[ 99.267806][ T27] audit: type=1800 audit(1583908743.671:36): pid=10155 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 99.965961][ T27] audit: type=1400 audit(1583908744.511:37): avc: denied { watch } for pid=10243 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1 [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.47' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 457.281713][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 457.281726][ T27] audit: type=1400 audit(1583909101.831:42): avc: denied { map } for pid=10344 comm="syz-executor070" path="/root/syz-executor070038386" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 457.361034][T10344] XFS (loop0): correcting sb_features alignment problem [ 457.369067][T10344] XFS (loop0): Mounting V4 Filesystem [ 457.376031][T10344] XFS (loop0): log size 2150998016 bytes too large, maximum size is 2136997888 bytes [ 457.385920][T10344] XFS (loop0): Log size out of supported range. [ 457.392376][T10344] XFS (loop0): Continuing onwards, but if log hangs are experienced then please report this message in the bug report. [ 457.406689][T10344] XFS (loop0): totally zeroed log [ 457.413139][ T2712] XFS (loop0): Metadata corruption detected at xfs_agf_verify+0x55c/0x9e0, xfs_agf block 0x1 [ 457.423787][ T2712] XFS (loop0): Unmount and run xfs_repair [ 457.429610][ T2712] XFS (loop0): First 128 bytes of corrupted metadata buffer: [ 457.437248][ T2712] 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 457.447876][ T2712] 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 457.457801][ T2712] 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 457.466996][ T2712] 00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 457.475935][ T2712] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 457.486521][ T2712] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 457.495462][ T2712] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 457.504525][ T2712] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 457.514014][T10344] XFS (loop0): metadata I/O error in "xfs_read_agf+0x1e6/0x540" at daddr 0x1 len 1 error 117 [ 605.607290][ T992] INFO: task syz-executor070:10344 blocked for more than 143 seconds. [ 605.615710][ T992] Not tainted 5.6.0-rc5-syzkaller #0 [ 605.621566][ T992] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 605.630294][ T992] syz-executor070 D26960 10344 10342 0x00004000 [ 605.636612][ T992] Call Trace: [ 605.640097][ T992] ? __schedule+0x934/0x1f90 [ 605.644750][ T992] ? xlog_grant_head_wait+0x26a/0xd40 [ 605.650190][ T992] ? __sched_text_start+0x8/0x8 [ 605.655122][ T992] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 605.661298][ T992] schedule+0xd0/0x2a0 [ 605.665373][ T992] xlog_grant_head_wait+0x422/0xd40 [ 605.670637][ T992] xlog_grant_head_check+0x3b9/0x410 [ 605.675930][ T992] ? xlog_grant_head_wait+0xd40/0xd40 [ 605.681356][ T992] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 605.687700][ T992] xfs_log_reserve+0x34b/0xac0 [ 605.692486][ T992] ? xlog_ticket_alloc+0x440/0x440 [ 605.697677][ T992] xfs_log_write_unmount_record+0x167/0x880 [ 605.703587][ T992] ? xfs_log_reserve+0xac0/0xac0 [ 605.708651][ T992] ? lock_downgrade+0x7f0/0x7f0 [ 605.713517][ T992] ? do_raw_spin_lock+0x129/0x2e0 [ 605.718585][ T992] ? rwlock_bug.part.0+0x90/0x90 [ 605.723546][ T992] ? do_raw_spin_unlock+0x171/0x260 [ 605.728796][ T992] ? _raw_spin_unlock+0x24/0x40 [ 605.733664][ T992] ? xfs_log_force+0x837/0xd60 [ 605.738661][ T992] ? xlog_commit_record+0x1c0/0x1c0 [ 605.743860][ T992] ? xfs_log_quiesce+0x155/0x510 [ 605.748855][ T992] ? lockdep_hardirqs_on+0x417/0x5d0 [ 605.754169][ T992] xfs_log_quiesce+0x397/0x510 [ 605.759005][ T992] ? xfs_log_write_unmount_record+0x880/0x880 [ 605.765098][ T992] ? xfs_check_summary_counts+0x1d0/0x4e0 [ 605.771039][ T992] ? xfs_check_sizes+0x3f0/0x3f0 [ 605.776106][ T992] ? xlog_cil_init_post_recovery+0x7b/0x1a0 [ 605.782070][ T992] xfs_log_unmount+0x1d/0xb0 [ 605.786701][ T992] xfs_mountfs+0x15ea/0x1f80 [ 605.792000][ T992] ? xfs_default_resblks+0x60/0x60 [ 605.798363][ T992] ? init_timer_key+0xa6/0x390 [ 605.803186][ T992] ? queue_work_node+0x370/0x370 [ 605.808208][ T992] ? lockdep_init_map+0x1b0/0x6c0 [ 605.813270][ T992] ? xfs_mru_cache_create+0x473/0x580 [ 605.818795][ T992] ? xfs_filestream_get_ag+0x50/0x50 [ 605.824256][ T992] xfs_fc_fill_super+0x89b/0x1220 [ 605.829621][ T992] get_tree_bdev+0x3f8/0x710 [ 605.834238][ T992] ? xfs_mount_free+0x80/0x80 [ 605.839250][ T992] vfs_get_tree+0x89/0x2f0 [ 605.843755][ T992] do_mount+0x1306/0x1a60 [ 605.848163][ T992] ? copy_mount_string+0x40/0x40 [ 605.853295][ T992] ? memset+0x20/0x40 [ 605.857347][ T992] __x64_sys_mount+0x18f/0x230 [ 605.862295][ T992] do_syscall_64+0xf6/0x7d0 [ 605.866814][ T992] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 605.872831][ T992] RIP: 0033:0x44761a [ 605.876741][ T992] Code: 6d 77 72 00 73 74 72 65 61 6d 20 77 72 69 74 65 72 00 77 65 20 68 61 64 20 61 20 66 69 6c 65 20 63 68 61 6e 67 65 20 6f 6e 20 <27> 25 73 27 0a 00 66 69 6c 65 20 25 64 20 72 65 61 64 20 25 6c 64 [ 605.896529][ T992] RSP: 002b:00007ffdbbec0258 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 605.904989][ T992] RAX: ffffffffffffffda RBX: 00007ffdbbec0430 RCX: 000000000044761a [ 605.913010][ T992] RDX: 00007ffdbbec02a0 RSI: 0000000020000000 RDI: 00007ffdbbec02c0 [ 605.921672][ T992] RBP: 0000000000000000 R08: 00007ffdbbec0300 R09: 0000000000000000 [ 605.929886][ T992] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000402900 [ 605.937905][ T992] R13: 0000000000402990 R14: 0000000000000000 R15: 0000000000000000 [ 605.945895][ T992] [ 605.945895][ T992] Showing all locks held in the system: [ 605.953811][ T992] 1 lock held by khungtaskd/992: [ 605.958795][ T992] #0: ffffffff897accc0 (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x260 [ 605.968175][ T992] 1 lock held by rsyslogd/10193: [ 605.973086][ T992] #0: ffff8880a779cda0 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xe3/0x100 [ 605.981804][ T992] 2 locks held by getty/10315: [ 605.986557][ T992] #0: ffff8880923ec090 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 [ 605.995875][ T992] #1: ffffc900018332e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x21d/0x1b30 [ 606.005617][ T992] 2 locks held by getty/10316: [ 606.010464][ T992] #0: ffff8880a03f9090 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 [ 606.019750][ T992] #1: ffffc900018c32e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x21d/0x1b30 [ 606.029366][ T992] 2 locks held by getty/10317: [ 606.034240][ T992] #0: ffff888097399090 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 [ 606.043544][ T992] #1: ffffc900018b32e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x21d/0x1b30 [ 606.053605][ T992] 2 locks held by getty/10318: [ 606.058397][ T992] #0: ffff8880a7df2090 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 [ 606.067646][ T992] #1: ffffc900018932e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x21d/0x1b30 [ 606.078055][ T992] 2 locks held by getty/10319: [ 606.082820][ T992] #0: ffff888099b3e090 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 [ 606.092082][ T992] #1: ffffc900018832e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x21d/0x1b30 [ 606.101768][ T992] 2 locks held by getty/10320: [ 606.106508][ T992] #0: ffff88809f304090 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 [ 606.115856][ T992] #1: ffffc900018a32e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x21d/0x1b30 [ 606.125477][ T992] 2 locks held by getty/10321: [ 606.130459][ T992] #0: ffff8880a2797090 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 [ 606.139710][ T992] #1: ffffc900018032e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x21d/0x1b30 [ 606.149707][ T992] 1 lock held by syz-executor070/10344: [ 606.155258][ T992] #0: ffff88809faee0d8 (&type->s_umount_key#55/1){+.+.}, at: alloc_super+0x152/0x910 [ 606.165057][ T992] [ 606.167445][ T992] ============================================= [ 606.167445][ T992] [ 606.175926][ T992] NMI backtrace for cpu 0 [ 606.180454][ T992] CPU: 0 PID: 992 Comm: khungtaskd Not tainted 5.6.0-rc5-syzkaller #0 [ 606.188620][ T992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 606.198656][ T992] Call Trace: [ 606.202030][ T992] dump_stack+0x188/0x20d [ 606.206353][ T992] nmi_cpu_backtrace.cold+0x70/0xb1 [ 606.211605][ T992] ? lapic_can_unplug_cpu.cold+0x3b/0x3b [ 606.217410][ T992] nmi_trigger_cpumask_backtrace+0x231/0x27e [ 606.223468][ T992] watchdog+0xa8c/0x1010 [ 606.227781][ T992] ? reset_hung_task_detector+0x30/0x30 [ 606.233520][ T992] kthread+0x357/0x430 [ 606.237676][ T992] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 606.243431][ T992] ret_from_fork+0x24/0x30 [ 606.247983][ T992] Sending NMI from CPU 0 to CPUs 1: [ 606.253294][ C1] NMI backtrace for cpu 1 skipped: idling at native_safe_halt+0xe/0x10 [ 606.254966][ T992] Kernel panic - not syncing: hung_task: blocked tasks [ 606.268384][ T992] CPU: 0 PID: 992 Comm: khungtaskd Not tainted 5.6.0-rc5-syzkaller #0 [ 606.276684][ T992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 606.286732][ T992] Call Trace: [ 606.290022][ T992] dump_stack+0x188/0x20d [ 606.294396][ T992] panic+0x2e3/0x75c [ 606.298278][ T992] ? add_taint.cold+0x16/0x16 [ 606.303998][ T992] ? lapic_can_unplug_cpu.cold+0x3b/0x3b [ 606.309624][ T992] ? ___preempt_schedule+0x16/0x18 [ 606.314743][ T992] ? watchdog+0xa8c/0x1010 [ 606.319158][ T992] ? nmi_trigger_cpumask_backtrace+0x214/0x27e [ 606.325296][ T992] watchdog+0xa9d/0x1010 [ 606.329561][ T992] ? reset_hung_task_detector+0x30/0x30 [ 606.335088][ T992] kthread+0x357/0x430 [ 606.339137][ T992] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 606.344841][ T992] ret_from_fork+0x24/0x30 [ 606.351112][ T992] Kernel Offset: disabled [ 606.355456][ T992] Rebooting in 86400 seconds..