[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   56.296611][   T26] audit: type=1800 audit(1573135204.351:25): pid=8709 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   56.316480][   T26] audit: type=1800 audit(1573135204.351:26): pid=8709 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   56.337530][   T26] audit: type=1800 audit(1573135204.351:27): pid=8709 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.89' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   96.509321][ T8863] __ntfs_error: 3 callbacks suppressed
[   96.509330][ T8863] ntfs: (device nullb0): read_ntfs_boot_sector(): Primary boot sector is invalid.
[   96.524120][ T8863] ntfs: (device nullb0): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover.
[   96.537003][ T8863] ntfs: (device nullb0): ntfs_fill_super(): Not an NTFS volume.
[   96.540365][  T126] Bluetooth: hci0: Frame reassembly failed (-84)
[   98.568185][ T3100] Bluetooth: hci0: command 0x1003 tx timeout
[   98.574756][ T8865] Bluetooth: hci0: sending frame failed (-49)
[  100.647679][   T12] Bluetooth: hci0: command 0x1001 tx timeout
[  100.654084][ T8865] Bluetooth: hci0: sending frame failed (-49)
[  102.727741][   T12] Bluetooth: hci0: command 0x1009 tx timeout
executing program
[  106.981186][  T126] Bluetooth: hci0: Frame reassembly failed (-84)
[  106.984005][ T8866] ntfs: (device nullb0): read_ntfs_boot_sector(): Primary boot sector is invalid.
[  106.997623][ T8866] ntfs: (device nullb0): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover.
[  107.010827][ T8866] ntfs: (device nullb0): ntfs_fill_super(): Not an NTFS volume.
[  109.047672][ T3100] Bluetooth: hci0: command 0x1003 tx timeout
[  109.053789][ T8865] Bluetooth: hci0: sending frame failed (-49)
[  111.127663][    T5] Bluetooth: hci0: command 0x1001 tx timeout
[  111.133833][ T8865] Bluetooth: hci0: sending frame failed (-49)
[  113.207747][    T5] Bluetooth: hci0: command 0x1009 tx timeout
executing program
[  117.217232][ T8869] ntfs: (device nullb0): read_ntfs_boot_sector(): Primary boot sector is invalid.
[  117.224432][  T126] Bluetooth: hci0: Frame reassembly failed (-84)
[  117.227166][ T8869] ntfs: (device nullb0): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover.
[  117.245888][ T8869] ntfs: (device nullb0): ntfs_fill_super(): Not an NTFS volume.
[  119.287748][   T44] Bluetooth: hci0: command 0x1003 tx timeout
[  119.293881][ T8865] Bluetooth: hci0: sending frame failed (-49)
[  121.367692][    T5] Bluetooth: hci0: command 0x1001 tx timeout
[  121.374026][ T8865] Bluetooth: hci0: sending frame failed (-49)
[  123.447816][   T44] Bluetooth: hci0: command 0x1009 tx timeout
executing program
[  127.457459][ T8871] ntfs: (device nullb0): read_ntfs_boot_sector(): Primary boot sector is invalid.
[  127.458502][  T126] Bluetooth: hci0: Frame reassembly failed (-84)
[  127.473191][ T8871] ntfs: (device nullb0): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover.
[  127.473204][ T8871] ntfs: (device nullb0): ntfs_fill_super(): Not an NTFS volume.
[  129.527697][    T5] Bluetooth: hci0: command 0x1003 tx timeout
[  129.533833][ T8865] Bluetooth: hci0: sending frame failed (-49)
[  131.607711][    T5] Bluetooth: hci0: command 0x1001 tx timeout
[  131.613835][ T8865] Bluetooth: hci0: sending frame failed (-49)
[  133.687761][   T44] Bluetooth: hci0: command 0x1009 tx timeout
executing program
[  137.696865][ T8872] ntfs: (device nullb0): read_ntfs_boot_sector(): Primary boot sector is invalid.
[  137.697497][  T126] Bluetooth: hci0: Frame reassembly failed (-84)
[  137.707071][ T8872] ntfs: (device nullb0): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover.
[  137.725633][ T8872] ntfs: (device nullb0): ntfs_fill_super(): Not an NTFS volume.
[  139.767729][ T3100] Bluetooth: hci0: command 0x1003 tx timeout
[  139.773989][ T8865] Bluetooth: hci0: sending frame failed (-49)
[  141.847703][    T5] Bluetooth: hci0: command 0x1001 tx timeout
[  141.853840][ T8865] Bluetooth: hci0: sending frame failed (-49)
[  143.927734][    T5] Bluetooth: hci0: command 0x1009 tx timeout
executing program
[  147.940550][ T8873] ntfs: (device nullb0): read_ntfs_boot_sector(): Primary boot sector is invalid.
[  147.941188][  T126] Bluetooth: hci0: Frame reassembly failed (-84)
[  147.950084][ T8873] ntfs: (device nullb0): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover.
[  147.969236][ T8873] ntfs: (device nullb0): ntfs_fill_super(): Not an NTFS volume.
[  150.007699][    T5] Bluetooth: hci0: command 0x1003 tx timeout
[  150.013851][ T8865] Bluetooth: hci0: sending frame failed (-49)
[  152.087683][    T5] Bluetooth: hci0: command 0x1001 tx timeout
[  152.093914][ T8865] Bluetooth: hci0: sending frame failed (-49)
[  154.167753][    T5] Bluetooth: hci0: command 0x1009 tx timeout
executing program
[  158.183606][  T126] Bluetooth: hci0: Frame reassembly failed (-84)
[  158.184185][ T8874] ntfs: (device nullb0): read_ntfs_boot_sector(): Primary boot sector is invalid.
[  158.200559][ T8874] ntfs: (device nullb0): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover.
[  158.214243][ T8874] ntfs: (device nullb0): ntfs_fill_super(): Not an NTFS volume.
[  158.221971][    C1] 
[  158.221975][    C1] =====================================
[  158.221977][    C1] WARNING: bad unlock balance detected!
[  158.221983][    C1] 5.4.0-rc6-next-20191107 #0 Not tainted
[  158.221985][    C1] -------------------------------------
[  158.221989][    C1] syz-executor721/8874 is trying to release lock (rcu_callback) at:
[  158.222006][    C1] [<ffffffff81610b43>] rcu_core+0x563/0x1540
[  158.222008][    C1] but there are no more locks to release!
[  158.222010][    C1] 
[  158.222010][    C1] other info that might help us debug this:
[  158.222014][    C1] 1 lock held by syz-executor721/8874:
[  158.222016][    C1]  #0: ffff8880a8cd20d8 (&type->s_umount_key#40/1){+.+.}, at: alloc_super+0x158/0x910
[  158.222035][    C1] 
[  158.222035][    C1] stack backtrace:
[  158.222043][    C1] CPU: 1 PID: 8874 Comm: syz-executor721 Not tainted 5.4.0-rc6-next-20191107 #0
[  158.222048][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  158.222050][    C1] Call Trace:
[  158.222053][    C1]  <IRQ>
[  158.222063][    C1]  dump_stack+0x197/0x210
[  158.222069][    C1]  ? rcu_core+0x563/0x1540
[  158.222079][    C1]  print_unlock_imbalance_bug.cold+0x114/0x123
[  158.222085][    C1]  ? rcu_core+0x563/0x1540
[  158.222092][    C1]  lock_release+0x5f2/0x960
[  158.222099][    C1]  ? lock_downgrade+0x920/0x920
[  158.222107][    C1]  ? trace_hardirqs_on+0x67/0x240
[  158.222116][    C1]  ? debug_lockdep_rcu_enabled+0x71/0xa0
[  158.222124][    C1]  ? kmem_cache_free+0x1a7/0x320
[  158.222132][    C1]  ? lockdep_unregister_key+0x4c0/0x4c0
[  158.222137][    C1]  rcu_core+0x583/0x1540
[  158.222145][    C1]  ? __rcu_read_unlock+0x6b0/0x6b0
[  158.222154][    C1]  ? kvm_sched_clock_read+0x9/0x20
[  158.222161][    C1]  rcu_core_si+0x9/0x10
[  158.222169][    C1]  __do_softirq+0x262/0x98c
[  158.222178][    C1]  ? sched_clock_cpu+0x1b/0x1b0
[  158.222188][    C1]  irq_exit+0x19b/0x1e0
[  158.222194][    C1]  smp_apic_timer_interrupt+0x1a3/0x610
[  158.222201][    C1]  apic_timer_interrupt+0xf/0x20
[  158.222204][    C1]  </IRQ>
[  158.222212][    C1] RIP: 0010:console_unlock+0xbb8/0xf00
[  158.222222][    C1] Code: f3 88 48 c1 e8 03 42 80 3c 30 00 0f 85 e4 02 00 00 48 83 3d 29 78 96 07 00 0f 84 91 01 00 00 e8 9e c0 16 00 48 8b 7d 98 57 9d <0f> 1f 44 00 00 e9 6d ff ff ff e8 89 c0 16 00 48 8b 7d 08 c7 05 7b
[  158.222225][    C1] RSP: 0018:ffff8880944878f0 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[  158.222232][    C1] RAX: ffff8880a3d5e080 RBX: 0000000000000200 RCX: 1ffffffff13907aa
[  158.222236][    C1] RDX: 0000000000000000 RSI: ffffffff815ca842 RDI: 0000000000000293
[  158.222240][    C1] RBP: ffff888094487978 R08: ffff8880a3d5e080 R09: fffffbfff11f417d
[  158.222244][    C1] R10: fffffbfff11f417c R11: 0000000000000001 R12: 0000000000000000
[  158.222248][    C1] R13: ffffffff84437e40 R14: dffffc0000000000 R15: ffffffff895eabd0
[  158.222258][    C1]  ? netconsole_netdev_event+0x2a0/0x2a0
[  158.222265][    C1]  ? console_unlock+0xbb2/0xf00
[  158.222273][    C1]  vprintk_emit+0x2a0/0x700
[  158.222281][    C1]  vprintk_default+0x28/0x30
[  158.222287][    C1]  vprintk_func+0x7e/0x189
[  158.222293][    C1]  ? do_raw_spin_lock+0x2e0/0x2e0
[  158.222299][    C1]  printk+0xba/0xed
[  158.222306][    C1]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[  158.222315][    C1]  ? _raw_spin_unlock_irqrestore+0x9f/0xe0
[  158.222323][    C1]  ? ___ratelimit+0x60/0x595
[  158.222332][    C1]  __ntfs_error.cold+0x91/0xc7
[  158.222338][    C1]  ? __ntfs_warning+0x160/0x160
[  158.222346][    C1]  ? guard_bio_eod+0x28f/0x6c0
[  158.222355][    C1]  ? __might_sleep+0x95/0x190
[  158.222363][    C1]  ntfs_fill_super+0x1aee/0x3160
[  158.222371][    C1]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  158.222380][    C1]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  158.222388][    C1]  mount_bdev+0x304/0x3c0
[  158.222394][    C1]  ? load_system_files+0x74e0/0x74e0
[  158.222401][    C1]  ntfs_mount+0x35/0x40
[  158.222408][    C1]  ? ntfs_rl_punch_nolock+0x1d90/0x1d90
[  158.222415][    C1]  legacy_get_tree+0x108/0x220
[  158.222423][    C1]  vfs_get_tree+0x8e/0x300
[  158.222431][    C1]  do_mount+0x135a/0x1b50
[  158.222439][    C1]  ? copy_mount_string+0x40/0x40
[  158.222445][    C1]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  158.222453][    C1]  ? _copy_from_user+0x12c/0x1a0
[  158.222460][    C1]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  158.222467][    C1]  ? copy_mount_options+0x2e8/0x3f0
[  158.222475][    C1]  ksys_mount+0xdb/0x150
[  158.222482][    C1]  __x64_sys_mount+0xbe/0x150
[  158.222492][    C1]  do_syscall_64+0xfa/0x760
[  158.222499][    C1]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  158.222504][    C1] RIP: 0033:0x4416b9
[  158.222514][    C1] Code: e8 6c aa 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  158.222519][    C1] RSP: 002b:00007ffeff2db508 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  158.222528][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004416b9
[  158.222535][    C1] RDX: 0000000020000140 RSI: 0000000020000280 RDI: 00000000200004c0
[  158.222541][    C1] RBP: 00000000000241c6 R08: 0000000000000000 R09: 0000000000402570
[  158.222547][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004024e0
[  158.222553][    C1] R13: 0000000000402570 R14: 0000000000000000 R15: 0000000000000000
[  160.247678][ T8870] Bluetooth: hci0: command 0x1003 tx timeout
[  160.253755][ T8865] Bluetooth: hci0: sending frame failed (-49)
[  162.327665][    T5] Bluetooth: hci0: command 0x1001 tx timeout
[  162.333755][ T8865] Bluetooth: hci0: sending frame failed (-49)
[  164.407702][ T8870] Bluetooth: hci0: command 0x1009 tx timeout