[   39.717857][   T25] audit: type=1800 audit(1575370683.047:27): pid=7918 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   39.766297][   T25] audit: type=1800 audit(1575370683.047:28): pid=7918 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   40.211911][   T25] audit: type=1800 audit(1575370683.627:29): pid=7918 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   40.231752][   T25] audit: type=1800 audit(1575370683.627:30): pid=7918 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.16' (ECDSA) to the list of known hosts.
2019/12/03 10:58:14 fuzzer started
2019/12/03 10:58:15 dialing manager at 10.128.0.26:38907
2019/12/03 10:58:15 syscalls: 2697
2019/12/03 10:58:15 code coverage: enabled
2019/12/03 10:58:15 comparison tracing: enabled
2019/12/03 10:58:15 extra coverage: extra coverage is not supported by the kernel
2019/12/03 10:58:15 setuid sandbox: enabled
2019/12/03 10:58:15 namespace sandbox: enabled
2019/12/03 10:58:15 Android sandbox: /sys/fs/selinux/policy does not exist
2019/12/03 10:58:15 fault injection: enabled
2019/12/03 10:58:15 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/12/03 10:58:15 net packet injection: enabled
2019/12/03 10:58:15 net device setup: enabled
2019/12/03 10:58:15 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2019/12/03 10:58:15 devlink PCI setup: PCI device 0000:00:10.0 is not available
10:58:16 executing program 0:
r0 = socket$unix(0x1, 0x2, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
rseq(&(0x7f0000000180), 0x20, 0x1, 0x0)

10:58:16 executing program 1:
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000240)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_QBUF(r0, 0xc058560f, &(0x7f00000001c0)={0x0, 0xc, 0x4, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "d411c052"}, 0x0, 0x0, @userptr, 0x4})

syzkaller login: [   53.362877][ T8083] IPVS: ftp: loaded support on port[0] = 21
10:58:16 executing program 2:
r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000005480))

[   53.514463][ T8085] IPVS: ftp: loaded support on port[0] = 21
[   53.523340][ T8083] chnl_net:caif_netlink_parms(): no params data found
[   53.622750][ T8083] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.632568][ T8083] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.641517][ T8083] device bridge_slave_0 entered promiscuous mode
[   53.669773][ T8083] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.687170][ T8083] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.696603][ T8083] device bridge_slave_1 entered promiscuous mode
[   53.734793][ T8088] IPVS: ftp: loaded support on port[0] = 21
[   53.747714][ T8083] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.788148][ T8083] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
10:58:17 executing program 3:
r0 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
r1 = open(&(0x7f0000000040)='./file0\x00', 0xfc, 0x0)
dup3(r1, r0, 0x0)

[   53.842659][ T8085] chnl_net:caif_netlink_parms(): no params data found
[   53.857402][ T8083] team0: Port device team_slave_0 added
[   53.866556][ T8083] team0: Port device team_slave_1 added
[   53.980360][ T8083] device hsr_slave_0 entered promiscuous mode
[   54.009319][ T8083] device hsr_slave_1 entered promiscuous mode
10:58:17 executing program 4:
syz_read_part_table(0x0, 0xaaaaaaaaaaaac47, &(0x7f0000000080)=[{&(0x7f0000000000)="020182ffffff0a000000ff07000000ffffffa5000800000000000000004000ffffff85000000e1000000887700720030b5829237c30000000000008000da55aa", 0x40, 0x1c0}])

[   54.070685][ T8085] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.078896][ T8085] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.086704][ T8085] device bridge_slave_0 entered promiscuous mode
[   54.098325][ T8085] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.105434][ T8085] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.135682][ T8085] device bridge_slave_1 entered promiscuous mode
[   54.185507][ T8091] IPVS: ftp: loaded support on port[0] = 21
[   54.194211][ T8085] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.253016][ T8085] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.303212][ T8083] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   54.361427][ T8083] netdevsim netdevsim0 netdevsim1: renamed from eth1
10:58:17 executing program 5:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
clone(0x54041bc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = getpid()
r3 = gettid()
tkill(r3, 0x14)
ptrace(0x4206, r2)
ptrace$getregs(0xe, r3, 0x0, &(0x7f0000000000)=""/4096)

[   54.403375][ T8083] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   54.450311][ T8083] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   54.529451][ T8088] chnl_net:caif_netlink_parms(): no params data found
[   54.540808][ T8085] team0: Port device team_slave_0 added
[   54.555145][ T8095] IPVS: ftp: loaded support on port[0] = 21
[   54.574067][ T8085] team0: Port device team_slave_1 added
[   54.575068][ T8097] IPVS: ftp: loaded support on port[0] = 21
[   54.605947][ T8088] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.613303][ T8088] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.621217][ T8088] device bridge_slave_0 entered promiscuous mode
[   54.628759][ T8088] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.635807][ T8088] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.643630][ T8088] device bridge_slave_1 entered promiscuous mode
[   54.662228][ T8088] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.685919][ T8088] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.749752][ T8085] device hsr_slave_0 entered promiscuous mode
[   54.787419][ T8085] device hsr_slave_1 entered promiscuous mode
[   54.837328][ T8085] debugfs: Directory 'hsr0' with parent '/' already present!
[   54.879496][ T8088] team0: Port device team_slave_0 added
[   54.923090][ T8088] team0: Port device team_slave_1 added
[   54.942833][ T8083] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.950530][ T8091] chnl_net:caif_netlink_parms(): no params data found
[   55.060087][ T8088] device hsr_slave_0 entered promiscuous mode
[   55.097426][ T8088] device hsr_slave_1 entered promiscuous mode
[   55.157623][ T8088] debugfs: Directory 'hsr0' with parent '/' already present!
[   55.175595][ T8095] chnl_net:caif_netlink_parms(): no params data found
[   55.196289][ T8083] 8021q: adding VLAN 0 to HW filter on device team0
[   55.230109][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   55.238670][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   55.246534][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   55.255255][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   55.263799][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.271131][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.280785][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   55.289441][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   55.297856][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.305075][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.351768][ T8085] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   55.409259][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   55.419287][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   55.428205][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   55.436561][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   55.446340][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   55.454692][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   55.463157][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   55.471675][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   55.502007][ T8091] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.509196][ T8091] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.516925][ T8091] device bridge_slave_0 entered promiscuous mode
[   55.525864][ T8088] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   55.589113][ T8085] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   55.629252][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   55.637969][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   55.651454][ T8083] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   55.663602][ T8083] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   55.676619][ T8091] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.684067][ T8091] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.692058][ T8091] device bridge_slave_1 entered promiscuous mode
[   55.699256][ T8088] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   55.750384][ T8085] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   55.812963][ T2760] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   55.821989][ T2760] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   55.842812][ T8088] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   55.899199][ T8097] chnl_net:caif_netlink_parms(): no params data found
[   55.907979][ T8085] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   55.960972][ T8091] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.980177][ T8083] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.991927][ T8088] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   56.064280][ T8095] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.072114][ T8095] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.080355][ T8095] device bridge_slave_0 entered promiscuous mode
[   56.088824][ T8091] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.105036][ T2818] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   56.112959][ T2818] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   56.135801][ T8095] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.144060][ T8095] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.159678][ T8095] device bridge_slave_1 entered promiscuous mode
[   56.177966][ T8091] team0: Port device team_slave_0 added
[   56.215412][ T8097] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.222683][ T8097] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.236421][ T8097] device bridge_slave_0 entered promiscuous mode
[   56.245018][ T8097] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.257373][ T8097] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.265205][ T8097] device bridge_slave_1 entered promiscuous mode
[   56.296310][ T8097] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.318371][ T8097] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.349560][ T8097] team0: Port device team_slave_0 added
[   56.363476][ T8097] team0: Port device team_slave_1 added
[  161.307016][    C1] rcu: INFO: rcu_preempt self-detected stall on CPU
[  161.313771][    C1] rcu: 	1-...!: (1 GPs behind) idle=b9e/1/0x4000000000000002 softirq=9768/9772 fqs=33 
[  161.323543][    C1] 	(t=10500 jiffies g=5605 q=193)
[  161.328563][    C1] rcu: rcu_preempt kthread starved for 10430 jiffies! g5605 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[  161.339646][    C1] rcu: RCU grace-period kthread stack dump:
[  161.345530][    C1] rcu_preempt     R  running task    29104    10      2 0x80004000
[  161.353416][    C1] Call Trace:
[  161.356708][    C1]  __schedule+0x9a0/0xcc0
[  161.361034][    C1]  schedule+0x181/0x210
[  161.365184][    C1]  schedule_timeout+0x14f/0x240
[  161.370025][    C1]  ? run_local_timers+0x120/0x120
[  161.375040][    C1]  rcu_gp_kthread+0xed8/0x1770
[  161.379802][    C1]  kthread+0x332/0x350
[  161.383855][    C1]  ? rcu_report_qs_rsp+0x140/0x140
[  161.388954][    C1]  ? kthread_blkcg+0xe0/0xe0
[  161.393532][    C1]  ret_from_fork+0x24/0x30
[  161.397947][    C1] NMI backtrace for cpu 1
[  161.402276][    C1] CPU: 1 PID: 8095 Comm: syz-executor.4 Not tainted 5.4.0-syzkaller #0
[  161.410491][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  161.420629][    C1] Call Trace:
[  161.423893][    C1]  <IRQ>
[  161.426726][    C1]  dump_stack+0x1fb/0x318
[  161.431030][    C1]  nmi_cpu_backtrace+0xaf/0x1a0
[  161.435864][    C1]  ? nmi_trigger_cpumask_backtrace+0x16d/0x290
[  161.441997][    C1]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[  161.448041][    C1]  nmi_trigger_cpumask_backtrace+0x174/0x290
[  161.453999][    C1]  arch_trigger_cpumask_backtrace+0x10/0x20
[  161.459866][    C1]  rcu_dump_cpu_stacks+0x15a/0x220
[  161.464973][    C1]  rcu_sched_clock_irq+0xe25/0x1ad0
[  161.470202][    C1]  ? trace_hardirqs_off+0x74/0x80
[  161.475210][    C1]  update_process_times+0x12d/0x180
[  161.480390][    C1]  tick_sched_timer+0x263/0x420
[  161.485217][    C1]  ? tick_setup_sched_timer+0x3d0/0x3d0
[  161.490749][    C1]  __hrtimer_run_queues+0x403/0x840
[  161.495931][    C1]  hrtimer_interrupt+0x38c/0xda0
[  161.500850][    C1]  ? debug_smp_processor_id+0x9/0x20
[  161.506128][    C1]  smp_apic_timer_interrupt+0x109/0x280
[  161.511646][    C1]  apic_timer_interrupt+0xf/0x20
[  161.516550][    C1]  </IRQ>
[  161.519464][    C1] RIP: 0010:__memcg_kmem_uncharge+0xd/0x2e0
[  161.525326][    C1] Code: 81 c3 08 02 00 00 48 89 df 4c 89 f6 e8 dc 7d ff ff 5b 41 5e 5d c3 0f 1f 80 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 <50> 89 f3 49 89 fc 48 b8 00 00 00 00 00 fc ff df 4c 8d 77 38 4d 89
[  161.544902][    C1] RSP: 0018:ffffc900023574f0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[  161.553281][    C1] RAX: ffffffff81486ea4 RBX: ffffea00023e3240 RCX: ffff88809f88c380
[  161.561662][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffea00023e3240
[  161.569630][    C1] RBP: ffffc90002357518 R08: 000000000003a768 R09: ffffed1012a0d2ff
[  161.578364][    C1] R10: ffffed1012a0d2ff R11: 0000000000000000 R12: ffff88808e00fea0
[  161.586330][    C1] R13: dffffc0000000000 R14: 1ffff11011c01fd4 R15: ffff8880950697e8
[  161.594393][    C1]  ? free_thread_stack+0x124/0x590
[  161.599482][    C1]  free_thread_stack+0x12e/0x590
[  161.604393][    C1]  put_task_stack+0xa3/0x130
[  161.608957][    C1]  finish_task_switch+0x3f1/0x550
[  161.613978][    C1]  __schedule+0x9a8/0xcc0
[  161.618421][    C1]  ? ___preempt_schedule+0x16/0x18
[  161.623515][    C1]  preempt_schedule+0xdb/0x120
[  161.628280][    C1]  ___preempt_schedule+0x16/0x18
[  161.633201][    C1]  try_to_wake_up+0xe78/0x1050
[  161.637956][    C1]  wake_up_q+0x8c/0xe0
[  161.642060][    C1]  __mutex_unlock_slowpath+0x586/0x5b0
[  161.647502][    C1]  mutex_unlock+0x1b/0x30
[  161.651848][    C1]  __rtnl_unlock+0x2c/0xa0
[  161.656237][    C1]  netdev_run_todo+0xe5/0xe10
[  161.660892][    C1]  rtnetlink_rcv_msg+0x890/0xd40
[  161.665858][    C1]  ? rcu_lock_release+0x9/0x30
[  161.670603][    C1]  ? rcu_lock_release+0x9/0x30
[  161.675349][    C1]  ? rcu_lock_release+0x9/0x30
[  161.680096][    C1]  netlink_rcv_skb+0x19e/0x3d0
[  161.684842][    C1]  ? rtnetlink_bind+0x80/0x80
[  161.689542][    C1]  rtnetlink_rcv+0x1c/0x20
[  161.693961][    C1]  netlink_unicast+0x767/0x920
[  161.698707][    C1]  netlink_sendmsg+0xa21/0xd40
[  161.703462][    C1]  ? netlink_getsockopt+0x9f0/0x9f0
[  161.708639][    C1]  __sys_sendto+0x442/0x5e0
[  161.713121][    C1]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  161.719165][    C1]  ? prepare_exit_to_usermode+0x221/0x5b0
[  161.724858][    C1]  ? trace_irq_disable_rcuidle+0x23/0x1e0
[  161.730549][    C1]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  161.735998][    C1]  __x64_sys_sendto+0xe5/0x100
[  161.740742][    C1]  do_syscall_64+0xf7/0x1c0
[  161.745226][    C1]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  161.751095][    C1] RIP: 0033:0x414373
[  161.754968][    C1] Code: ff 0f 83 b0 19 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d fd 40 66 00 00 75 17 49 89 ca b8 2c 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 81 19 00 00 c3 48 83 ec 08 e8 87 fa ff ff
[  161.774555][    C1] RSP: 002b:00007ffc077b9368 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  161.782939][    C1] RAX: ffffffffffffffda RBX: 0000000000a72200 RCX: 0000000000414373
[  161.790887][    C1] RDX: 0000000000000068 RSI: 0000000000a72250 RDI: 0000000000000003
[  161.798852][    C1] RBP: 0000000000000000 R08: 00007ffc077b9370 R09: 000000000000000c
[  161.807341][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  161.815295][    C1] R13: 0000000000000000 R14: 0000000000a72250 R15: 0000000000000003