[ 32.288456] audit: type=1800 audit(1567910034.050:33): pid=6815 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 32.316257] audit: type=1800 audit(1567910034.060:34): pid=6815 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 36.965685] random: sshd: uninitialized urandom read (32 bytes read) [ 37.209118] audit: type=1400 audit(1567910038.970:35): avc: denied { map } for pid=6989 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 37.252279] random: sshd: uninitialized urandom read (32 bytes read) [ 37.771988] random: sshd: uninitialized urandom read (32 bytes read) [ 159.932126] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.145' (ECDSA) to the list of known hosts. [ 165.511338] random: sshd: uninitialized urandom read (32 bytes read) [ 165.633494] audit: type=1400 audit(1567910167.400:36): avc: denied { map } for pid=7001 comm="syz-executor532" path="/root/syz-executor532739498" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 165.871069] IPVS: ftp: loaded support on port[0] = 21 [ 166.644061] chnl_net:caif_netlink_parms(): no params data found [ 166.677799] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.685618] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.694049] device bridge_slave_0 entered promiscuous mode [ 166.701309] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.707990] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.715500] device bridge_slave_1 entered promiscuous mode [ 166.730443] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 166.740783] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 166.757263] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 166.765530] team0: Port device team_slave_0 added [ 166.771192] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 166.778326] team0: Port device team_slave_1 added [ 166.784213] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 166.791621] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 166.852097] device hsr_slave_0 entered promiscuous mode [ 166.900369] device hsr_slave_1 entered promiscuous mode [ 166.940537] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 166.947659] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 166.961543] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.968205] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.975429] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.982055] bridge0: port 1(bridge_slave_0) entered forwarding state [ 167.007887] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 167.014336] 8021q: adding VLAN 0 to HW filter on device bond0 [ 167.022383] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 167.032071] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 167.041411] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.049008] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.058400] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 167.064671] 8021q: adding VLAN 0 to HW filter on device team0 [ 167.075351] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 167.083428] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.090626] bridge0: port 1(bridge_slave_0) entered forwarding state [ 167.099735] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 167.108372] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.115932] bridge0: port 2(bridge_slave_1) entered forwarding state [ 167.129463] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 167.138434] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 167.152991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 167.166017] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 167.177368] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 167.189537] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 167.196048] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready executing program [ 167.203937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 167.211781] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 167.223240] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 167.234950] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 272.290029] INFO: rcu_preempt self-detected stall on CPU [ 272.295641] 1-...: (10499 ticks this GP) idle=1ea/140000000000001/0 softirq=10851/10851 fqs=2 [ 272.304513] (t=10500 jiffies g=1124 c=1123 q=8) [ 272.309360] rcu_preempt kthread starved for 10495 jiffies! g1124 c1123 f0x0 RCU_GP_WAIT_FQS(3) ->state=0x402 ->cpu=0 [ 272.320011] rcu_preempt I29776 8 2 0x80000000 [ 272.325666] Call Trace: [ 272.328389] __schedule+0x7b8/0x1cd0 [ 272.332102] ? pci_mmcfg_check_reserved+0x150/0x150 [ 272.337110] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 272.342209] schedule+0x92/0x1c0 [ 272.345566] schedule_timeout+0x43e/0xe10 [ 272.349704] ? usleep_range+0x130/0x130 [ 272.353739] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 272.358912] ? prepare_to_swait+0xcc/0x100 [ 272.363144] ? call_timer_fn+0x670/0x670 [ 272.367205] rcu_gp_kthread+0xbf4/0x1ec0 [ 272.371332] ? force_qs_rnp+0x4d0/0x4d0 [ 272.375389] kthread+0x319/0x430 [ 272.378745] ? force_qs_rnp+0x4d0/0x4d0 [ 272.382708] ? kthread_create_on_node+0xd0/0xd0 [ 272.387368] ret_from_fork+0x24/0x30 [ 272.391291] NMI backtrace for cpu 1 [ 272.395094] CPU: 1 PID: 23 Comm: kworker/1:1 Not tainted 4.14.142 #0 [ 272.401754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 272.411226] Workqueue: ipv6_addrconf addrconf_dad_work [ 272.416503] Call Trace: [ 272.419082] [ 272.421264] dump_stack+0x138/0x197 [ 272.424897] nmi_cpu_backtrace.cold+0x57/0x94 [ 272.429389] ? irq_force_complete_move.cold+0x7d/0x7d [ 272.434578] nmi_trigger_cpumask_backtrace+0x141/0x189 [ 272.439860] arch_trigger_cpumask_backtrace+0x14/0x20 [ 272.445056] rcu_dump_cpu_stacks+0x186/0x1d2 [ 272.449459] rcu_check_callbacks.cold+0x43d/0xd0a [ 272.454293] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 272.459740] update_process_times+0x31/0x70 [ 272.464058] tick_sched_handle+0x85/0x160 [ 272.468243] tick_sched_timer+0x43/0x130 [ 272.472385] __hrtimer_run_queues+0x270/0xbc0 [ 272.476881] ? tick_sched_do_timer+0xe0/0xe0 [ 272.481401] ? hrtimer_start_range_ns+0x10d0/0x10d0 [ 272.486414] hrtimer_interrupt+0x1d8/0x5d0 [ 272.490699] smp_apic_timer_interrupt+0x11c/0x5e0 [ 272.495536] apic_timer_interrupt+0x96/0xa0 [ 272.499863] [ 272.502097] RIP: 0010:__list_del_entry_valid+0x89/0xf5 [ 272.507359] RSP: 0018:ffff8880a9e56fe8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 [ 272.515062] RAX: dffffc0000000000 RBX: ffff888098d28af8 RCX: 0000000000000000 [ 272.522575] RDX: 1ffff110131a5172 RSI: ffff888098d28b90 RDI: ffff888098d28b00 [ 272.529847] RBP: ffff8880a9e57000 R08: 0000000000000000 R09: ffff8880a9e3f008 [ 272.537126] R10: ffff8880a9e3efe8 R11: ffff8880a9e3e600 R12: ffff888098d28b90 [ 272.544397] R13: ffff888098d28b90 R14: ffff888098d28af8 R15: ffff888098d28b80 [ 272.551754] hhf_dequeue+0x57f/0xa60 [ 272.555531] __qdisc_run+0x2b8/0xe00 [ 272.559444] __dev_queue_xmit+0x1571/0x25e0 [ 272.563939] ? __lock_is_held+0xb6/0x140 [ 272.568001] ? check_preemption_disabled+0x3c/0x250 [ 272.573024] ? netdev_pick_tx+0x300/0x300 [ 272.577283] ? save_trace+0x290/0x290 [ 272.581168] ? br_nf_post_routing+0x27d/0xf00 [ 272.585937] ? br_forward_finish+0x1cc/0x320 [ 272.590362] ? find_held_lock+0x35/0x130 [ 272.594521] ? br_forward_finish+0x1cc/0x320 [ 272.598949] dev_queue_xmit+0x18/0x20 [ 272.602740] ? dev_queue_xmit+0x18/0x20 [ 272.606797] br_dev_queue_push_xmit+0x367/0x530 [ 272.611458] br_forward_finish+0xbc/0x320 [ 272.615709] ? br_dev_queue_push_xmit+0x530/0x530 [ 272.620541] ? br_fdb_add.cold+0x84/0x84 [ 272.624592] __br_forward+0x560/0x9c0 [ 272.628429] ? br_forward_finish+0x320/0x320 [ 272.632929] ? br_dev_queue_push_xmit+0x530/0x530 [ 272.637763] deliver_clone+0x61/0xc0 [ 272.641680] br_flood+0x3c8/0x530 [ 272.645128] br_dev_xmit+0x9a4/0xd40 [ 272.648834] ? check_preemption_disabled+0x3c/0x250 [ 272.653845] ? br_poll_controller+0x10/0x10 [ 272.658156] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 272.663602] dev_hard_start_xmit+0x18c/0x8b0 [ 272.668009] ? assoc_array_gc+0x1130/0x11d0 [ 272.672324] __dev_queue_xmit+0x1d95/0x25e0 [ 272.676642] ? trace_hardirqs_on+0x10/0x10 [ 272.680886] ? netdev_pick_tx+0x300/0x300 [ 272.685029] ? ip6_finish_output2+0x9ab/0x21b0 [ 272.689603] ? memcpy+0x46/0x50 [ 272.692962] dev_queue_xmit+0x18/0x20 [ 272.696750] ? dev_queue_xmit+0x18/0x20 [ 272.700765] neigh_resolve_output+0x4d8/0x870 [ 272.705259] ip6_finish_output2+0x9ab/0x21b0 [ 272.709676] ? ip6_forward_finish+0x480/0x480 [ 272.714162] ? lock_downgrade+0x6e0/0x6e0 [ 272.718350] ip6_finish_output+0x4f4/0xb50 [ 272.722574] ? ip6_finish_output+0x4f4/0xb50 [ 272.727066] ip6_output+0x20f/0x6d0 [ 272.730685] ? ip6_finish_output+0xb50/0xb50 [ 272.735138] ? __lock_is_held+0xb6/0x140 [ 272.739190] ? ip6_fragment+0x32c0/0x32c0 [ 272.743378] ndisc_send_skb+0xb56/0x11e0 [ 272.747440] ? ndisc_error_report+0x190/0x190 [ 272.751932] ndisc_send_ns+0x360/0x7e0 [ 272.755819] ? ndisc_netdev_event+0x3b0/0x3b0 [ 272.760317] ? trace_hardirqs_on_caller+0x400/0x590 [ 272.765325] ? addrconf_dad_work+0x97c/0xff0 [ 272.769724] ? trace_hardirqs_on+0xd/0x10 [ 272.773863] ? __local_bh_enable_ip+0x99/0x1a0 [ 272.778436] addrconf_dad_work+0xa40/0xff0 [ 272.782660] ? addrconf_dad_completed+0xa70/0xa70 [ 272.787495] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 272.792939] process_one_work+0x863/0x1600 [ 272.797167] ? pwq_dec_nr_in_flight+0x2e0/0x2e0 [ 272.801826] worker_thread+0x5d9/0x1050 [ 272.805798] kthread+0x319/0x430 [ 272.809158] ? process_one_work+0x1600/0x1600 [ 272.813643] ? kthread_create_on_node+0xd0/0xd0 [ 272.818305] ret_from_fork+0x24/0x30