[ 76.373717][ T27] audit: type=1800 audit(1581238508.238:26): pid=9838 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 77.303150][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 77.303161][ T27] audit: type=1800 audit(1581238509.198:29): pid=9838 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 77.330566][ T27] audit: type=1800 audit(1581238509.198:30): pid=9838 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.58' (ECDSA) to the list of known hosts. syzkaller login: [ 254.863414][ T9992] IPVS: ftp: loaded support on port[0] = 21 [ 254.914468][ T9992] chnl_net:caif_netlink_parms(): no params data found [ 254.949969][ T9992] bridge0: port 1(bridge_slave_0) entered blocking state [ 254.958183][ T9992] bridge0: port 1(bridge_slave_0) entered disabled state [ 254.966455][ T9992] device bridge_slave_0 entered promiscuous mode [ 254.975484][ T9992] bridge0: port 2(bridge_slave_1) entered blocking state [ 254.982921][ T9992] bridge0: port 2(bridge_slave_1) entered disabled state [ 254.990803][ T9992] device bridge_slave_1 entered promiscuous mode [ 255.011584][ T9992] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 255.022885][ T9992] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 255.042833][ T9992] team0: Port device team_slave_0 added [ 255.051395][ T9992] team0: Port device team_slave_1 added [ 255.066915][ T9992] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 255.074229][ T9992] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 255.100645][ T9992] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 255.113071][ T9992] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 255.120272][ T9992] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 255.146572][ T9992] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 255.206162][ T9992] device hsr_slave_0 entered promiscuous mode [ 255.245159][ T9992] device hsr_slave_1 entered promiscuous mode [ 255.349382][ T9992] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 255.406776][ T9992] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 255.467191][ T9992] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 255.526732][ T9992] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 255.576990][ T9992] bridge0: port 2(bridge_slave_1) entered blocking state [ 255.584276][ T9992] bridge0: port 2(bridge_slave_1) entered forwarding state [ 255.592168][ T9992] bridge0: port 1(bridge_slave_0) entered blocking state [ 255.599391][ T9992] bridge0: port 1(bridge_slave_0) entered forwarding state [ 255.648175][ T9992] 8021q: adding VLAN 0 to HW filter on device bond0 [ 255.661913][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 255.672324][ T2868] bridge0: port 1(bridge_slave_0) entered disabled state [ 255.680580][ T2868] bridge0: port 2(bridge_slave_1) entered disabled state [ 255.689388][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 255.702570][ T9992] 8021q: adding VLAN 0 to HW filter on device team0 [ 255.714996][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 255.723688][ T3627] bridge0: port 1(bridge_slave_0) entered blocking state [ 255.730795][ T3627] bridge0: port 1(bridge_slave_0) entered forwarding state [ 255.741805][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 255.751123][ T2868] bridge0: port 2(bridge_slave_1) entered blocking state [ 255.758694][ T2868] bridge0: port 2(bridge_slave_1) entered forwarding state [ 255.785885][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 255.795765][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 255.804487][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 255.815076][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 255.829184][ T9992] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 255.841897][ T9992] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 255.850040][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 255.870733][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 255.878306][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 255.891180][ T9992] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 255.911271][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 255.931225][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 255.941095][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 255.950384][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 255.958970][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 255.968305][ T9992] device veth0_vlan entered promiscuous mode [ 255.980612][ T9992] device veth1_vlan entered promiscuous mode [ 256.002746][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 256.011529][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 256.019853][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 256.028680][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 256.039936][ T9992] device veth0_macvtap entered promiscuous mode [ 256.050786][ T9992] device veth1_macvtap entered promiscuous mode [ 256.069301][ T9992] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 256.077215][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 256.086618][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 256.094909][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 256.103486][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 256.115608][ T9992] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 256.124247][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 256.132836][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 256.270259][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 265.235584][ T0] NOHZ: local_softirq_pending 08 [ 285.715426][ T0] NOHZ: local_softirq_pending 08 [ 306.204483][ T0] NOHZ: local_softirq_pending 08 [ 347.154996][ T0] NOHZ: local_softirq_pending 08 [ 367.634922][ T0] NOHZ: local_softirq_pending 08 [ 388.114436][ T0] NOHZ: local_softirq_pending 08 [ 408.595037][ T0] NOHZ: local_softirq_pending 08 [ 419.473809][ T1137] INFO: task syz-executor969:9992 blocked for more than 143 seconds. [ 419.482236][ T1137] Not tainted 5.5.0-syzkaller #0 [ 419.487954][ T1137] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 419.497333][ T1137] syz-executor969 D23096 9992 9991 0x00004000 [ 419.504088][ T1137] Call Trace: [ 419.507545][ T1137] __schedule+0x934/0x1f90 [ 419.511977][ T1137] ? __sched_text_start+0x8/0x8 [ 419.517518][ T1137] ? __lock_acquire+0x29c9/0x4a00 [ 419.522756][ T1137] schedule+0xdc/0x2b0 [ 419.526922][ T1137] schedule_timeout+0x717/0xc50 [ 419.531860][ T1137] ? __kasan_check_read+0x11/0x20 [ 419.536974][ T1137] ? usleep_range+0x170/0x170 [ 419.541681][ T1137] ? mark_held_locks+0xa4/0xf0 [ 419.546622][ T1137] ? _raw_spin_unlock_irq+0x23/0x80 [ 419.552116][ T1137] ? wait_for_completion+0x294/0x440 [ 419.557790][ T1137] ? _raw_spin_unlock_irq+0x23/0x80 [ 419.563066][ T1137] ? lockdep_hardirqs_on+0x421/0x5e0 [ 419.568499][ T1137] ? trace_hardirqs_on+0x67/0x240 [ 419.573718][ T1137] wait_for_completion+0x29c/0x440 [ 419.579088][ T1137] ? wait_for_completion_interruptible+0x470/0x470 [ 419.585994][ T1137] ? wake_up_q+0x140/0x140 [ 419.590605][ T1137] ? __rcu_read_unlock+0x26e/0x700 [ 419.595905][ T1137] __flush_work+0x4fe/0xa50 [ 419.600575][ T1137] ? queue_delayed_work_on+0x210/0x210 [ 419.606366][ T1137] ? init_pwq+0x360/0x360 [ 419.610963][ T1137] ? __cancel_work_timer+0xc4/0x540 [ 419.616703][ T1137] ? __cancel_work_timer+0x1e0/0x540 [ 419.622138][ T1137] ? cancel_delayed_work_sync+0x1b/0x20 [ 419.628653][ T1137] ? __cancel_work_timer+0x1e0/0x540 [ 419.634337][ T1137] ? lockdep_hardirqs_on+0x421/0x5e0 [ 419.639740][ T1137] ? trace_hardirqs_on+0x67/0x240 [ 419.644850][ T1137] __cancel_work_timer+0x3d9/0x540 [ 419.650350][ T1137] ? mod_delayed_work_on+0x200/0x200 [ 419.656060][ T1137] ? debug_object_active_state+0x28a/0x350 [ 419.661973][ T1137] ? mark_held_locks+0xf0/0xf0 [ 419.666979][ T1137] cancel_delayed_work_sync+0x1b/0x20 [ 419.672553][ T1137] tls_sw_cancel_work_tx+0x68/0x80 [ 419.677862][ T1137] tls_sk_proto_close+0x4d2/0xb70 [ 419.682917][ T1137] ? lock_acquire+0x190/0x410 [ 419.687712][ T1137] ? wait_on_pending_writer+0x420/0x420 [ 419.693347][ T1137] ? ip_mc_drop_socket+0x211/0x270 [ 419.698747][ T1137] ? down_write+0xdf/0x150 [ 419.703209][ T1137] inet_release+0xed/0x200 [ 419.707931][ T1137] inet6_release+0x53/0x80 [ 419.712584][ T1137] __sock_release+0xce/0x280 [ 419.717580][ T1137] sock_close+0x1e/0x30 [ 419.722052][ T1137] __fput+0x2ff/0x890 [ 419.726202][ T1137] ? __sock_release+0x280/0x280 [ 419.731274][ T1137] ____fput+0x16/0x20 [ 419.735786][ T1137] task_work_run+0x145/0x1c0 [ 419.740496][ T1137] exit_to_usermode_loop+0x316/0x380 [ 419.745922][ T1137] do_syscall_64+0x676/0x790 [ 419.750550][ T1137] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 419.757236][ T1137] RIP: 0033:0x402aa0 [ 419.761300][ T1137] Code: 00 00 6e 05 00 00 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2a 05 00 00 12 00 00 00 00 00 00 00 00 00 00 00 <00> 00 00 00 00 00 00 00 dd 05 00 00 12 00 00 00 00 00 00 00 00 00 [ 419.781107][ T1137] RSP: 002b:00007ffd4227f918 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 419.789675][ T1137] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000402aa0 [ 419.798345][ T1137] RDX: 00000000000000d8 RSI: 00000000200005c0 RDI: 0000000000000004 [ 419.806418][ T1137] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000000000d8 [ 419.814605][ T1137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 419.822946][ T1137] R13: 0000000000403cd0 R14: 0000000000000000 R15: 0000000000000000 [ 419.831072][ T1137] [ 419.831072][ T1137] Showing all locks held in the system: [ 419.838879][ T1137] 1 lock held by khungtaskd/1137: [ 419.844589][ T1137] #0: ffffffff89bac200 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x279 [ 419.853983][ T1137] 3 locks held by kworker/0:3/2762: [ 419.859361][ T1137] #0: ffff8880aa426d28 ((wq_completion)events){+.+.}, at: process_one_work+0x8dd/0x17a0 [ 419.869282][ T1137] #1: ffffc90008f6fdc0 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}, at: process_one_work+0x917/0x17a0 [ 419.881924][ T1137] #2: ffff888096c814d0 (&ctx->tx_lock){+.+.}, at: tx_work_handler+0x12e/0x190 [ 419.891992][ T1137] 1 lock held by rsyslogd/9876: [ 419.896977][ T1137] 2 locks held by getty/9966: [ 419.901707][ T1137] #0: ffff8880a6123090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 419.910755][ T1137] #1: ffffc90005b9b2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 419.920563][ T1137] 2 locks held by getty/9967: [ 419.925289][ T1137] #0: ffff8880a7caf090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 419.934333][ T1137] #1: ffffc90005c1b2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 419.944021][ T1137] 2 locks held by getty/9968: [ 419.948708][ T1137] #0: ffff888099d3c090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 419.958143][ T1137] #1: ffffc90005c2b2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 419.967837][ T1137] 2 locks held by getty/9969: [ 419.972669][ T1137] #0: ffff8880a465a090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 419.981890][ T1137] #1: ffffc90005c0c2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 419.991644][ T1137] 2 locks held by getty/9970: [ 419.996417][ T1137] #0: ffff8880a9789090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 420.005796][ T1137] #1: ffffc90005b8b2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 420.016574][ T1137] 2 locks held by getty/9971: [ 420.021428][ T1137] #0: ffff8880932ca090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 420.030473][ T1137] #1: ffffc90005bbb2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 420.040108][ T1137] 2 locks held by getty/9972: [ 420.044846][ T1137] #0: ffff88809e96e090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 420.053996][ T1137] #1: ffffc90005b532e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 420.064145][ T1137] 1 lock held by syz-executor969/9992: [ 420.069735][ T1137] #0: ffff888096862280 (&sb->s_type->i_mutex_key#12){+.+.}, at: __sock_release+0x89/0x280 [ 420.080008][ T1137] [ 420.082366][ T1137] ============================================= [ 420.082366][ T1137] [ 420.090866][ T1137] NMI backtrace for cpu 1 [ 420.095243][ T1137] CPU: 1 PID: 1137 Comm: khungtaskd Not tainted 5.5.0-syzkaller #0 [ 420.103129][ T1137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 420.113274][ T1137] Call Trace: [ 420.116624][ T1137] dump_stack+0x197/0x210 [ 420.120967][ T1137] nmi_cpu_backtrace.cold+0x70/0xb2 [ 420.126299][ T1137] ? vprintk_func+0x86/0x189 [ 420.131085][ T1137] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 420.136709][ T1137] nmi_trigger_cpumask_backtrace+0x23b/0x28b [ 420.142752][ T1137] arch_trigger_cpumask_backtrace+0x14/0x20 [ 420.148713][ T1137] watchdog+0xb11/0x10c0 [ 420.152976][ T1137] kthread+0x361/0x430 [ 420.157051][ T1137] ? reset_hung_task_detector+0x30/0x30 [ 420.162668][ T1137] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 420.168412][ T1137] ret_from_fork+0x24/0x30 [ 420.173010][ T1137] Sending NMI from CPU 1 to CPUs 0: [ 420.178379][ C0] NMI backtrace for cpu 0 skipped: idling at default_idle+0x4e/0x360 [ 420.180509][ T1137] Kernel panic - not syncing: hung_task: blocked tasks [ 420.193459][ T1137] CPU: 1 PID: 1137 Comm: khungtaskd Not tainted 5.5.0-syzkaller #0 [ 420.201393][ T1137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 420.211773][ T1137] Call Trace: [ 420.215229][ T1137] dump_stack+0x197/0x210 [ 420.219624][ T1137] panic+0x2e3/0x75c [ 420.223521][ T1137] ? add_taint.cold+0x16/0x16 [ 420.228210][ T1137] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 420.233918][ T1137] ? ___preempt_schedule+0x16/0x18 [ 420.239209][ T1137] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 420.245528][ T1137] ? nmi_trigger_cpumask_backtrace+0x24c/0x28b [ 420.251702][ T1137] ? nmi_trigger_cpumask_backtrace+0x256/0x28b [ 420.258189][ T1137] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 420.264352][ T1137] watchdog+0xb22/0x10c0 [ 420.268596][ T1137] kthread+0x361/0x430 [ 420.272747][ T1137] ? reset_hung_task_detector+0x30/0x30 [ 420.278294][ T1137] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 420.284150][ T1137] ret_from_fork+0x24/0x30 [ 420.290397][ T1137] Kernel Offset: disabled [ 420.294770][ T1137] Rebooting in 86400 seconds..