
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[   26.009131] audit: type=1800 audit(1543375373.884:21): pid=5840 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   31.903949] sshd (5980) used greatest stack depth: 15632 bytes left
Warning: Permanently added '10.128.10.44' (ECDSA) to the list of known hosts.
[  243.963276] IPVS: ftp: loaded support on port[0] = 21
[  244.131160] bridge0: port 1(bridge_slave_0) entered blocking state
[  244.138156] bridge0: port 1(bridge_slave_0) entered disabled state
[  244.145754] device bridge_slave_0 entered promiscuous mode
[  244.163627] bridge0: port 2(bridge_slave_1) entered blocking state
[  244.169998] bridge0: port 2(bridge_slave_1) entered disabled state
[  244.177114] device bridge_slave_1 entered promiscuous mode
[  244.196292] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  244.215007] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  244.263908] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  244.283027] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  244.357679] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  244.365004] team0: Port device team_slave_0 added
[  244.381019] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  244.388145] team0: Port device team_slave_1 added
[  244.405054] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  244.424892] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  244.444042] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  244.464467] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[  244.609920] bridge0: port 2(bridge_slave_1) entered blocking state
[  244.616374] bridge0: port 2(bridge_slave_1) entered forwarding state
[  244.623395] bridge0: port 1(bridge_slave_0) entered blocking state
[  244.629775] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[  245.132894] 8021q: adding VLAN 0 to HW filter on device bond0
[  245.185251] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  245.235035] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  245.241140] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  245.249548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  245.295725] 8021q: adding VLAN 0 to HW filter on device team0
executing program
[  392.363476] INFO: task syz-executor985:5998 blocked for more than 140 seconds.
[  392.371092]       Not tainted 4.20.0-rc1-next-20181109+ #110
[  392.377728] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  392.385899] syz-executor985 D21208  5998   5997 0x80000002
[  392.391521] Call Trace:
[  392.397572]  __schedule+0x8cf/0x21d0
[  392.401336]  ? find_held_lock+0x36/0x1c0
[  392.405635]  ? __sched_text_start+0x8/0x8
[  392.409916]  ? lock_downgrade+0x900/0x900
[  392.414347]  ? check_preemption_disabled+0x48/0x280
[  392.419599]  ? graph_lock+0x270/0x270
[  392.423741]  ? kasan_check_read+0x11/0x20
[  392.427902]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  392.433410]  ? find_held_lock+0x36/0x1c0
[  392.437518]  ? __mutex_lock+0xafa/0x16f0
[  392.441571]  schedule+0xef/0x370
[  392.445168]  ? __schedule+0x21d0/0x21d0
[  392.449137]  ? kasan_check_read+0x11/0x20
[  392.453539]  ? do_raw_spin_unlock+0xa7/0x330
[  392.457940]  ? do_raw_spin_trylock+0x270/0x270
[  392.462629]  ? ww_mutex_lock.part.8+0xf0/0xf0
[  392.467374]  ? mutex_destroy+0x200/0x200
[  392.471556]  schedule_preempt_disabled+0x13/0x20
[  392.476565]  __mutex_lock+0xaff/0x16f0
[  392.480497]  ? vhost_net_stop_vq+0x2d/0x120
[  392.485045]  ? mutex_trylock+0x2b0/0x2b0
[  392.489104]  ? find_held_lock+0x36/0x1c0
[  392.493456]  ? lock_downgrade+0x900/0x900
[  392.497598]  ? debug_object_active_state+0x2f5/0x4d0
[  392.502688]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[  392.508675]  ? trace_hardirqs_on+0xbd/0x310
[  392.513021]  ? kasan_check_write+0x14/0x20
[  392.517524]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  392.522454]  ? wait_for_completion+0x8a0/0x8a0
[  392.527616]  ? __call_rcu.constprop.57+0x3ea/0x950
[  392.532582]  ? fsnotify+0x50e/0xef0
[  392.536464]  ? vhost_net_buf_unproduce+0x131/0x6b0
[  392.541531]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  392.547456]  ? locks_remove_file+0x3c6/0x5c0
[  392.551863]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  392.557682]  ? ima_file_free+0x132/0x650
[  392.561738]  ? handle_tx_kick+0x50/0x50
[  392.565943]  mutex_lock_nested+0x16/0x20
[  392.569998]  ? mutex_lock_nested+0x16/0x20
[  392.574602]  vhost_net_stop_vq+0x2d/0x120
[  392.578750]  vhost_net_release+0x5b/0x1d0
[  392.582930]  __fput+0x3bc/0xa70
[  392.586418]  ? handle_rx_kick+0x50/0x50
[  392.590397]  ? get_max_files+0x20/0x20
[  392.594627]  ? perf_trace_sched_process_exec+0x860/0x860
[  392.600076]  ____fput+0x15/0x20
[  392.603606]  task_work_run+0x1e8/0x2a0
[  392.607492]  ? task_work_cancel+0x240/0x240
[  392.611799]  ? switch_task_namespaces+0xb8/0xd0
[  392.616702]  do_exit+0xef8/0x2620
[  392.620179]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  392.626063]  ? mm_update_next_owner+0x990/0x990
[  392.630744]  ? find_held_lock+0x36/0x1c0
[  392.635517]  ? try_to_wake_up+0x11c/0x1490
[  392.639754]  ? lock_downgrade+0x900/0x900
[  392.644131]  ? lock_downgrade+0x900/0x900
[  392.648284]  ? trace_hardirqs_off+0xb8/0x310
[  392.652682]  ? kasan_check_read+0x11/0x20
[  392.657103]  ? do_raw_spin_unlock+0xa7/0x330
[  392.661528]  ? trace_hardirqs_on+0x310/0x310
[  392.666153]  ? do_raw_spin_trylock+0x270/0x270
[  392.670735]  ? lock_pin_lock+0x350/0x350
[  392.675019]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[  392.680149]  ? try_to_wake_up+0x11c/0x1490
[  392.684616]  ? migrate_swap_stop+0x8a0/0x8a0
[  392.689025]  ? graph_lock+0x270/0x270
[  392.692816]  ? lock_downgrade+0x900/0x900
[  392.697232]  ? ktime_get+0x332/0x400
[  392.700977]  ? pvclock_read_flags+0x160/0x160
[  392.705666]  ? find_held_lock+0x36/0x1c0
[  392.709724]  ? do_group_exit+0x35f/0x440
[  392.713981]  ? _raw_spin_unlock_irq+0x27/0x80
[  392.718476]  ? _raw_spin_unlock_irq+0x27/0x80
[  392.722958]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[  392.727776]  ? trace_hardirqs_on+0xbd/0x310
[  392.732163]  ? kasan_check_read+0x11/0x20
[  392.736603]  ? do_group_exit+0x35f/0x440
[  392.740657]  ? trace_hardirqs_off_caller+0x300/0x300
[  392.745976]  ? force_sig+0x30/0x30
[  392.749521]  do_group_exit+0x177/0x440
[  392.753662]  ? __ia32_sys_exit+0x50/0x50
[  392.757725]  ? trace_hardirqs_off_caller+0x300/0x300
[  392.762983]  __x64_sys_exit_group+0x3e/0x50
[  392.768086]  do_syscall_64+0x1b9/0x820
[  392.771987]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  392.777601]  ? syscall_return_slowpath+0x5e0/0x5e0
[  392.782525]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  392.787577]  ? trace_hardirqs_on_caller+0x310/0x310
[  392.792740]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  392.798011]  ? prepare_exit_to_usermode+0x291/0x3b0
[  392.803040]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  392.808070]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  392.813482] RIP: 0033:0x445338
[  392.816670] Code: 72 6e 20 69 73 20 25 64 0a 00 72 65 67 65 78 3a 20 65 6e 64 20 73 65 61 72 63 68 2c 20 66 6f 75 6e 64 20 25 64 0a 00 23 25 33 <2e> 33 64 00 5f 00 5f 2e 00 31 30 30 00 31 30 31 00 31 30 32 00 31
[  392.835848] RSP: 002b:00007ffe3f3b2868 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  392.843780] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000445338
[  392.851044] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001
[  392.858520] RBP: 00000000004cd650 R08: 00000000000000e7 R09: ffffffffffffffd0
[  392.866025] R10: 00007ffe3f3b28b0 R11: 0000000000000246 R12: 0000000000000001
[  392.873510] R13: 00000000006e1320 R14: 000000000000000a R15: 0000000000000000
[  392.880802] 
[  392.880802] Showing all locks held in the system:
[  392.887414] 1 lock held by khungtaskd/1010:
[  392.891922]  #0: 00000000276501f3 (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x424
[  392.901348] 1 lock held by rsyslogd/5878:
[  392.905677]  #0: 00000000caee5164 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200
[  392.913898] 2 locks held by getty/5968:
[  392.917863]  #0: 00000000592e0f24 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  392.926344]  #1: 0000000059705fb3 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80
[  392.935462] 2 locks held by getty/5969:
[  392.939433]  #0: 00000000b485064d (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  392.947898]  #1: 000000007193780e (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80
[  392.956982] 2 locks held by getty/5970:
[  392.960943]  #0: 00000000cbf9b8c2 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  392.969406]  #1: 00000000e3a827e7 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80
[  392.978470] 2 locks held by getty/5971:
[  392.982437]  #0: 0000000014153500 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  392.991059]  #1: 000000003808bfef (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80
[  393.000106] 2 locks held by getty/5972:
[  393.004313]  #0: 0000000022fd5d1d (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  393.012545]  #1: 0000000073d415c3 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80
[  393.021659] 2 locks held by getty/5973:
[  393.026538]  #0: 0000000081a0291e (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  393.035096]  #1: 00000000b3ec71a5 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80
[  393.044127] 2 locks held by getty/5974:
[  393.048091]  #0: 000000006ef1d6ce (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  393.056549]  #1: 00000000c3b8086b (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80
[  393.065595] 1 lock held by syz-executor985/5998:
[  393.070340]  #0: 00000000b68ca5b5 (&vq->mutex){+.+.}, at: vhost_net_stop_vq+0x2d/0x120
[  393.078610] 1 lock held by vhost-6239/6240:
[  393.082919] 
[  393.084826] =============================================
[  393.084826] 
[  393.091831] NMI backtrace for cpu 1
[  393.095494] CPU: 1 PID: 1010 Comm: khungtaskd Not tainted 4.20.0-rc1-next-20181109+ #110
[  393.103711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  393.113051] Call Trace:
[  393.115681]  dump_stack+0x244/0x39d
[  393.119305]  ? dump_stack_print_info.cold.1+0x20/0x20
[  393.124552]  ? check_preemption_disabled+0x48/0x280
[  393.129562]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  393.135090]  nmi_cpu_backtrace.cold.2+0x5c/0xa1
[  393.139789]  ? lapic_can_unplug_cpu.cold.27+0x3f/0x3f
[  393.144978]  nmi_trigger_cpumask_backtrace+0x1e8/0x22a
[  393.150254]  arch_trigger_cpumask_backtrace+0x14/0x20
[  393.155441]  watchdog+0xb4c/0x1060
[  393.158980]  ? hungtask_pm_notify+0xb0/0xb0
[  393.163497]  ? __kthread_parkme+0xce/0x1a0
[  393.167725]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[  393.172888]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[  393.177989]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[  393.182565]  ? trace_hardirqs_on+0xbd/0x310
[  393.186881]  ? kasan_check_read+0x11/0x20
[  393.191116]  ? __kthread_parkme+0xce/0x1a0
[  393.195336]  ? trace_hardirqs_off_caller+0x300/0x300
[  393.200430]  ? __schedule+0x21d0/0x21d0
[  393.204417]  ? lockdep_init_map+0x9/0x10
[  393.208471]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[  393.213562]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  393.219149]  ? __kthread_parkme+0xfb/0x1a0
[  393.223378]  ? hungtask_pm_notify+0xb0/0xb0
[  393.227753]  kthread+0x35a/0x440
[  393.231126]  ? kthread_stop+0x8f0/0x8f0
[  393.235135]  ret_from_fork+0x3a/0x50
[  393.238954] Sending NMI from CPU 1 to CPUs 0:
[  393.243911] NMI backtrace for cpu 0
[  393.243917] CPU: 0 PID: 6240 Comm: vhost-6239 Not tainted 4.20.0-rc1-next-20181109+ #110
[  393.243921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  393.243924] RIP: 0010:iotlb_access_ok+0x4a9/0x600
[  393.243932] Code: 0f 82 a1 00 00 00 e8 26 77 9a fb 48 8b 45 b8 4c 8b 60 08 49 8d 7c 24 28 48 89 f8 48 c1 e8 03 42 80 3c 38 00 0f 85 ef 00 00 00 <4d> 8b 74 24 28 4d 89 ec 48 8b 7d c8 4c 89 f6 e8 a3 77 9a fb 4c 39
[  393.243935] RSP: 0018:ffff8801bcb37950 EFLAGS: 00000246
[  393.243941] RAX: 1ffff10037c90d95 RBX: ffff8801be486c80 RCX: ffffffff85e5317c
[  393.243944] RDX: 0000000000000000 RSI: ffffffff85e5318a RDI: ffff8801be486ca8
[  393.243948] RBP: ffff8801bcb379c0 R08: ffff8801bc7fc3c0 R09: ffffed00382a406d
[  393.243951] R10: ffff8801bcb379f8 R11: ffff8801c152036f R12: ffff8801be486c80
[  393.243955] R13: 0000000000000000 R14: 0000000000000010 R15: dffffc0000000000
[  393.243959] FS:  0000000000000000(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
[  393.243962] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  393.243965] CR2: ffffffffff600400 CR3: 00000001c1ab7000 CR4: 00000000001406f0
[  393.243969] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  393.243972] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  393.243974] Call Trace:
[  393.243976]  vq_iotlb_prefetch+0x10e/0x230
[  393.243978]  handle_rx+0x292/0x1df0
[  393.243981]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  393.243984]  ? kasan_check_write+0x14/0x20
[  393.243986]  ? finish_task_switch+0x2f4/0x920
[  393.243989]  ? __switch_to_asm+0x40/0x70
[  393.243992]  ? preempt_notifier_register+0x200/0x200
[  393.243995]  ? __switch_to_asm+0x34/0x70
[  393.243998]  ? __switch_to_asm+0x34/0x70
[  393.244000]  ? __switch_to_asm+0x40/0x70
[  393.244002]  ? __switch_to_asm+0x34/0x70
[  393.244005]  ? __switch_to_asm+0x40/0x70
[  393.244007]  ? __switch_to_asm+0x34/0x70
[  393.244009]  ? __switch_to_asm+0x40/0x70
[  393.244012]  ? __switch_to_asm+0x34/0x70
[  393.244014]  ? __switch_to_asm+0x34/0x70
[  393.244016]  ? __switch_to_asm+0x40/0x70
[  393.244019]  ? vhost_net_open+0x810/0x810
[  393.244021]  ? __schedule+0x8d7/0x21d0
[  393.244023]  ? __sched_text_start+0x8/0x8
[  393.244026]  ? mark_held_locks+0xc7/0x130
[  393.244028]  ? find_held_lock+0x36/0x1c0
[  393.244030]  ? complete+0x62/0x80
[  393.244033]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[  393.244036]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[  393.244038]  ? schedule+0xf9/0x370
[  393.244040]  ? trace_hardirqs_off_caller+0x300/0x300
[  393.244043]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[  393.244045]  ? vhost_worker+0x226/0x4c0
[  393.244048]  handle_rx_net+0x19/0x20
[  393.244050]  vhost_worker+0x2ac/0x4c0
[  393.244052]  ? vhost_flush_work+0x20/0x20
[  393.244055]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[  393.244058]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  393.244061]  ? __kthread_parkme+0xfb/0x1a0
[  393.244063]  ? vhost_flush_work+0x20/0x20
[  393.244065]  kthread+0x35a/0x440
[  393.244067]  ? kthread_stop+0x8f0/0x8f0
[  393.244070]  ret_from_fork+0x3a/0x50
[  393.246755] Kernel panic - not syncing: hung_task: blocked tasks
[  393.539237] CPU: 1 PID: 1010 Comm: khungtaskd Not tainted 4.20.0-rc1-next-20181109+ #110
[  393.547464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  393.556805] Call Trace:
[  393.559395]  dump_stack+0x244/0x39d
[  393.563021]  ? dump_stack_print_info.cold.1+0x20/0x20
[  393.568203]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  393.573222]  panic+0x2ad/0x55c
[  393.576401]  ? add_taint.cold.5+0x16/0x16
[  393.580546]  ? nmi_trigger_cpumask_backtrace+0x1c8/0x22a
[  393.585986]  ? nmi_trigger_cpumask_backtrace+0x1f9/0x22a
[  393.591427]  ? nmi_trigger_cpumask_backtrace+0x1d1/0x22a
[  393.596860]  ? nmi_trigger_cpumask_backtrace+0x1c8/0x22a
[  393.602298]  watchdog+0xb5d/0x1060
[  393.605825]  ? hungtask_pm_notify+0xb0/0xb0
[  393.610131]  ? __kthread_parkme+0xce/0x1a0
[  393.614353]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[  393.619444]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[  393.624531]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[  393.629103]  ? trace_hardirqs_on+0xbd/0x310
[  393.633478]  ? kasan_check_read+0x11/0x20
[  393.637626]  ? __kthread_parkme+0xce/0x1a0
[  393.641849]  ? trace_hardirqs_off_caller+0x300/0x300
[  393.647067]  ? __schedule+0x21d0/0x21d0
[  393.651030]  ? lockdep_init_map+0x9/0x10
[  393.655079]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[  393.660303]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  393.665831]  ? __kthread_parkme+0xfb/0x1a0
[  393.670058]  ? hungtask_pm_notify+0xb0/0xb0
[  393.674367]  kthread+0x35a/0x440
[  393.677727]  ? kthread_stop+0x8f0/0x8f0
[  393.681693]  ret_from_fork+0x3a/0x50
[  393.686619] Kernel Offset: disabled
[  393.690252] Rebooting in 86400 seconds..