[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 28.566831] kauditd_printk_skb: 7 callbacks suppressed [ 28.566843] audit: type=1800 audit(1542432906.568:29): pid=5867 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 28.593076] audit: type=1800 audit(1542432906.578:30): pid=5867 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.114' (ECDSA) to the list of known hosts. 2018/11/17 05:35:17 parsed 1 programs 2018/11/17 05:35:18 executed programs: 0 syzkaller login: [ 40.681472] IPVS: ftp: loaded support on port[0] = 21 [ 40.936414] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.943500] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.951403] device bridge_slave_0 entered promiscuous mode [ 40.969978] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.976357] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.983412] device bridge_slave_1 entered promiscuous mode [ 41.000709] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 41.018431] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 41.066868] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 41.087594] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 41.163037] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 41.170521] team0: Port device team_slave_0 added [ 41.186481] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 41.193792] team0: Port device team_slave_1 added [ 41.211130] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 41.232923] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 41.252821] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 41.273333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 41.415018] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.421507] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.428473] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.434820] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.936354] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.986926] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 42.037211] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 42.043438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.051245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.099066] 8021q: adding VLAN 0 to HW filter on device team0 [ 42.414940] ------------[ cut here ]------------ [ 42.419727] DEBUG_LOCKS_WARN_ON(depth <= 0) [ 42.419835] WARNING: CPU: 0 PID: 6293 at kernel/locking/lockdep.c:3595 lock_release+0x740/0xa10 [ 42.433087] Kernel panic - not syncing: panic_on_warn set ... [ 42.438953] CPU: 0 PID: 6293 Comm: syz-executor0 Not tainted 4.20.0-rc1-next-20181109+ #110 [ 42.447417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.456762] Call Trace: [ 42.459333] dump_stack+0x244/0x39d [ 42.462942] ? dump_stack_print_info.cold.1+0x20/0x20 [ 42.468116] panic+0x2ad/0x55c [ 42.471290] ? add_taint.cold.5+0x16/0x16 [ 42.475419] ? __warn.cold.8+0x5/0x45 [ 42.479200] ? __warn+0xe8/0x1d0 [ 42.482549] ? lock_release+0x740/0xa10 [ 42.486519] __warn.cold.8+0x20/0x45 [ 42.490215] ? lock_release+0x740/0xa10 [ 42.494182] report_bug+0x254/0x2d0 [ 42.497803] do_error_trap+0x11b/0x200 [ 42.501672] do_invalid_op+0x36/0x40 [ 42.505395] ? lock_release+0x740/0xa10 [ 42.509372] invalid_op+0x14/0x20 [ 42.512806] RIP: 0010:lock_release+0x740/0xa10 [ 42.517367] Code: 03 38 d0 7c 08 84 d2 0f 85 da 02 00 00 8b 35 a7 95 b3 08 85 f6 75 15 48 c7 c6 20 66 2b 88 48 c7 c7 c0 33 2b 88 e8 10 36 e7 ff <0f> 0b 48 8b 95 e8 fe ff ff 4c 89 f7 48 8b b5 f0 fe ff ff e8 e8 58 [ 42.536252] RSP: 0018:ffff8801bb09f868 EFLAGS: 00010086 [ 42.541613] RAX: 0000000000000000 RBX: 1ffff10037613f12 RCX: 0000000000000000 [ 42.548865] RDX: 0000000000000000 RSI: ffffffff8165ba15 RDI: 0000000000000006 [ 42.556132] RBP: ffff8801bb09f998 R08: ffff8801bb21a1c0 R09: fffffbfff12b2254 [ 42.563380] R10: fffffbfff12b2254 R11: ffffffff895912a3 R12: ffffffff8b0e27a0 [ 42.570630] R13: ffff8801bb09f970 R14: ffff8801bb21a1c0 R15: ffff8801bb09f8b0 [ 42.577905] ? vprintk_func+0x85/0x181 [ 42.581780] ? lock_release+0x740/0xa10 [ 42.585736] ? loop_control_ioctl+0xf5/0x4e0 [ 42.590129] ? lock_downgrade+0x900/0x900 [ 42.594256] ? kasan_check_read+0x11/0x20 [ 42.598384] ? do_raw_spin_unlock+0xa7/0x330 [ 42.602786] ? do_raw_spin_trylock+0x270/0x270 [ 42.607352] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.612871] ? find_free_cb+0x58/0xa0 [ 42.616656] __mutex_unlock_slowpath+0x102/0x8c0 [ 42.621397] ? wait_for_completion+0x8a0/0x8a0 [ 42.625977] ? graph_lock+0x270/0x270 [ 42.629758] ? graph_lock+0x270/0x270 [ 42.633538] ? graph_lock+0x270/0x270 [ 42.637318] ? graph_lock+0x270/0x270 [ 42.641103] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.646623] ? loop_lookup+0x105/0x230 [ 42.650493] ? loop_exit_cb+0x20/0x20 [ 42.654275] mutex_unlock+0xd/0x10 [ 42.657795] loop_control_ioctl+0xf5/0x4e0 [ 42.662011] ? loop_add+0xa20/0xa20 [ 42.665619] ? __might_fault+0x12b/0x1e0 [ 42.669663] ? lock_downgrade+0x900/0x900 [ 42.673793] ? lock_release+0xa10/0xa10 [ 42.677743] ? perf_trace_sched_process_exec+0x860/0x860 [ 42.683189] ? loop_add+0xa20/0xa20 [ 42.686800] do_vfs_ioctl+0x1de/0x1790 [ 42.690669] ? ioctl_preallocate+0x300/0x300 [ 42.695062] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.700582] ? __fget_light+0x2e9/0x430 [ 42.704541] ? fget_raw+0x20/0x20 [ 42.707979] ? _copy_to_user+0xc8/0x110 [ 42.711948] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 42.717468] ? put_timespec64+0x10f/0x1b0 [ 42.721603] ? nsecs_to_jiffies+0x30/0x30 [ 42.725732] ? do_syscall_64+0x9a/0x820 [ 42.729685] ? do_syscall_64+0x9a/0x820 [ 42.733643] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 42.738205] ? security_file_ioctl+0x94/0xc0 [ 42.742599] ksys_ioctl+0xa9/0xd0 [ 42.746031] __x64_sys_ioctl+0x73/0xb0 [ 42.749900] do_syscall_64+0x1b9/0x820 [ 42.753768] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 42.759113] ? syscall_return_slowpath+0x5e0/0x5e0 [ 42.764020] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.768849] ? trace_hardirqs_on_caller+0x310/0x310 [ 42.773843] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 42.778863] ? prepare_exit_to_usermode+0x291/0x3b0 [ 42.783887] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.788732] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.793916] RIP: 0033:0x457569 [ 42.797087] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 42.815967] RSP: 002b:00007ffe834fec88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 42.823654] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 42.830904] RDX: 9999999999999999 RSI: 0000000000004c81 RDI: 0000000000000004 [ 42.838169] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 42.845431] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000014d8914 [ 42.852695] R13: 00000000004c233f R14: 00000000004d3648 R15: 00000000ffffffff [ 42.860914] Kernel Offset: disabled [ 42.864553] Rebooting in 86400 seconds..