[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 37.717458] audit: type=1800 audit(1568674179.875:33): pid=7467 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 37.758697] audit: type=1800 audit(1568674179.885:34): pid=7467 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 42.684134] audit: type=1400 audit(1568674184.845:35): avc: denied { map } for pid=7645 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.45' (ECDSA) to the list of known hosts. [ 281.933082] audit: type=1400 audit(1568674424.095:36): avc: denied { map } for pid=7657 comm="syz-executor744" path="/root/syz-executor744431311" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 281.963188] IPVS: ftp: loaded support on port[0] = 21 [ 282.017149] chnl_net:caif_netlink_parms(): no params data found [ 282.047889] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.055301] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.062457] device bridge_slave_0 entered promiscuous mode [ 282.069364] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.075784] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.082648] device bridge_slave_1 entered promiscuous mode [ 282.097824] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 282.107084] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 282.123156] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 282.130905] team0: Port device team_slave_0 added [ 282.136253] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 282.143590] team0: Port device team_slave_1 added [ 282.148767] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 282.156161] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 282.211500] device hsr_slave_0 entered promiscuous mode [ 282.260158] device hsr_slave_1 entered promiscuous mode [ 282.330263] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 282.337209] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 282.354288] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.360891] bridge0: port 2(bridge_slave_1) entered forwarding state [ 282.368239] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.374813] bridge0: port 1(bridge_slave_0) entered forwarding state [ 282.407479] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 282.414927] 8021q: adding VLAN 0 to HW filter on device bond0 [ 282.423501] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 282.434327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 282.453668] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.461889] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.469219] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 282.480206] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 282.486327] 8021q: adding VLAN 0 to HW filter on device team0 [ 282.496739] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 282.504681] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.511215] bridge0: port 1(bridge_slave_0) entered forwarding state [ 282.521232] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 282.529001] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.535476] bridge0: port 2(bridge_slave_1) entered forwarding state [ 282.550226] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 282.558227] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 282.568343] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 282.579361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 282.592198] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 282.602071] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready executing program [ 282.608126] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 282.622520] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 282.633661] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 387.649631] rcu: INFO: rcu_preempt self-detected stall on CPU [ 387.655998] rcu: 1-....: (1 GPs behind) idle=7b6/1/0x4000000000000002 softirq=11200/11201 fqs=5250 [ 387.665558] rcu: (t=10502 jiffies g=5317 q=197) [ 387.670644] NMI backtrace for cpu 1 [ 387.674461] CPU: 1 PID: 7658 Comm: syz-executor744 Not tainted 4.19.73 #0 [ 387.681376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 387.691132] Call Trace: [ 387.693734] [ 387.696041] dump_stack+0x172/0x1f0 [ 387.699692] nmi_cpu_backtrace.cold+0x63/0xa4 [ 387.704251] ? lapic_can_unplug_cpu.cold+0x45/0x45 [ 387.709201] nmi_trigger_cpumask_backtrace+0x1b0/0x1f8 [ 387.714483] arch_trigger_cpumask_backtrace+0x14/0x20 [ 387.719729] rcu_dump_cpu_stacks+0x189/0x1d5 [ 387.724162] rcu_check_callbacks.cold+0x5e3/0xd90 [ 387.729052] ? trace_hardirqs_off+0x62/0x220 [ 387.733495] update_process_times+0x32/0x80 [ 387.737839] tick_sched_handle+0xa2/0x190 [ 387.741986] tick_sched_timer+0x47/0x130 [ 387.746067] __hrtimer_run_queues+0x33b/0xdc0 [ 387.750575] ? tick_sched_do_timer+0x1b0/0x1b0 [ 387.755153] ? hrtimer_fixup_activate+0x30/0x30 [ 387.759883] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 387.764899] ? ktime_get_update_offsets_now+0x2d3/0x440 [ 387.770277] hrtimer_interrupt+0x314/0x770 [ 387.774734] smp_apic_timer_interrupt+0x111/0x550 [ 387.779576] apic_timer_interrupt+0xf/0x20 [ 387.783804] [ 387.786111] RIP: 0010:hhf_dequeue+0x636/0xa00 [ 387.790668] Code: 48 c1 ea 03 42 80 3c 22 00 0f 85 7c 03 00 00 4d 89 3e e8 4d a4 dc fb 4d 8d b5 58 03 00 00 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 <0f> 85 4e 03 00 00 4d 8b bd 58 03 00 00 48 89 df 48 8b 55 c8 4c 89 [ 387.809672] RSP: 0018:ffff8880a098f358 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 387.817377] RAX: 1ffff11010cfdeb3 RBX: ffff8880867ef4f8 RCX: ffffffff858ebde6 [ 387.824636] RDX: 0000000000000000 RSI: ffffffff858ebe53 RDI: ffff8880867ef598 [ 387.831900] RBP: ffff8880a098f3a8 R08: ffff88809de60580 R09: 0000000000000003 [ 387.839162] R10: ffff88809de60e78 R11: 000000000e8614fd R12: dffffc0000000000 [ 387.846429] R13: ffff8880867ef240 R14: ffff8880867ef598 R15: ffff8880867ef590 [ 387.853723] ? hhf_dequeue+0x5b6/0xa00 [ 387.857615] ? hhf_dequeue+0x623/0xa00 [ 387.861498] ? hhf_dequeue+0x623/0xa00 [ 387.865426] __qdisc_run+0x1e7/0x1960 [ 387.869324] __dev_queue_xmit+0x165c/0x2fe0 [ 387.873773] ? mark_held_locks+0x100/0x100 [ 387.878007] ? netdev_pick_tx+0x300/0x300 [ 387.882199] ? __copy_skb_header+0x33d/0x560 [ 387.886603] ? skb_checksum+0xc0/0xc0 [ 387.890397] ? rcu_read_lock_sched_held+0x110/0x130 [ 387.895456] ? kasan_check_write+0x14/0x20 [ 387.899700] ? __skb_clone+0x613/0x870 [ 387.903592] dev_queue_xmit+0x18/0x20 [ 387.907387] ? dev_queue_xmit+0x18/0x20 [ 387.911394] netlink_deliver_tap+0x910/0xc20 [ 387.915988] __netlink_sendskb+0x68/0xc0 [ 387.920129] netlink_unicast+0x616/0x720 [ 387.924265] ? netlink_attachskb+0x770/0x770 [ 387.928682] netlink_ack+0x645/0xb30 [ 387.932416] ? netlink_sendmsg+0xd70/0xd70 [ 387.936653] ? netlink_deliver_tap+0x22d/0xc20 [ 387.941290] ? find_held_lock+0x35/0x130 [ 387.945362] netlink_rcv_skb+0x382/0x460 [ 387.949489] ? rtnetlink_put_metrics+0x560/0x560 [ 387.959480] ? netlink_ack+0xb30/0xb30 [ 387.963403] ? kasan_check_read+0x11/0x20 [ 387.967643] ? netlink_deliver_tap+0x254/0xc20 [ 387.972222] rtnetlink_rcv+0x1d/0x30 [ 387.975928] netlink_unicast+0x537/0x720 [ 387.980019] ? netlink_attachskb+0x770/0x770 [ 387.984425] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 387.989990] netlink_sendmsg+0x8ae/0xd70 [ 387.994052] ? netlink_unicast+0x720/0x720 [ 387.998391] ? selinux_socket_sendmsg+0x36/0x40 [ 388.003061] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 388.008610] ? security_socket_sendmsg+0x8d/0xc0 [ 388.013372] ? netlink_unicast+0x720/0x720 [ 388.017598] sock_sendmsg+0xd7/0x130 [ 388.021303] ___sys_sendmsg+0x803/0x920 [ 388.025265] ? copy_msghdr_from_user+0x430/0x430 [ 388.030109] ? sock_ioctl+0x345/0x610 [ 388.033902] ? dlci_ioctl_set+0x40/0x40 [ 388.037907] ? __handle_mm_fault+0x7d1/0x3f80 [ 388.042423] ? __might_sleep+0x95/0x190 [ 388.046401] ? dlci_ioctl_set+0x40/0x40 [ 388.050366] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 388.055895] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 388.061439] ? __fget_light+0x1a9/0x230 [ 388.065411] ? __fdget+0x1b/0x20 [ 388.068768] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 388.074302] __sys_sendmsg+0x105/0x1d0 [ 388.078182] ? __ia32_sys_shutdown+0x80/0x80 [ 388.082580] ? up_read+0x1a/0x110 [ 388.086070] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 388.090837] ? do_syscall_64+0x26/0x620 [ 388.094803] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 388.100351] ? do_syscall_64+0x26/0x620 [ 388.104327] __x64_sys_sendmsg+0x78/0xb0 [ 388.108383] do_syscall_64+0xfd/0x620 [ 388.112175] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 388.117367] RIP: 0033:0x441b19 [ 388.120556] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 388.139461] RSP: 002b:00007ffe6764dd78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 388.147180] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441b19 [ 388.154454] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 388.161724] RBP: 00007ffe6764dd90 R08: 0000000001bbbbbb R09: 0000000001bbbbbb [ 388.168992] R10: 0000000001bbbbbb R11: 0000000000000246 R12: 0000000000000000 [ 388.176260] R13: 00000000004030b0 R14: 0000000000000000 R15: 0000000000000000