[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   57.239435][   T26] audit: type=1800 audit(1571027337.771:25): pid=8705 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   57.278897][   T26] audit: type=1800 audit(1571027337.771:26): pid=8705 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   57.300802][   T26] audit: type=1800 audit(1571027337.781:27): pid=8705 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.40' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [  646.574763][ T1054] INFO: task kworker/0:2:2913 blocked for more than 143 seconds.
[  646.582667][ T1054]       Not tainted 5.4.0-rc1+ #0
[  646.588446][ T1054] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  646.597515][ T1054] kworker/0:2     D27000  2913      2 0x80004000
[  646.603958][ T1054] Workqueue: ipv6_addrconf addrconf_verify_work
[  646.616053][ T1054] Call Trace:
[  646.619453][ T1054]  __schedule+0x94f/0x1e70
[  646.623879][ T1054]  ? __sched_text_start+0x8/0x8
[  646.629297][ T1054]  ? __kasan_check_read+0x11/0x20
[  646.634340][ T1054]  ? _raw_spin_unlock_irq+0x5e/0x90
[  646.639964][ T1054]  schedule+0xd9/0x260
[  646.644055][ T1054]  schedule_preempt_disabled+0x13/0x20
[  646.650003][ T1054]  __mutex_lock+0x7b0/0x13c0
[  646.654964][ T1054]  ? rtnl_lock+0x17/0x20
[  646.659221][ T1054]  ? mutex_trylock+0x2d0/0x2d0
[  646.663998][ T1054]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  646.670674][ T1054]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[  646.677209][ T1054]  mutex_lock_nested+0x16/0x20
[  646.681981][ T1054]  ? mutex_lock_nested+0x16/0x20
[  646.687300][ T1054]  rtnl_lock+0x17/0x20
[  646.691379][ T1054]  addrconf_verify_work+0xe/0x20
[  646.696781][ T1054]  process_one_work+0x9af/0x1740
[  646.701745][ T1054]  ? pwq_dec_nr_in_flight+0x320/0x320
[  646.707499][ T1054]  ? lock_acquire+0x190/0x410
[  646.712201][ T1054]  worker_thread+0x98/0xe40
[  646.717070][ T1054]  ? trace_hardirqs_on+0x67/0x240
[  646.722121][ T1054]  kthread+0x361/0x430
[  646.726566][ T1054]  ? process_one_work+0x1740/0x1740
[  646.731781][ T1054]  ? kthread_cancel_delayed_work_sync+0x20/0x20
[  646.738797][ T1054]  ret_from_fork+0x24/0x30
[  646.743280][ T1054] 
[  646.743280][ T1054] Showing all locks held in the system:
[  646.751509][ T1054] 1 lock held by khungtaskd/1054:
[  646.756862][ T1054]  #0: ffffffff88faae40 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e
[  646.767404][ T1054] 3 locks held by kworker/0:2/2913:
[  646.772602][ T1054]  #0: ffff888216019428 ((wq_completion)ipv6_addrconf){+.+.}, at: process_one_work+0x88b/0x1740
[  646.783456][ T1054]  #1: ffff8880a05b7dc0 ((addr_chk_work).work){+.+.}, at: process_one_work+0x8c1/0x1740
[  646.793602][ T1054]  #2: ffffffff89993b20 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20
[  646.802000][ T1054] 1 lock held by rsyslogd/8744:
[  646.807165][ T1054]  #0: ffff8880899fa120 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110
[  646.816227][ T1054] 2 locks held by getty/8833:
[  646.820905][ T1054]  #0: ffff888090baedd0 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40
[  646.831225][ T1054]  #1: ffffc90005f292e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10
[  646.841186][ T1054] 2 locks held by getty/8834:
[  646.846190][ T1054]  #0: ffff88808d0f6dd0 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40
[  646.855483][ T1054]  #1: ffffc90005f392e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10
[  646.865407][ T1054] 2 locks held by getty/8835:
[  646.870081][ T1054]  #0: ffff888090148e10 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40
[  646.879498][ T1054]  #1: ffffc90005f252e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10
[  646.889436][ T1054] 2 locks held by getty/8836:
[  646.894114][ T1054]  #0: ffff8880a7ab3750 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40
[  646.903552][ T1054]  #1: ffffc90005f412e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10
[  646.913508][ T1054] 2 locks held by getty/8837:
[  646.918502][ T1054]  #0: ffff8880a7accf10 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40
[  646.927787][ T1054]  #1: ffffc90005f3d2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10
[  646.937783][ T1054] 2 locks held by getty/8838:
[  646.942454][ T1054]  #0: ffff88808d0f7650 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40
[  646.951807][ T1054]  #1: ffffc90005f352e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10
[  646.961829][ T1054] 2 locks held by getty/8839:
[  646.966808][ T1054]  #0: ffff88808d162bd0 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40
[  646.976096][ T1054]  #1: ffffc90005f112e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10
[  646.986011][ T1054] 1 lock held by syz-executor910/8859:
[  646.991525][ T1054] 
[  646.993856][ T1054] =============================================
[  646.993856][ T1054] 
[  647.003639][ T1054] NMI backtrace for cpu 0
[  647.008379][ T1054] CPU: 0 PID: 1054 Comm: khungtaskd Not tainted 5.4.0-rc1+ #0
[  647.015831][ T1054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  647.025883][ T1054] Call Trace:
[  647.029242][ T1054]  dump_stack+0x172/0x1f0
[  647.033581][ T1054]  nmi_cpu_backtrace.cold+0x70/0xb2
[  647.038784][ T1054]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  647.045026][ T1054]  ? lapic_can_unplug_cpu.cold+0x3a/0x3a
[  647.050669][ T1054]  nmi_trigger_cpumask_backtrace+0x23b/0x28b
[  647.056653][ T1054]  arch_trigger_cpumask_backtrace+0x14/0x20
[  647.062545][ T1054]  watchdog+0x9d0/0xef0
[  647.066706][ T1054]  kthread+0x361/0x430
[  647.070778][ T1054]  ? reset_hung_task_detector+0x30/0x30
[  647.076320][ T1054]  ? kthread_cancel_delayed_work_sync+0x20/0x20
[  647.082570][ T1054]  ret_from_fork+0x24/0x30
[  647.087061][ T1054] Sending NMI from CPU 0 to CPUs 1:
[  647.093230][    C1] NMI backtrace for cpu 1
[  647.093235][    C1] CPU: 1 PID: 8859 Comm: syz-executor910 Not tainted 5.4.0-rc1+ #0
[  647.093241][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  647.093245][    C1] RIP: 0010:lockdep_hardirqs_off+0x1df/0x2e0
[  647.093255][    C1] Code: 5c 08 00 00 5b 41 5c 41 5d 5d c3 48 c7 c0 58 1d f3 88 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 d3 00 00 00 <48> 83 3d 21 9e 99 07 00 0f 84 b9 00 00 00 9c 58 0f 1f 44 00 00 f6
[  647.093258][    C1] RSP: 0018:ffff8880a6f3f1b8 EFLAGS: 00000046
[  647.093265][    C1] RAX: 1ffffffff11e63ab RBX: ffff88808c9c6080 RCX: 0000000000000000
[  647.093269][    C1] RDX: dffffc0000000000 RSI: 0000000000000000 RDI: ffff88808c9c6914
[  647.093273][    C1] RBP: ffff8880a6f3f1d0 R08: ffff88808c9c6080 R09: fffffbfff16be5d1
[  647.093277][    C1] R10: fffffbfff16be5d0 R11: 0000000000000003 R12: ffffffff8746591f
[  647.093281][    C1] R13: ffff88808c9c6080 R14: ffffffff8746591f R15: 0000000000000003
[  647.093286][    C1] FS:  00000000011e4880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[  647.093290][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  647.093294][    C1] CR2: ffffffffff600400 CR3: 00000000a8920000 CR4: 00000000001406e0
[  647.093298][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  647.093302][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  647.093304][    C1] Call Trace:
[  647.093308][    C1]  ? __wake_up_common_lock+0xc8/0x150
[  647.093310][    C1]  trace_hardirqs_off+0x62/0x240
[  647.093313][    C1]  _raw_spin_lock_irqsave+0x6f/0xcd
[  647.093316][    C1]  __wake_up_common_lock+0xc8/0x150
[  647.093319][    C1]  ? __wake_up_common+0x610/0x610
[  647.093322][    C1]  ? trace_hardirqs_on+0x67/0x240
[  647.093325][    C1]  ? kmem_cache_free+0x26b/0x320
[  647.093328][    C1]  ? kfree_skbmem+0xca/0x150
[  647.093330][    C1]  __wake_up+0xe/0x10
[  647.093334][    C1]  netlink_broadcast_filtered+0x705/0xb80
[  647.093337][    C1]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  647.093340][    C1]  ? refcount_inc_not_zero_checked+0x144/0x200
[  647.093344][    C1]  ? refcount_dec_and_mutex_lock+0x90/0x90
[  647.093347][    C1]  netlink_broadcast+0x3a/0x50
[  647.093350][    C1]  rtnetlink_send+0xdd/0x110
[  647.093353][    C1]  tcf_action_add+0x243/0x370
[  647.093356][    C1]  ? tca_action_gd+0x1730/0x1730
[  647.093359][    C1]  ? mark_held_locks+0xa4/0xf0
[  647.093362][    C1]  ? trace_hardirqs_on_thunk+0x1a/0x20
[  647.093365][    C1]  tc_ctl_action+0x3b5/0x4bc
[  647.093368][    C1]  ? tcf_action_add+0x370/0x370
[  647.093371][    C1]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  647.093374][    C1]  ? tcf_action_add+0x370/0x370
[  647.093377][    C1]  rtnetlink_rcv_msg+0x463/0xb00
[  647.093380][    C1]  ? rtnl_bridge_getlink+0x910/0x910
[  647.093383][    C1]  ? lock_downgrade+0x920/0x920
[  647.093386][    C1]  ? netlink_deliver_tap+0x22d/0xbf0
[  647.093388][    C1]  ? find_held_lock+0x35/0x130
[  647.093391][    C1]  netlink_rcv_skb+0x177/0x450
[  647.093394][    C1]  ? rtnl_bridge_getlink+0x910/0x910
[  647.093397][    C1]  ? netlink_ack+0xb50/0xb50
[  647.093400][    C1]  ? __kasan_check_read+0x11/0x20
[  647.093403][    C1]  ? netlink_deliver_tap+0x254/0xbf0
[  647.093406][    C1]  rtnetlink_rcv+0x1d/0x30
[  647.093409][    C1]  netlink_unicast+0x531/0x710
[  647.093412][    C1]  ? netlink_attachskb+0x7c0/0x7c0
[  647.093415][    C1]  ? _copy_from_iter_full+0x25d/0x8c0
[  647.093418][    C1]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  647.093421][    C1]  ? __check_object_size+0x3d/0x437
[  647.093424][    C1]  netlink_sendmsg+0x8a5/0xd60
[  647.093427][    C1]  ? netlink_unicast+0x710/0x710
[  647.093430][    C1]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  647.093433][    C1]  ? apparmor_socket_sendmsg+0x2a/0x30
[  647.093436][    C1]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  647.093439][    C1]  ? security_socket_sendmsg+0x8d/0xc0
[  647.093442][    C1]  ? netlink_unicast+0x710/0x710
[  647.093445][    C1]  sock_sendmsg+0xd7/0x130
[  647.093448][    C1]  ___sys_sendmsg+0x803/0x920
[  647.093451][    C1]  ? copy_msghdr_from_user+0x440/0x440
[  647.093454][    C1]  ? lockdep_hardirqs_on+0x421/0x5e0
[  647.093457][    C1]  ? release_sock+0x156/0x1c0
[  647.093460][    C1]  ? trace_hardirqs_on+0x67/0x240
[  647.093463][    C1]  ? release_sock+0x156/0x1c0
[  647.093466][    C1]  ? __local_bh_enable_ip+0x15a/0x270
[  647.093469][    C1]  ? _raw_spin_unlock_bh+0x31/0x40
[  647.093472][    C1]  ? release_sock+0x156/0x1c0
[  647.093475][    C1]  ? sock_setsockopt+0x191/0x2290
[  647.093478][    C1]  ? sock_enable_timestamp+0x120/0x120
[  647.093481][    C1]  ? aa_sk_perm+0x288/0x880
[  647.093484][    C1]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  647.093487][    C1]  ? __fget_light+0x1a9/0x230
[  647.093490][    C1]  ? __fdget+0x1b/0x20
[  647.093493][    C1]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  647.093496][    C1]  __sys_sendmsg+0x105/0x1d0
[  647.093499][    C1]  ? __sys_sendmsg_sock+0xd0/0xd0
[  647.093502][    C1]  ? down_read_non_owner+0x490/0x490
[  647.093505][    C1]  ? trace_hardirqs_on_thunk+0x1a/0x20
[  647.093508][    C1]  ? do_syscall_64+0x26/0x760
[  647.093511][    C1]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  647.093514][    C1]  ? do_syscall_64+0x26/0x760
[  647.093517][    C1]  __x64_sys_sendmsg+0x78/0xb0
[  647.093519][    C1]  do_syscall_64+0xfa/0x760
[  647.093523][    C1]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  647.093525][    C1] RIP: 0033:0x440939
[  647.093534][    C1] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  647.093538][    C1] RSP: 002b:00007ffeea8a8d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  647.093545][    C1] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440939
[  647.093549][    C1] RDX: 0000000020000010 RSI: 0000000020001480 RDI: 0000000000000003
[  647.093553][    C1] RBP: 00000000006cb018 R08: 0000000000000002 R09: 00000000004002c8
[  647.093558][    C1] R10: 0000000000000008 R11: 0000000000000246 R12: 00000000004021c0
[  647.093562][    C1] R13: 0000000000402250 R14: 0000000000000000 R15: 0000000000000000
[  647.102474][ T1054] Kernel panic - not syncing: hung_task: blocked tasks
[  647.681646][ T1054] CPU: 0 PID: 1054 Comm: khungtaskd Not tainted 5.4.0-rc1+ #0
[  647.689098][ T1054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  647.699155][ T1054] Call Trace:
[  647.702451][ T1054]  dump_stack+0x172/0x1f0
[  647.706785][ T1054]  panic+0x2dc/0x755
[  647.710679][ T1054]  ? add_taint.cold+0x16/0x16
[  647.715350][ T1054]  ? lapic_can_unplug_cpu.cold+0x3a/0x3a
[  647.720983][ T1054]  ? ___preempt_schedule+0x16/0x20
[  647.726098][ T1054]  ? nmi_trigger_cpumask_backtrace+0x21b/0x28b
[  647.732251][ T1054]  ? nmi_trigger_cpumask_backtrace+0x24c/0x28b
[  647.738407][ T1054]  ? nmi_trigger_cpumask_backtrace+0x256/0x28b
[  647.744557][ T1054]  ? nmi_trigger_cpumask_backtrace+0x21b/0x28b
[  647.750712][ T1054]  watchdog+0x9e1/0xef0
[  647.754873][ T1054]  kthread+0x361/0x430
[  647.759030][ T1054]  ? reset_hung_task_detector+0x30/0x30
[  647.764575][ T1054]  ? kthread_cancel_delayed_work_sync+0x20/0x20
[  647.770814][ T1054]  ret_from_fork+0x24/0x30
[  647.776677][ T1054] Kernel Offset: disabled
[  647.781008][ T1054] Rebooting in 86400 seconds..