[ 41.027216][ T26] audit: type=1800 audit(1571001877.881:29): pid=7695 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.230' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 50.671884][ T7848] IPVS: ftp: loaded support on port[0] = 21 [ 50.707614][ T7849] __ntfs_error: 1 callbacks suppressed executing program [ 50.707620][ T7849] ntfs: (device nullb0): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 50.722490][ T7849] ntfs: (device nullb0): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover. [ 50.735387][ T7849] ntfs: (device nullb0): ntfs_fill_super(): Not an NTFS volume. [ 50.751554][ T7853] ntfs: (device nullb0): read_ntfs_boot_sector(): Primary boot sector is invalid. executing program [ 50.760856][ T7853] ntfs: (device nullb0): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover. [ 50.773707][ T7853] ntfs: (device nullb0): ntfs_fill_super(): Not an NTFS volume. [ 50.789583][ T7856] ntfs: (device nullb0): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 50.799109][ T7856] ntfs: (device nullb0): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover. [ 50.800066][ T618] Bluetooth: hci2: Frame reassembly failed (-84) executing program executing program [ 50.812391][ T7856] ntfs: (device nullb0): ntfs_fill_super(): Not an NTFS volume. [ 50.833823][ T7859] ntfs: (device nullb0): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 52.758940][ T12] Bluetooth: hci0: command 0x1003 tx timeout [ 52.765389][ T7861] Bluetooth: hci0: sending frame failed (-49) [ 52.839005][ T12] Bluetooth: hci2: command 0x1003 tx timeout [ 52.845187][ T12] Bluetooth: hci1: command 0x1003 tx timeout [ 52.845245][ T7861] Bluetooth: hci2: sending frame failed (-49) [ 52.857874][ T7861] Bluetooth: hci1: sending frame failed (-49) [ 52.918714][ T12] Bluetooth: hci3: command 0x1003 tx timeout [ 52.918719][ T2834] Bluetooth: hci4: command 0x1003 tx timeout [ 52.929062][ T7861] Bluetooth: hci3: sending frame failed (-49) [ 52.930901][ T7865] Bluetooth: hci4: sending frame failed (-49) [ 54.838719][ T12] Bluetooth: hci0: command 0x1001 tx timeout [ 54.844801][ T7865] Bluetooth: hci0: sending frame failed (-49) [ 54.918715][ T2834] Bluetooth: hci1: command 0x1001 tx timeout [ 54.924831][ T2834] Bluetooth: hci2: command 0x1001 tx timeout [ 54.924883][ T7865] Bluetooth: hci1: sending frame failed (-49) [ 54.931538][ T7861] Bluetooth: hci2: sending frame failed (-49) [ 54.998686][ T12] Bluetooth: hci3: command 0x1001 tx timeout [ 54.998690][ T2834] Bluetooth: hci4: command 0x1001 tx timeout [ 54.998761][ T7861] Bluetooth: hci4: sending frame failed (-49) [ 55.004813][ T7865] Bluetooth: hci3: sending frame failed (-49) [ 56.918755][ T2834] Bluetooth: hci0: command 0x1009 tx timeout [ 56.998781][ T2834] Bluetooth: hci2: command 0x1009 tx timeout [ 56.998849][ T12] Bluetooth: hci1: command 0x1009 tx timeout [ 57.078747][ T12] Bluetooth: hci3: command 0x1009 tx timeout [ 57.078752][ T2834] Bluetooth: hci4: command 0x1009 tx timeout executing program executing program [ 61.489802][ T38] Bluetooth: hci0: Frame reassembly failed (-84) [ 61.496552][ T7875] __ntfs_error: 5 callbacks suppressed [ 61.496558][ T7875] ntfs: (device nullb0): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 61.511325][ T7875] ntfs: (device nullb0): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover. [ 61.524918][ T7875] ntfs: (device nullb0): ntfs_fill_super(): Not an NTFS volume. [ 61.539731][ T7877] ntfs: (device nullb0): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 61.539785][ T38] Bluetooth: hci1: Frame reassembly failed (-84) [ 61.549029][ C1] [ 61.549032][ C1] ===================================== [ 61.549034][ C1] WARNING: bad unlock balance detected! [ 61.549040][ C1] 5.4.0-rc2+ #0 Not tainted [ 61.549042][ C1] ------------------------------------- [ 61.549046][ C1] syz-executor111/7877 is trying to release lock (rcu_callback) at: [ 61.549062][ C1] [] rcu_lock_release+0x4/0x20 [ 61.549064][ C1] but there are no more locks to release! [ 61.549067][ C1] [ 61.549067][ C1] other info that might help us debug this: [ 61.549071][ C1] 1 lock held by syz-executor111/7877: [ 61.549073][ C1] #0: ffff8880a3c600d8 (&type->s_umount_key#42/1){+.+.}, at: alloc_super+0x15f/0x790 [ 61.621744][ C1] [ 61.621744][ C1] stack backtrace: [ 61.627623][ C1] CPU: 1 PID: 7877 Comm: syz-executor111 Not tainted 5.4.0-rc2+ #0 [ 61.635479][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.645508][ C1] Call Trace: [ 61.648817][ C1] [ 61.651648][ C1] dump_stack+0x1d8/0x2f8 [ 61.655948][ C1] ? rcu_lock_release+0x4/0x20 [ 61.660679][ C1] print_unlock_imbalance_bug+0x20b/0x240 [ 61.666429][ C1] ? _raw_spin_unlock_irqrestore+0xbc/0xe0 [ 61.672208][ C1] ? debug_object_active_state+0x1e3/0x4a0 [ 61.677997][ C1] ? check_preemption_disabled+0x47/0x2a0 [ 61.683686][ C1] ? rcu_lock_release+0x4/0x20 [ 61.688419][ C1] lock_release+0x473/0x780 [ 61.692892][ C1] ? rcu_lock_release+0x4/0x20 [ 61.697624][ C1] ? zap_class+0xd50/0xd50 [ 61.702009][ C1] rcu_lock_release+0x1c/0x20 [ 61.706659][ C1] rcu_core+0x84f/0x1050 [ 61.710887][ C1] rcu_core_si+0x9/0x10 [ 61.715012][ C1] __do_softirq+0x333/0x7c4 [ 61.719487][ C1] ? irq_exit+0x227/0x230 [ 61.723795][ C1] irq_exit+0x227/0x230 [ 61.727944][ C1] smp_apic_timer_interrupt+0x113/0x280 [ 61.733477][ C1] apic_timer_interrupt+0xf/0x20 [ 61.738383][ C1] [ 61.741294][ C1] RIP: 0010:console_unlock+0xe35/0xef0 [ 61.746725][ C1] Code: 20 00 74 0c 48 c7 c7 f0 91 8a 88 e8 65 da 4f 00 48 83 3d ad fd 2d 07 00 0f 84 b1 00 00 00 e8 d2 9c 16 00 48 8b 7c 24 10 57 9d <0f> 1f 44 00 00 eb 91 e8 bf 9c 16 00 eb 8a e8 b8 9c 16 00 eb 83 48 [ 61.766312][ C1] RSP: 0018:ffff888092daf930 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 61.774710][ C1] RAX: ffffffff815c944e RBX: 0000000000000200 RCX: ffff888094422640 [ 61.782670][ C1] RDX: 0000000000000000 RSI: ffffffff815c8129 RDI: 0000000000000282 [ 61.790613][ C1] RBP: ffff888092daf9f0 R08: ffff888094422640 R09: fffffbfff111a4f1 [ 61.798554][ C1] R10: fffffbfff111a4f1 R11: 0000000000000000 R12: dffffc0000000000 [ 61.806498][ C1] R13: 0000000000000000 R14: 0000000000000001 R15: ffffffff88a3d748 [ 61.814450][ C1] ? console_unlock+0xe2e/0xef0 [ 61.819276][ C1] ? vprintk_emit+0x239/0x3a0 [ 61.823928][ C1] ? __down_trylock_console_sem+0x180/0x1b0 [ 61.829789][ C1] ? vprintk_emit+0x21c/0x3a0 [ 61.834527][ C1] vprintk_emit+0x239/0x3a0 [ 61.839014][ C1] vprintk_default+0x28/0x30 [ 61.843574][ C1] vprintk_func+0x158/0x170 [ 61.848058][ C1] printk+0x62/0x8d [ 61.851850][ C1] ? __ntfs_error+0x15e/0x190 [ 61.856497][ C1] __ntfs_error+0x185/0x190 [ 61.860972][ C1] ? is_boot_sector_ntfs+0x148/0x8c0 [ 61.866249][ C1] ? __kasan_check_read+0x11/0x20 [ 61.871267][ C1] ntfs_fill_super+0x720/0x2a40 [ 61.876094][ C1] ? vsnprintf+0x1b6e/0x1c00 [ 61.880672][ C1] ? snprintf+0x6f/0x90 [ 61.884797][ C1] ? __kasan_check_write+0x14/0x20 [ 61.889892][ C1] mount_bdev+0x27c/0x390 [ 61.894201][ C1] ? ntfs_mount+0x40/0x40 [ 61.898499][ C1] ntfs_mount+0x34/0x40 [ 61.902640][ C1] legacy_get_tree+0xf9/0x1a0 [ 61.907288][ C1] ? ntfs_rl_punch_nolock+0x1830/0x1830 [ 61.912805][ C1] vfs_get_tree+0x8b/0x2a0 [ 61.917191][ C1] do_mount+0x16c0/0x2510 [ 61.921491][ C1] ? copy_mount_options+0xdc/0x3c0 [ 61.926570][ C1] ksys_mount+0xcc/0x100 [ 61.930780][ C1] __x64_sys_mount+0xbf/0xd0 [ 61.935342][ C1] do_syscall_64+0xf7/0x1c0 [ 61.939816][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.945690][ C1] RIP: 0033:0x441e99 [ 61.949556][ C1] Code: e8 fc ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 61.969130][ C1] RSP: 002b:00007fff8d7174e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 61.977512][ C1] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441e99 executing program [ 61.985454][ C1] RDX: 0000000020000140 RSI: 0000000020000280 RDI: 00000000200004c0 [ 61.993397][ C1] RBP: 000000000000f000 R08: 0000000000000000 R09: 00007fff8d717698 [ 62.001341][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006ccdc8 [ 62.009286][ C1] R13: 00000000006cd440 R14: 0000000000000000 R15: 0000000000000000 [ 62.018132][ T7877] ntfs: (device nullb0): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover. [ 62.031025][ T7877] ntfs: (device nullb0): ntfs_fill_super(): Not an NTFS volume. [ 62.042848][ T7879] kobject: 'hci2' (0000000001321e8c): kobject_add_internal: parent: 'bluetooth', set: 'devices' [ 62.053360][ T7879] kobject: 'hci2' (0000000001321e8c): kobject_uevent_env [ 62.060548][ T7879] kobject: 'hci2' (0000000001321e8c): fill_kobj_path: path = '/devices/virtual/bluetooth/hci2' [ 62.071029][ T7879] kobject: 'rfkill12' (00000000185764cc): kobject_add_internal: parent: 'hci2', set: 'devices' [ 62.083273][ T7879] kobject: 'rfkill12' (00000000185764cc): kobject_uevent_env executing program [ 62.090702][ T7879] kobject: 'rfkill12' (00000000185764cc): fill_kobj_path: path = '/devices/virtual/bluetooth/hci2/rfkill12' [ 62.102511][ T618] Bluetooth: hci2: Frame reassembly failed (-84) [ 62.103056][ T7879] ntfs: (device nullb0): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 62.118064][ T7879] ntfs: (device nullb0): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover. [ 62.130951][ T7879] ntfs: (device nullb0): ntfs_fill_super(): Not an NTFS volume. [ 62.142586][ T7881] kobject: 'hci3' (000000000c553d7e): kobject_add_internal: parent: 'bluetooth', set: 'devices' [ 62.153086][ T7881] kobject: 'hci3' (000000000c553d7e): kobject_uevent_env [ 62.160131][ T7881] kobject: 'hci3' (000000000c553d7e): fill_kobj_path: path = '/devices/virtual/bluetooth/hci3' [ 62.170630][ T7881] kobject: 'rfkill13' (00000000ad18330e): kobject_add_internal: parent: 'hci3', set: 'devices' [ 62.181134][ T7881] kobject: 'rfkill13' (00000000ad18330e): kobject_uevent_env executing program [ 62.188511][ T7881] kobject: 'rfkill13' (00000000ad18330e): fill_kobj_path: path = '/devices/virtual/bluetooth/hci3/rfkill13' [ 62.200328][ T618] Bluetooth: hci3: Frame reassembly failed (-84) [ 62.200824][ T7881] ntfs: (device nullb0): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 62.219813][ T7883] kobject: 'hci4' (00000000f1a10122): kobject_add_internal: parent: 'bluetooth', set: 'devices' [ 62.230327][ T7883] kobject: 'hci4' (00000000f1a10122): kobject_uevent_env [ 62.237344][ T7883] kobject: 'hci4' (00000000f1a10122): fill_kobj_path: path = '/devices/virtual/bluetooth/hci4' [ 62.247830][ T7883] kobject: 'rfkill14' (00000000e1d3b59d): kobject_add_internal: parent: 'hci4', set: 'devices' [ 62.258262][ T7883] kobject: 'rfkill14' (00000000e1d3b59d): kobject_uevent_env [ 62.265682][ T7883] kobject: 'rfkill14' (00000000e1d3b59d): fill_kobj_path: path = '/devices/virtual/bluetooth/hci4/rfkill14' [ 62.277475][ T618] Bluetooth: hci4: Frame reassembly failed (-84) [ 63.558694][ T7872] Bluetooth: hci1: command 0x1003 tx timeout [ 63.564728][ T7872] Bluetooth: hci0: command 0x1003 tx timeout [ 63.564765][ T7865] Bluetooth: hci1: sending frame failed (-49) [ 63.571329][ T7861] Bluetooth: hci0: sending frame failed (-49) [ 64.118682][ T7872] Bluetooth: hci2: command 0x1003 tx timeout [ 64.124767][ T7861] Bluetooth: hci2: sending frame failed (-49) [ 64.278658][ T2834] Bluetooth: hci4: command 0x1003 tx timeout [ 64.284738][ T7861] Bluetooth: hci4: sending frame failed (-49) [ 64.290858][ T2834] Bluetooth: hci3: command 0x1003 tx timeout [ 64.296892][ T7861] Bluetooth: hci3: sending frame failed (-49) [ 65.638716][ T7872] Bluetooth: hci0: command 0x1001 tx timeout [ 65.638720][ T2834] Bluetooth: hci1: command 0x1001 tx timeout [ 65.638768][ T7861] Bluetooth: hci1: sending frame failed (-49) [ 65.644848][ T7865] Bluetooth: hci0: sending frame failed (-49) [ 66.198667][ T2834] Bluetooth: hci2: command 0x1001 tx timeout [ 66.205414][ T7865] Bluetooth: hci2: sending frame failed (-49) [ 66.358781][ T2834] Bluetooth: hci3: command 0x1001 tx timeout [ 66.364991][ T2834] Bluetooth: hci4: command 0x1001 tx timeout [ 66.365184][ T7865] Bluetooth: hci3: sending frame failed (-49) [ 66.371692][ T7861] Bluetooth: hci4: sending frame failed (-49) [ 67.718838][ T7872] Bluetooth: hci0: command 0x1009 tx timeout [ 67.718843][ T2834] Bluetooth: hci1: command 0x1009 tx timeout [ 68.278736][ T7872] Bluetooth: hci2: command 0x1009 tx timeout [ 68.438763][ T2834] Bluetooth: hci4: command 0x1009 tx timeout [ 68.438767][ T7872] Bluetooth: hci3: command 0x1009 tx timeout