[ 34.875396] audit: type=1800 audit(1577030972.974:34): pid=6943 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 38.296308] random: sshd: uninitialized urandom read (32 bytes read) [ 38.504705] audit: type=1400 audit(1577030976.634:35): avc: denied { map } for pid=7116 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 38.556498] random: sshd: uninitialized urandom read (32 bytes read) [ 39.187073] random: sshd: uninitialized urandom read (32 bytes read) [ 483.336744] audit: type=1400 audit(1577031421.464:36): avc: denied { map } for pid=7124 comm="sh" path="/bin/dash" dev="sda1" ino=1473 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 915.590666] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.145' (ECDSA) to the list of known hosts. [ 921.126493] random: sshd: uninitialized urandom read (32 bytes read) executing program executing program executing program executing program executing program executing program [ 921.243617] audit: type=1400 audit(1577031859.374:37): avc: denied { map } for pid=7132 comm="syz-executor237" path="/root/syz-executor237031866" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 1144.790282] INFO: task syz-executor237:7139 blocked for more than 140 seconds. [ 1144.790291] Not tainted 4.14.160-syzkaller #0 [ 1144.790295] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.790300] syz-executor237 D28528 7139 7138 0x00000004 [ 1144.790386] Call Trace: [ 1144.790462] __schedule+0x7b8/0x1cd0 [ 1144.790476] ? firmware_map_remove+0x196/0x196 [ 1144.790523] ? __lock_acquire+0x5f7/0x4620 [ 1144.790534] schedule+0x92/0x1c0 [ 1144.790543] schedule_timeout+0x93b/0xe10 [ 1144.790550] ? __down+0x158/0x290 [ 1144.790560] ? find_held_lock+0x35/0x130 [ 1144.790567] ? usleep_range+0x130/0x130 [ 1144.790573] ? __down+0x158/0x290 [ 1144.790582] ? save_trace+0x290/0x290 [ 1144.790594] ? _raw_spin_unlock_irq+0x28/0x90 [ 1144.790604] ? trace_hardirqs_on_caller+0x400/0x590 [ 1144.790615] __down+0x160/0x290 [ 1144.790624] ? ww_mutex_lock+0xc0/0xc0 [ 1144.790640] down+0x64/0x90 [ 1144.790665] console_lock+0x28/0x80 [ 1144.790694] do_fb_ioctl+0x36a/0x940 [ 1144.790702] ? lock_downgrade+0x740/0x740 [ 1144.790709] ? fb_read+0x520/0x520 [ 1144.790742] ? avc_has_extended_perms+0x8ec/0xe40 [ 1144.790749] ? do_raw_spin_unlock+0x16b/0x260 [ 1144.790761] ? avc_ss_reset+0x110/0x110 [ 1144.790793] ? follow_pfn+0x220/0x220 [ 1144.790802] ? do_raw_spin_unlock+0x16b/0x260 [ 1144.790812] ? do_wp_page+0x253/0x1250 [ 1144.790849] ? __might_sleep+0x93/0xb0 [ 1144.790856] ? save_trace+0x290/0x290 [ 1144.790868] fb_ioctl+0xe6/0x130 [ 1144.790876] ? do_fb_ioctl+0x940/0x940 [ 1144.790908] do_vfs_ioctl+0x7ae/0x1060 [ 1144.790935] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1144.790946] ? ioctl_preallocate+0x1c0/0x1c0 [ 1144.790954] ? lock_downgrade+0x740/0x740 [ 1144.790992] ? security_file_ioctl+0x7d/0xb0 [ 1144.790999] ? security_file_ioctl+0x89/0xb0 [ 1144.791010] SyS_ioctl+0x8f/0xc0 [ 1144.791018] ? do_vfs_ioctl+0x1060/0x1060 [ 1144.791030] do_syscall_64+0x1e8/0x640 [ 1144.791039] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1144.791052] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.791060] RIP: 0033:0x441419 [ 1144.791065] RSP: 002b:00007fff881a2b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1144.791075] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419 [ 1144.791080] RDX: 00000000200000c0 RSI: 0000000000004601 RDI: 0000000000000003 [ 1144.791085] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 1144.791090] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190 [ 1144.791095] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000 [ 1144.791113] INFO: task syz-executor237:7141 blocked for more than 140 seconds. [ 1144.791118] Not tainted 4.14.160-syzkaller #0 [ 1144.791121] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.791125] syz-executor237 D28528 7141 7134 0x00000004 [ 1144.791144] Call Trace: [ 1144.791154] __schedule+0x7b8/0x1cd0 [ 1144.791166] ? firmware_map_remove+0x196/0x196 [ 1144.791174] ? __lock_acquire+0x5f7/0x4620 [ 1144.791185] schedule+0x92/0x1c0 [ 1144.791193] schedule_timeout+0x93b/0xe10 [ 1144.791200] ? __down+0x158/0x290 [ 1144.791209] ? find_held_lock+0x35/0x130 [ 1144.791217] ? usleep_range+0x130/0x130 [ 1144.791228] ? __down+0x158/0x290 [ 1144.791237] ? save_trace+0x290/0x290 [ 1144.791249] ? _raw_spin_unlock_irq+0x28/0x90 [ 1144.791259] ? trace_hardirqs_on_caller+0x400/0x590 [ 1144.791269] __down+0x160/0x290 [ 1144.791278] ? ww_mutex_lock+0xc0/0xc0 [ 1144.791293] down+0x64/0x90 [ 1144.791301] console_lock+0x28/0x80 [ 1144.791308] do_fb_ioctl+0x36a/0x940 [ 1144.791316] ? lock_downgrade+0x740/0x740 [ 1144.791323] ? fb_read+0x520/0x520 [ 1144.791334] ? avc_has_extended_perms+0x8ec/0xe40 [ 1144.791342] ? do_raw_spin_unlock+0x16b/0x260 [ 1144.791353] ? avc_ss_reset+0x110/0x110 [ 1144.791365] ? follow_pfn+0x220/0x220 [ 1144.791374] ? do_raw_spin_unlock+0x16b/0x260 [ 1144.791384] ? do_wp_page+0x253/0x1250 [ 1144.791402] ? __might_sleep+0x93/0xb0 [ 1144.791409] ? save_trace+0x290/0x290 [ 1144.791420] fb_ioctl+0xe6/0x130 [ 1144.791428] ? do_fb_ioctl+0x940/0x940 [ 1144.791436] do_vfs_ioctl+0x7ae/0x1060 [ 1144.791444] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1144.791455] ? ioctl_preallocate+0x1c0/0x1c0 [ 1144.791463] ? lock_downgrade+0x740/0x740 [ 1144.791478] ? security_file_ioctl+0x7d/0xb0 [ 1144.791485] ? security_file_ioctl+0x89/0xb0 [ 1144.791496] SyS_ioctl+0x8f/0xc0 [ 1144.791504] ? do_vfs_ioctl+0x1060/0x1060 [ 1144.791513] do_syscall_64+0x1e8/0x640 [ 1144.791520] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1144.791533] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.791539] RIP: 0033:0x441419 [ 1144.791543] RSP: 002b:00007fff881a2b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1144.791552] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419 [ 1144.791557] RDX: 00000000200000c0 RSI: 0000000000004601 RDI: 0000000000000003 [ 1144.791562] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 1144.791567] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190 [ 1144.791571] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000 [ 1144.791588] INFO: task syz-executor237:7142 blocked for more than 140 seconds. [ 1144.791593] Not tainted 4.14.160-syzkaller #0 [ 1144.791596] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.791599] syz-executor237 D28528 7142 7135 0x00000004 [ 1144.791617] Call Trace: [ 1144.791628] __schedule+0x7b8/0x1cd0 [ 1144.791634] ? __mutex_lock+0x737/0x1470 [ 1144.791646] ? firmware_map_remove+0x196/0x196 [ 1144.791657] schedule+0x92/0x1c0 [ 1144.791666] schedule_preempt_disabled+0x13/0x20 [ 1144.791673] __mutex_lock+0x73c/0x1470 [ 1144.791682] ? fb_open+0xb7/0x420 [ 1144.791693] ? mutex_trylock+0x1c0/0x1c0 [ 1144.791703] ? __mutex_unlock_slowpath+0x71/0x800 [ 1144.791711] ? find_held_lock+0x35/0x130 [ 1144.791727] mutex_lock_nested+0x16/0x20 [ 1144.791734] ? mutex_lock_nested+0x16/0x20 [ 1144.791741] fb_open+0xb7/0x420 [ 1144.791750] ? get_fb_info.part.0+0x80/0x80 [ 1144.791759] chrdev_open+0x207/0x590 [ 1144.791769] ? cdev_put.part.0+0x50/0x50 [ 1144.791778] ? security_file_open+0x89/0x190 [ 1144.791807] do_dentry_open+0x73b/0xeb0 [ 1144.791817] ? cdev_put.part.0+0x50/0x50 [ 1144.791829] vfs_open+0x105/0x220 [ 1144.791840] path_openat+0x8bd/0x3f70 [ 1144.791848] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.791867] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 1144.791875] ? __lock_is_held+0xb6/0x140 [ 1144.791883] ? save_trace+0x290/0x290 [ 1144.791913] ? __alloc_fd+0x1d4/0x4a0 [ 1144.791923] do_filp_open+0x18e/0x250 [ 1144.791930] ? __alloc_fd+0x1d4/0x4a0 [ 1144.791938] ? may_open_dev+0xe0/0xe0 [ 1144.791953] ? do_raw_spin_unlock+0x16b/0x260 [ 1144.791962] ? _raw_spin_unlock+0x2d/0x50 [ 1144.791970] ? __alloc_fd+0x1d4/0x4a0 [ 1144.791988] do_sys_open+0x2c5/0x430 [ 1144.791998] ? filp_open+0x70/0x70 [ 1144.792009] ? up_read+0x1a/0x40 [ 1144.792023] SyS_openat+0x30/0x40 [ 1144.792031] ? SyS_open+0x40/0x40 [ 1144.792039] do_syscall_64+0x1e8/0x640 [ 1144.792047] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1144.792060] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.792065] RIP: 0033:0x441419 [ 1144.792070] RSP: 002b:00007fff881a2b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1144.792078] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419 [ 1144.792083] RDX: 0000000000000000 RSI: 0000000020000180 RDI: ffffffffffffff9c [ 1144.792088] RBP: 00000000006cb018 R08: 0000000000000004 R09: 00000000004002c8 [ 1144.792093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402190 [ 1144.792098] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000 [ 1144.792115] INFO: task syz-executor237:7143 blocked for more than 140 seconds. [ 1144.792120] Not tainted 4.14.160-syzkaller #0 [ 1144.792123] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.792126] syz-executor237 D28528 7143 7137 0x00000004 [ 1144.792144] Call Trace: [ 1144.792155] __schedule+0x7b8/0x1cd0 [ 1144.792161] ? __mutex_lock+0x737/0x1470 [ 1144.792173] ? firmware_map_remove+0x196/0x196 [ 1144.792185] schedule+0x92/0x1c0 [ 1144.792193] schedule_preempt_disabled+0x13/0x20 [ 1144.792200] __mutex_lock+0x73c/0x1470 [ 1144.792210] ? fb_open+0xb7/0x420 [ 1144.792226] ? mutex_trylock+0x1c0/0x1c0 [ 1144.792236] ? __mutex_unlock_slowpath+0x71/0x800 [ 1144.792244] ? find_held_lock+0x35/0x130 [ 1144.792260] mutex_lock_nested+0x16/0x20 [ 1144.792267] ? mutex_lock_nested+0x16/0x20 [ 1144.792274] fb_open+0xb7/0x420 [ 1144.792283] ? get_fb_info.part.0+0x80/0x80 [ 1144.792291] chrdev_open+0x207/0x590 [ 1144.792300] ? cdev_put.part.0+0x50/0x50 [ 1144.792309] ? security_file_open+0x89/0x190 [ 1144.792320] do_dentry_open+0x73b/0xeb0 [ 1144.792329] ? cdev_put.part.0+0x50/0x50 [ 1144.792342] vfs_open+0x105/0x220 [ 1144.792352] path_openat+0x8bd/0x3f70 [ 1144.792360] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.792379] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 1144.792386] ? __lock_is_held+0xb6/0x140 [ 1144.792395] ? save_trace+0x290/0x290 [ 1144.792406] ? __alloc_fd+0x1d4/0x4a0 [ 1144.792415] do_filp_open+0x18e/0x250 [ 1144.792423] ? __alloc_fd+0x1d4/0x4a0 [ 1144.792431] ? may_open_dev+0xe0/0xe0 [ 1144.792446] ? do_raw_spin_unlock+0x16b/0x260 [ 1144.792455] ? _raw_spin_unlock+0x2d/0x50 [ 1144.792463] ? __alloc_fd+0x1d4/0x4a0 [ 1144.792480] do_sys_open+0x2c5/0x430 [ 1144.792491] ? filp_open+0x70/0x70 [ 1144.792497] ? up_read+0x1a/0x40 [ 1144.792512] SyS_openat+0x30/0x40 [ 1144.792519] ? SyS_open+0x40/0x40 [ 1144.792528] do_syscall_64+0x1e8/0x640 [ 1144.792536] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1144.792548] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.792553] RIP: 0033:0x441419 [ 1144.792558] RSP: 002b:00007fff881a2b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1144.792566] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419 [ 1144.792571] RDX: 0000000000000000 RSI: 0000000020000180 RDI: ffffffffffffff9c [ 1144.792576] RBP: 00000000006cb018 R08: 0000000000000004 R09: 00000000004002c8 [ 1144.792581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402190 [ 1144.792586] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000 [ 1144.792603] INFO: task syz-executor237:7144 blocked for more than 140 seconds. [ 1144.792607] Not tainted 4.14.160-syzkaller #0 [ 1144.792611] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.792614] syz-executor237 D28528 7144 7133 0x00000004 [ 1144.792631] Call Trace: [ 1144.792641] __schedule+0x7b8/0x1cd0 [ 1144.792653] ? firmware_map_remove+0x196/0x196 [ 1144.792661] ? __lock_acquire+0x5f7/0x4620 [ 1144.792671] schedule+0x92/0x1c0 [ 1144.792680] schedule_timeout+0x93b/0xe10 [ 1144.792687] ? __down+0x158/0x290 [ 1144.792695] ? find_held_lock+0x35/0x130 [ 1144.792703] ? usleep_range+0x130/0x130 [ 1144.792709] ? __down+0x158/0x290 [ 1144.792718] ? save_trace+0x290/0x290 [ 1144.792729] ? _raw_spin_unlock_irq+0x28/0x90 [ 1144.792739] ? trace_hardirqs_on_caller+0x400/0x590 [ 1144.792749] __down+0x160/0x290 [ 1144.792759] ? ww_mutex_lock+0xc0/0xc0 [ 1144.792774] down+0x64/0x90 [ 1144.792782] console_lock+0x28/0x80 [ 1144.792789] do_fb_ioctl+0x36a/0x940 [ 1144.792796] ? lock_downgrade+0x740/0x740 [ 1144.792804] ? fb_read+0x520/0x520 [ 1144.792815] ? avc_has_extended_perms+0x8ec/0xe40 [ 1144.792822] ? do_raw_spin_unlock+0x16b/0x260 [ 1144.792834] ? avc_ss_reset+0x110/0x110 [ 1144.792845] ? follow_pfn+0x220/0x220 [ 1144.792854] ? do_raw_spin_unlock+0x16b/0x260 [ 1144.792864] ? do_wp_page+0x253/0x1250 [ 1144.792883] ? __might_sleep+0x93/0xb0 [ 1144.792890] ? save_trace+0x290/0x290 [ 1144.792901] fb_ioctl+0xe6/0x130 [ 1144.792909] ? do_fb_ioctl+0x940/0x940 [ 1144.792916] do_vfs_ioctl+0x7ae/0x1060 [ 1144.792925] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1144.792935] ? ioctl_preallocate+0x1c0/0x1c0 [ 1144.792943] ? lock_downgrade+0x740/0x740 [ 1144.792959] ? security_file_ioctl+0x7d/0xb0 [ 1144.792966] ? security_file_ioctl+0x89/0xb0 [ 1144.792976] SyS_ioctl+0x8f/0xc0 [ 1144.792984] ? do_vfs_ioctl+0x1060/0x1060 [ 1144.792994] do_syscall_64+0x1e8/0x640 [ 1144.793001] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1144.793014] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.793019] RIP: 0033:0x441419 [ 1144.793023] RSP: 002b:00007fff881a2b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1144.793032] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419 [ 1144.793037] RDX: 00000000200000c0 RSI: 0000000000004601 RDI: 0000000000000003 [ 1144.793042] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 1144.793047] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190 [ 1144.793052] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000 [ 1144.793067] [ 1144.793067] Showing all locks held in the system: [ 1144.793080] 1 lock held by khungtaskd/1045: [ 1144.793084] #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7f/0x21f [ 1144.793125] 1 lock held by rsyslogd/6981: [ 1144.793128] #0: (&f->f_pos_lock){+.+.}, at: [] __fdget_pos+0xab/0xd0 [ 1144.793149] 2 locks held by getty/7103: [ 1144.793152] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1144.793170] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1144.793233] 2 locks held by getty/7104: [ 1144.793236] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1144.793254] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1144.793274] 2 locks held by getty/7105: [ 1144.793277] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1144.793294] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1144.793315] 2 locks held by getty/7106: [ 1144.793318] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1144.793335] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1144.793355] 2 locks held by getty/7107: [ 1144.793358] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1144.793375] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1144.793395] 2 locks held by getty/7108: [ 1144.793398] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1144.793415] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1144.793435] 2 locks held by getty/7109: [ 1144.793438] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1144.793455] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1144.793477] 1 lock held by syz-executor237/7142: [ 1144.793479] #0: (&fb_info->lock){+.+.}, at: [] fb_open+0xb7/0x420 [ 1144.793498] 1 lock held by syz-executor237/7143: [ 1144.793501] #0: (&fb_info->lock){+.+.}, at: [] fb_open+0xb7/0x420 [ 1144.793518] [ 1144.793521] ============================================= [ 1144.793521] [ 1144.793526] NMI backtrace for cpu 0 [ 1144.793534] CPU: 0 PID: 1045 Comm: khungtaskd Not tainted 4.14.160-syzkaller #0 [ 1144.793539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1144.793541] Call Trace: [ 1144.793569] dump_stack+0x142/0x197 [ 1144.793597] nmi_cpu_backtrace.cold+0x57/0x94 [ 1144.793610] ? irq_force_complete_move.cold+0x7d/0x7d [ 1144.793619] nmi_trigger_cpumask_backtrace+0x141/0x189 [ 1144.793630] arch_trigger_cpumask_backtrace+0x14/0x20 [ 1144.793657] watchdog+0x5e7/0xb90 [ 1144.793690] kthread+0x319/0x430 [ 1144.793698] ? hungtask_pm_notify+0x50/0x50 [ 1144.793704] ? kthread_create_on_node+0xd0/0xd0 [ 1144.793714] ret_from_fork+0x24/0x30 [ 1144.793730] Sending NMI from CPU 0 to CPUs 1: [ 1144.794294] NMI backtrace for cpu 1 [ 1144.794298] CPU: 1 PID: 7140 Comm: syz-executor237 Not tainted 4.14.160-syzkaller #0 [ 1144.794302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1144.794304] task: ffff88808be061c0 task.stack: ffff88807f150000 [ 1144.794307] RIP: 0010:bitfill_aligned+0xe7/0x190 [ 1144.794309] RSP: 0018:ffff88807f157270 EFLAGS: 00000297 [ 1144.794314] RAX: ffff88808be061c0 RBX: 0000000000000050 RCX: 0000000000000000 [ 1144.794317] RDX: 0000000000000000 RSI: ffff8880000a0000 RDI: 0000000000000040 [ 1144.794320] RBP: ffff88807f1572a8 R08: 0000000000001400 R09: 0000000000000040 [ 1144.794323] R10: ffffed1043248e13 R11: ffff88821924709f R12: ffff8880000a0280 [ 1144.794325] R13: 0000000000000000 R14: ffff8880000a0240 R15: 0000000000000000 [ 1144.794328] FS: 00000000017bd880(0000) GS:ffff8880aed00000(0000) knlGS:0000000000000000 [ 1144.794331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1144.794334] CR2: 0000000020000180 CR3: 0000000086f92000 CR4: 00000000001406e0 [ 1144.794337] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1144.794340] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1144.794342] Call Trace: [ 1144.794344] cfb_fillrect+0x3d0/0x720 [ 1144.794346] ? cfb_fillrect+0x720/0x720 [ 1144.794348] vga16fb_fillrect+0x618/0x1880 [ 1144.794349] ? memcpy+0x46/0x50 [ 1144.794352] bit_clear_margins+0x2d5/0x4f0 [ 1144.794353] ? bit_bmove+0x240/0x240 [ 1144.794356] ? efifb_probe.cold+0x1379/0x1379 [ 1144.794358] fbcon_clear_margins+0x292/0x320 [ 1144.794360] fbcon_switch+0xd38/0x1820 [ 1144.794362] ? fbcon_set_def_font+0x360/0x360 [ 1144.794364] ? fbcon_set_origin+0x21/0x50 [ 1144.794366] ? fbcon_scrolldelta+0x1100/0x1100 [ 1144.794368] ? set_origin+0x108/0x3c0 [ 1144.794370] redraw_screen+0x335/0x7c0 [ 1144.794372] ? con_flush_chars+0x90/0x90 [ 1144.794374] ? fbcon_set_palette+0x203/0x5b0 [ 1144.794376] fbcon_modechanged+0x59e/0x880 [ 1144.794378] fbcon_event_notify+0x11f/0x17af [ 1144.794381] ? lock_acquire+0x16f/0x430 [ 1144.794383] notifier_call_chain+0x111/0x1b0 [ 1144.794386] blocking_notifier_call_chain+0x80/0xa0 [ 1144.794388] fb_notifier_call_chain+0x25/0x30 [ 1144.794390] fb_set_var+0xb09/0xcf0 [ 1144.794392] ? fb_set_suspend+0x110/0x110 [ 1144.794394] ? lock_acquire+0x1ea/0x430 [ 1144.794396] ? lock_fb_info+0x1f/0x80 [ 1144.794398] ? __mutex_lock+0x36a/0x1470 [ 1144.794400] ? trace_hardirqs_on+0x10/0x10 [ 1144.794403] ? lock_acquire+0x16f/0x430 [ 1144.794405] ? __down+0x16b/0x290 [ 1144.794407] ? mutex_trylock+0x1c0/0x1c0 [ 1144.794409] ? down+0x70/0x90 [ 1144.794411] ? mutex_lock_nested+0x16/0x20 [ 1144.794413] ? mutex_lock_nested+0x16/0x20 [ 1144.794415] do_fb_ioctl+0x3cc/0x940 [ 1144.794417] ? fb_read+0x520/0x520 [ 1144.794419] ? avc_has_extended_perms+0x8ec/0xe40 [ 1144.794421] ? do_raw_spin_unlock+0x16b/0x260 [ 1144.794424] ? avc_ss_reset+0x110/0x110 [ 1144.794426] ? follow_pfn+0x220/0x220 [ 1144.794428] ? do_raw_spin_unlock+0x16b/0x260 [ 1144.794430] ? do_wp_page+0x253/0x1250 [ 1144.794432] ? __might_sleep+0x93/0xb0 [ 1144.794433] ? save_trace+0x290/0x290 [ 1144.794435] fb_ioctl+0xe6/0x130 [ 1144.794437] ? do_fb_ioctl+0x940/0x940 [ 1144.794439] do_vfs_ioctl+0x7ae/0x1060 [ 1144.794441] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1144.794443] ? ioctl_preallocate+0x1c0/0x1c0 [ 1144.794445] ? lock_downgrade+0x740/0x740 [ 1144.794447] ? security_file_ioctl+0x7d/0xb0 [ 1144.794450] ? security_file_ioctl+0x89/0xb0 [ 1144.794452] SyS_ioctl+0x8f/0xc0 [ 1144.794454] ? do_vfs_ioctl+0x1060/0x1060 [ 1144.794456] do_syscall_64+0x1e8/0x640 [ 1144.794458] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1144.794461] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.794462] RIP: 0033:0x441419 [ 1144.794465] RSP: 002b:00007fff881a2b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1144.794470] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419 [ 1144.794473] RDX: 00000000200000c0 RSI: 0000000000004601 RDI: 0000000000000003 [ 1144.794475] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 1144.794478] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190 [ 1144.794481] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000 [ 1144.794483] Code: 07 89 c3 41 89 c4 76 49 44 8d 60 f8 41 c1 ec 03 49 83 c4 01 49 c1 e4 06 4d 01 f4 e8 34 9d 34 fe 4d 89 3e 4d 89 7e 08 4d 89 7e 10 <4d> 89 7e 18 4d 89 7e 20 4d 89 7e 28 49 8d 46 38 4d 89 7e 30 49 [ 1144.794746] Kernel panic - not syncing: hung_task: blocked tasks [ 1144.794753] CPU: 0 PID: 1045 Comm: khungtaskd Not tainted 4.14.160-syzkaller #0 [ 1144.794758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1144.794760] Call Trace: [ 1144.794770] dump_stack+0x142/0x197 [ 1144.794801] panic+0x1f9/0x42d [ 1144.794808] ? add_taint.cold+0x16/0x16 [ 1144.794820] ? irq_force_complete_move.cold+0x7d/0x7d [ 1144.794832] watchdog+0x5f8/0xb90 [ 1144.794846] kthread+0x319/0x430 [ 1144.794854] ? hungtask_pm_notify+0x50/0x50 [ 1144.794860] ? kthread_create_on_node+0xd0/0xd0 [ 1144.794869] ret_from_fork+0x24/0x30 [ 1144.796413] Kernel Offset: disabled