C0] schedule_hrtimeout_range_clock+0x108/0x510 [ 167.215630][ C0] ? _raw_spin_unlock_irq+0x22/0x80 [ 167.221139][ C0] schedule_hrtimeout_range+0x2a/0x40 [ 167.228152][ C0] ep_poll+0xa4d/0xe80 [ 167.232875][ C0] ? debug_smp_processor_id+0x1c/0x20 [ 167.238256][ C0] ? do_task_dead+0xc0/0xc0 [ 167.243417][ C0] do_epoll_wait+0x1ee/0x260 [ 167.248313][ C0] __x64_sys_epoll_wait+0x9a/0xb0 [ 167.255877][ C0] do_syscall_64+0xf7/0x1c0 [ 167.261926][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 167.272663][ C0] RIP: 0033:0x7fc67df6f943 [ 167.278400][ C0] Code: 00 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 90 90 90 90 90 90 83 3d b5 dc 2a 00 00 75 13 49 89 ca b8 e8 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 34 c3 48 83 ec 08 e8 3b c4 00 00 48 89 04 24 [ 167.307810][ C0] RSP: 002b:00007fffa7a27098 EFLAGS: 00000246 ORIG_RAX: 00000000000000e8 [ 167.318789][ C0] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fc67df6f943 [ 167.329825][ C0] RDX: 0000000000000008 RSI: 00007fffa7a27190 RDI: 000000000000000a [ 167.340686][ C0] RBP: 0000000001477fd0 R08: 00007fc67e85b7a0 R09: 0000000000000000 [ 167.351301][ C0] R10: 00000000ffffffff R11: 0000000000000246 R12: 000000000000174e [ 167.362240][ C0] R13: 00000000014681f4 R14: 0000000000000000 R15: 0000000001468250