[   36.434234][   T26] audit: type=1800 audit(1555868540.306:27): pid=7540 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   36.458517][   T26] audit: type=1800 audit(1555868540.306:28): pid=7540 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   37.070745][   T26] audit: type=1800 audit(1555868541.006:29): pid=7540 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   37.094724][   T26] audit: type=1800 audit(1555868541.006:30): pid=7540 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.20' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [  565.657352][ T1041] INFO: task syz-executor441:7694 blocked for more than 143 seconds.
[  565.665803][ T1041]       Not tainted 5.1.0-rc5+ #78
[  565.671977][ T1041] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  565.680985][ T1041] syz-executor441 D28384  7694   7693 0x00000004
[  565.687558][ T1041] Call Trace:
[  565.690955][ T1041]  __schedule+0x813/0x1cc0
[  565.695395][ T1041]  ? __sched_text_start+0x8/0x8
[  565.700528][ T1041]  ? rwsem_down_read_failed+0x1db/0x420
[  565.706097][ T1041]  ? _raw_spin_unlock_irq+0x28/0x90
[  565.711575][ T1041]  ? lockdep_hardirqs_on+0x418/0x5d0
[  565.716893][ T1041]  schedule+0x92/0x180
[  565.721208][ T1041]  rwsem_down_read_failed+0x213/0x420
[  565.726646][ T1041]  ? __rwsem_down_read_failed_common.part.0+0x80/0x80
[  565.735306][ T1041]  ? mark_held_locks+0xf0/0xf0
[  565.740288][ T1041]  call_rwsem_down_read_failed+0x18/0x30
[  565.745945][ T1041]  down_read+0x49/0x90
[  565.750305][ T1041]  ? __do_page_fault+0x9e9/0xda0
[  565.755269][ T1041]  __do_page_fault+0x9e9/0xda0
[  565.760358][ T1041]  ? trace_hardirqs_off_caller+0x65/0x220
[  565.766168][ T1041]  do_page_fault+0x71/0x581
[  565.770911][ T1041]  ? page_fault+0x8/0x30
[  565.775170][ T1041]  page_fault+0x1e/0x30
[  565.779543][ T1041] RIP: 0033:0x4ab79d
[  565.783461][ T1041] Code: Bad RIP value.
[  565.787817][ T1041] RSP: 002b:00007fff2dcfd500 EFLAGS: 00010206
[  565.793892][ T1041] RAX: 00000000004ab8c0 RBX: 0000000000000001 RCX: 00000000006e0330
[  565.802896][ T1041] RDX: 0000000000407620 RSI: 0000000000000000 RDI: 00000000004ccb90
[  565.811062][ T1041] RBP: 00007fff2dcfd520 R08: 000000037ffffa00 R09: 000000037ffffa00
[  565.819315][ T1041] R10: 00007fff2dcfd590 R11: 0000000000000000 R12: 0000000000000001
[  565.827453][ T1041] R13: 00000000006e0320 R14: 000000000000002d R15: 20c49ba5e353f7cf
[  565.835473][ T1041] INFO: task syz-executor441:7695 blocked for more than 143 seconds.
[  565.843839][ T1041]       Not tainted 5.1.0-rc5+ #78
[  565.849169][ T1041] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  565.858097][ T1041] syz-executor441 D28392  7695   7693 0x80000004
[  565.864454][ T1041] Call Trace:
[  565.868019][ T1041]  __schedule+0x813/0x1cc0
[  565.872477][ T1041]  ? __sched_text_start+0x8/0x8
[  565.877582][ T1041]  ? rwsem_down_read_failed+0x1db/0x420
[  565.883171][ T1041]  ? _raw_spin_unlock_irq+0x28/0x90
[  565.888623][ T1041]  ? lockdep_hardirqs_on+0x418/0x5d0
[  565.894025][ T1041]  schedule+0x92/0x180
[  565.898476][ T1041]  rwsem_down_read_failed+0x213/0x420
[  565.903869][ T1041]  ? __rwsem_down_read_failed_common.part.0+0x80/0x80
[  565.910893][ T1041]  ? mark_held_locks+0xf0/0xf0
[  565.915695][ T1041]  call_rwsem_down_read_failed+0x18/0x30
[  565.921608][ T1041]  down_read+0x49/0x90
[  565.925801][ T1041]  ? do_exit+0x443/0x2fa0
[  565.931610][ T1041]  do_exit+0x443/0x2fa0
[  565.935880][ T1041]  ? get_signal+0x331/0x1d50
[  565.940739][ T1041]  ? find_held_lock+0x35/0x130
[  565.945626][ T1041]  ? mm_update_next_owner+0x640/0x640
[  565.951450][ T1041]  ? kasan_check_write+0x14/0x20
[  565.956414][ T1041]  ? _raw_spin_unlock_irq+0x28/0x90
[  565.961859][ T1041]  ? get_signal+0x331/0x1d50
[  565.966646][ T1041]  ? _raw_spin_unlock_irq+0x28/0x90
[  565.972166][ T1041]  do_group_exit+0x135/0x370
[  565.976778][ T1041]  get_signal+0x399/0x1d50
[  565.981522][ T1041]  ? put_ctx+0xd2/0x120
[  565.985694][ T1041]  ? _perf_ioctl+0x12d0/0x12d0
[  565.990660][ T1041]  ? perf_ioctl+0x71/0x90
[  565.995255][ T1041]  ? do_vfs_ioctl+0x120/0x1390
[  566.000287][ T1041]  do_signal+0x87/0x1940
[  566.004547][ T1041]  ? ioctl_preallocate+0x210/0x210
[  566.009997][ T1041]  ? smack_file_ioctl+0x196/0x310
[  566.015311][ T1041]  ? smack_inode_rename+0x2d0/0x2d0
[  566.020753][ T1041]  ? setup_sigcontext+0x7d0/0x7d0
[  566.025954][ T1041]  ? exit_to_usermode_loop+0x43/0x2c0
[  566.031580][ T1041]  ? do_syscall_64+0x52d/0x610
[  566.036360][ T1041]  ? exit_to_usermode_loop+0x43/0x2c0
[  566.041942][ T1041]  ? lockdep_hardirqs_on+0x418/0x5d0
[  566.047463][ T1041]  ? trace_hardirqs_on+0x67/0x230
[  566.052663][ T1041]  exit_to_usermode_loop+0x244/0x2c0
[  566.059024][ T1041]  do_syscall_64+0x52d/0x610
[  566.063656][ T1041]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  566.069811][ T1041] RIP: 0033:0x4468f9
[  566.073823][ T1041] Code: 67 66 69 6c 65 3d 64 65 62 75 67 2e 63 22 0a 00 00 45 52 52 4f 52 3a 20 6f 75 74 20 6f 66 20 6d 65 6d 6f 72 79 20 64 75 72 69 <6e> 67 20 64 65 62 75 67 20 73 65 74 75 70 0a 00 00 00 00 00 00 00
[  566.094057][ T1041] RSP: 002b:00007f3706d0adb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  566.102783][ T1041] RAX: fffffffffffffe00 RBX: 00000000006dbc28 RCX: 00000000004468f9
[  566.111060][ T1041] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dbc28
[  566.119449][ T1041] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000
[  566.127676][ T1041] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c
[  566.135668][ T1041] R13: 00007fff2dcfd4ff R14: 00007f3706d0b9c0 R15: 20c49ba5e353f7cf
[  566.143948][ T1041] 
[  566.143948][ T1041] Showing all locks held in the system:
[  566.151899][ T1041] 1 lock held by khungtaskd/1041:
[  566.156933][ T1041]  #0: 000000002b2b03f9 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e
[  566.166680][ T1041] 3 locks held by rs:main Q:Reg/7577:
[  566.172245][ T1041] 1 lock held by rsyslogd/7579:
[  566.177292][ T1041]  #0: 000000001df23595 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110
[  566.185965][ T1041] 2 locks held by getty/7669:
[  566.191687][ T1041]  #0: 0000000092ca55e9 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40
[  566.200888][ T1041]  #1: 000000009021a76b (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70
[  566.210952][ T1041] 2 locks held by getty/7670:
[  566.215637][ T1041]  #0: 00000000f12cb8c0 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40
[  566.224848][ T1041]  #1: 000000002893d142 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70
[  566.234774][ T1041] 2 locks held by getty/7671:
[  566.239658][ T1041]  #0: 000000003ef58bfb (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40
[  566.248847][ T1041]  #1: 0000000031406faa (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70
[  566.258665][ T1041] 2 locks held by getty/7672:
[  566.263347][ T1041]  #0: 000000004001a8a4 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40
[  566.272667][ T1041]  #1: 000000006d307b01 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70
[  566.282571][ T1041] 2 locks held by getty/7673:
[  566.287417][ T1041]  #0: 00000000c9a049b9 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40
[  566.296384][ T1041]  #1: 00000000a63fe9d8 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70
[  566.306229][ T1041] 2 locks held by getty/7674:
[  566.311133][ T1041]  #0: 0000000099414419 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40
[  566.321108][ T1041]  #1: 0000000083d67249 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70
[  566.330902][ T1041] 2 locks held by getty/7675:
[  566.335575][ T1041]  #0: 000000000ca59735 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40
[  566.344744][ T1041]  #1: 00000000ef09897d (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70
[  566.354498][ T1041] 1 lock held by syz-executor441/7694:
[  566.360117][ T1041]  #0: 00000000fdc36a54 (&mm->mmap_sem){++++}, at: __do_page_fault+0x9e9/0xda0
[  566.369261][ T1041] 1 lock held by syz-executor441/7695:
[  566.374717][ T1041]  #0: 00000000fdc36a54 (&mm->mmap_sem){++++}, at: do_exit+0x443/0x2fa0
[  566.383630][ T1041] 2 locks held by syz-executor441/7696:
[  566.389329][ T1041] 
[  566.391848][ T1041] =============================================
[  566.391848][ T1041] 
[  566.400431][ T1041] NMI backtrace for cpu 0
[  566.404773][ T1041] CPU: 0 PID: 1041 Comm: khungtaskd Not tainted 5.1.0-rc5+ #78
[  566.412332][ T1041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  566.422470][ T1041] Call Trace:
[  566.425851][ T1041]  dump_stack+0x172/0x1f0
[  566.430196][ T1041]  nmi_cpu_backtrace.cold+0x63/0xa4
[  566.435554][ T1041]  ? lapic_can_unplug_cpu.cold+0x38/0x38
[  566.441630][ T1041]  nmi_trigger_cpumask_backtrace+0x1be/0x236
[  566.447620][ T1041]  arch_trigger_cpumask_backtrace+0x14/0x20
[  566.453565][ T1041]  watchdog+0x9b7/0xec0
[  566.458313][ T1041]  kthread+0x357/0x430
[  566.462388][ T1041]  ? reset_hung_task_detector+0x30/0x30
[  566.468025][ T1041]  ? kthread_cancel_delayed_work_sync+0x20/0x20
[  566.474268][ T1041]  ret_from_fork+0x3a/0x50
[  566.478936][ T1041] Sending NMI from CPU 0 to CPUs 1:
[  566.484974][    C1] NMI backtrace for cpu 1
[  566.484980][    C1] CPU: 1 PID: 7696 Comm: syz-executor441 Not tainted 5.1.0-rc5+ #78
[  566.484987][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  566.484991][    C1] RIP: 0010:lock_acquire+0x1d/0x3f0
[  566.485003][    C1] Code: ff ff ff e9 48 fc ff ff 0f 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 55 45 89 c3 48 89 e5 41 57 41 89 cf 41 56 41 89 d6 41 55 <41> 89 f5 41 54 49 89 fc 53 65 48 8b 1c 25 00 ee 01 00 48 8d bb 7c
[  566.485007][    C1] RSP: 0018:ffff8880a93ef8e0 EFLAGS: 00000246
[  566.485016][    C1] RAX: dffffc0000000000 RBX: dffffc0000000000 RCX: 0000000000000000
[  566.485021][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88808c729790
[  566.485026][    C1] RBP: ffff8880a93ef8f8 R08: 0000000000000001 R09: 0000000000000000
[  566.485031][    C1] R10: ffff8880a93efa98 R11: 0000000000000001 R12: 0000000000000000
[  566.485037][    C1] R13: ffff88808c729730 R14: 0000000000000000 R15: 0000000000000000
[  566.485042][    C1] FS:  00007f3706cea700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[  566.485047][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  566.485052][    C1] CR2: ffffffffff600400 CR3: 0000000090446000 CR4: 00000000001406e0
[  566.485058][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  566.485063][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  566.485066][    C1] Call Trace:
[  566.485069][    C1]  ? perf_mmap+0x749/0x17f0
[  566.485082][    C1]  __mutex_lock+0xf7/0x1310
[  566.485085][    C1]  ? perf_mmap+0x749/0x17f0
[  566.485089][    C1]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  566.485093][    C1]  ? perf_mmap+0x749/0x17f0
[  566.485097][    C1]  ? lock_downgrade+0x880/0x880
[  566.485100][    C1]  ? mutex_trylock+0x1e0/0x1e0
[  566.485104][    C1]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  566.485108][    C1]  ? kasan_check_write+0x14/0x20
[  566.485112][    C1]  ? __mutex_unlock_slowpath+0xf8/0x6b0
[  566.485116][    C1]  ? wait_for_completion+0x440/0x440
[  566.485119][    C1]  ? perf_mmap+0x815/0x17f0
[  566.485123][    C1]  mutex_lock_nested+0x16/0x20
[  566.485127][    C1]  ? mutex_lock_nested+0x16/0x20
[  566.485130][    C1]  perf_mmap+0x749/0x17f0
[  566.485134][    C1]  ? perf_release+0x50/0x50
[  566.485137][    C1]  ? memset+0x32/0x40
[  566.485141][    C1]  mmap_region+0xc3a/0x1770
[  566.485144][    C1]  ? __x64_sys_brk+0x760/0x760
[  566.485149][    C1]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  566.485153][    C1]  ? get_unmapped_area+0x295/0x3b0
[  566.485156][    C1]  do_mmap+0x8e2/0x1080
[  566.485159][    C1]  vm_mmap_pgoff+0x1c5/0x230
[  566.485163][    C1]  ? vma_is_stack_for_current+0xd0/0xd0
[  566.485167][    C1]  ? ksys_dup3+0x3e0/0x3e0
[  566.485171][    C1]  ksys_mmap_pgoff+0x4aa/0x630
[  566.485175][    C1]  ? find_mergeable_anon_vma+0x2e0/0x2e0
[  566.485179][    C1]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  566.485182][    C1]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  566.485186][    C1]  ? do_syscall_64+0x26/0x610
[  566.485190][    C1]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  566.485194][    C1]  __x64_sys_mmap+0xe9/0x1b0
[  566.485197][    C1]  do_syscall_64+0x103/0x610
[  566.485201][    C1]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  566.485204][    C1] RIP: 0033:0x4468f9
[  566.485215][    C1] Code: e8 5c b3 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  566.485219][    C1] RSP: 002b:00007f3706ce9da8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  566.485228][    C1] RAX: ffffffffffffffda RBX: 00000000006dbc38 RCX: 00000000004468f9
[  566.485234][    C1] RDX: 0000000000000000 RSI: 0000000000003000 RDI: 0000000020ffd000
[  566.485239][    C1] RBP: 00000000006dbc30 R08: 0000000000000003 R09: 0000000000000000
[  566.485245][    C1] R10: 0000000000001011 R11: 0000000000000246 R12: 00000000006dbc3c
[  566.485250][    C1] R13: 00007fff2dcfd4ff R14: 00007f3706cea9c0 R15: 20c49ba5e353f7cf
[  566.487191][ T1041] Kernel panic - not syncing: hung_task: blocked tasks
[  566.891051][ T1041] CPU: 0 PID: 1041 Comm: khungtaskd Not tainted 5.1.0-rc5+ #78
[  566.898775][ T1041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  566.908843][ T1041] Call Trace:
[  566.912172][ T1041]  dump_stack+0x172/0x1f0
[  566.916574][ T1041]  panic+0x2cb/0x65c
[  566.920487][ T1041]  ? __warn_printk+0xf3/0xf3
[  566.925187][ T1041]  ? lapic_can_unplug_cpu.cold+0x38/0x38
[  566.930864][ T1041]  ? ___preempt_schedule+0x16/0x18
[  566.935997][ T1041]  ? nmi_trigger_cpumask_backtrace+0x19e/0x236
[  566.942158][ T1041]  ? nmi_trigger_cpumask_backtrace+0x1fa/0x236
[  566.948470][ T1041]  ? nmi_trigger_cpumask_backtrace+0x204/0x236
[  566.954627][ T1041]  ? nmi_trigger_cpumask_backtrace+0x19e/0x236
[  566.960790][ T1041]  watchdog+0x9c8/0xec0
[  566.964960][ T1041]  kthread+0x357/0x430
[  566.969041][ T1041]  ? reset_hung_task_detector+0x30/0x30
[  566.974693][ T1041]  ? kthread_cancel_delayed_work_sync+0x20/0x20
[  566.980957][ T1041]  ret_from_fork+0x3a/0x50
[  566.986671][ T1041] Kernel Offset: disabled
[  566.991363][ T1041] Rebooting in 86400 seconds..