[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.211' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 629.330625] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1 [ 860.855552] INFO: task syz-executor731:8105 blocked for more than 140 seconds. [ 860.863252] Not tainted 4.19.190-syzkaller #0 [ 860.870087] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 860.883173] syz-executor731 D27216 8105 8104 0x00000004 [ 860.896618] Call Trace: [ 860.899326] __schedule+0x887/0x2040 [ 860.903262] ? mark_held_locks+0xa6/0xf0 [ 860.909462] ? io_schedule_timeout+0x140/0x140 [ 860.914200] ? finish_task_switch+0x1db/0x760 [ 860.919818] schedule+0x8d/0x1b0 [ 860.923436] schedule_timeout+0x92d/0xfe0 [ 860.928841] ? usleep_range+0x170/0x170 [ 860.933229] ? scheduler_ipi+0xfa/0x5a0 [ 860.938468] ? ___preempt_schedule+0x16/0x18 [ 860.943461] ? preempt_schedule_common+0x45/0xc0 [ 860.949459] ? ___preempt_schedule+0x16/0x18 [ 860.962135] wait_for_common+0x29c/0x470 [ 860.968971] ? bit_wait_io_timeout+0x100/0x100 [ 860.973739] ? ___preempt_schedule+0x16/0x18 [ 860.980378] ? wake_up_q+0xe0/0xe0 [ 860.984693] ? ___preempt_schedule+0x16/0x18 [ 860.990422] __flush_work+0x4bb/0x8b0 [ 860.994911] ? alloc_unbound_pwq+0xc10/0xc10 [ 861.000840] ? flush_workqueue_prep_pwqs+0x570/0x570 [ 861.023785] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 861.035451] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 861.040655] ? __pollwait+0x255/0x430 [ 861.044471] n_tty_poll+0x54d/0x8f0 [ 861.055448] ? commit_echoes+0x210/0x210 [ 861.059750] tty_poll+0x139/0x1b0 [ 861.063211] ? tty_release+0x1210/0x1210 [ 861.069990] do_select+0x8e1/0x1610 [ 861.081895] ? select_estimate_accuracy+0x320/0x320 [ 861.087718] ? __lock_acquire+0x6de/0x3ff0 [ 861.093003] ? poll_initwait+0x170/0x170 [ 861.098161] ? poll_schedule_timeout.constprop.0+0x1e0/0x1e0 [ 861.104559] ? poll_schedule_timeout.constprop.0+0x1e0/0x1e0 [ 861.111592] ? poll_schedule_timeout.constprop.0+0x1e0/0x1e0 [ 861.118183] ? poll_schedule_timeout.constprop.0+0x1e0/0x1e0 [ 861.135466] ? poll_schedule_timeout.constprop.0+0x1e0/0x1e0 [ 861.153905] ? poll_schedule_timeout.constprop.0+0x1e0/0x1e0 [ 861.165447] ? poll_schedule_timeout.constprop.0+0x1e0/0x1e0 [ 861.178204] ? poll_schedule_timeout.constprop.0+0x1e0/0x1e0 [ 861.191512] ? poll_schedule_timeout.constprop.0+0x1e0/0x1e0 [ 861.198384] ? lock_acquire+0x170/0x3c0 [ 861.202378] ? __might_fault+0xef/0x1d0 [ 861.208036] ? __might_fault+0x192/0x1d0 [ 861.212134] core_sys_select+0x3ac/0x7e0 [ 861.218468] ? __se_compat_sys_pselect6+0x4a0/0x4a0 [ 861.223504] ? mark_held_locks+0xf0/0xf0 [ 861.228802] ? lock_downgrade+0x720/0x720 [ 861.232965] ? lock_acquire+0x170/0x3c0 [ 861.238035] ? debug_check_no_obj_freed+0xb5/0x490 [ 861.242983] ? trace_hardirqs_off+0x64/0x200 [ 861.248542] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 861.253658] ? debug_check_no_obj_freed+0x201/0x490 [ 861.259870] ? check_preemption_disabled+0x41/0x280 [ 861.264907] ? putname+0xe1/0x120 [ 861.269525] __se_sys_pselect6+0x419/0x480 [ 861.273777] ? putname+0xe1/0x120 [ 861.278883] ? kern_select+0x1c0/0x1c0 [ 861.282785] ? do_sys_open+0x2bf/0x520 [ 861.287803] ? filp_open+0x70/0x70 [ 861.291375] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 861.297906] ? trace_hardirqs_off_caller+0x6e/0x210 [ 861.302953] ? do_syscall_64+0x21/0x620 [ 861.308062] do_syscall_64+0xf9/0x620 [ 861.311880] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 861.318318] RIP: 0033:0x440309 [ 861.321532] Code: Bad RIP value. [ 861.324893] RSP: 002b:00007ffdd0eaa0a8 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 861.334128] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 0000000000440309 [ 861.342156] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000040 [ 861.350148] RBP: 00007ffdd0eaa0e0 R08: 0000000000000000 R09: 0000000000000000 [ 861.358126] R10: 0000000020000140 R11: 0000000000000246 R12: 00000000004038d0 [ 861.366188] R13: 431bde82d7b634db R14: 00000000004ae018 R15: 0000000000400488 [ 861.373538] [ 861.373538] Showing all locks held in the system: [ 861.381033] 6 locks held by kworker/u4:1/23: [ 861.386213] 1 lock held by khungtaskd/1569: [ 861.390539] #0: 0000000006d274ec (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 [ 861.400920] 1 lock held by in:imklog/7803: [ 861.405158] #0: 00000000da72a794 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 [ 861.414340] 1 lock held by syz-executor731/8105: [ 861.419908] #0: 00000000d6999eda (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 [ 861.429174] no locks held by kworker/u4:4/8108. [ 861.433894] [ 861.437781] ============================================= [ 861.437781] [ 861.444844] NMI backtrace for cpu 0 [ 861.448651] CPU: 0 PID: 1569 Comm: khungtaskd Not tainted 4.19.190-syzkaller #0 [ 861.456108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 861.465462] Call Trace: [ 861.468066] dump_stack+0x1fc/0x2ef [ 861.471704] nmi_cpu_backtrace.cold+0x63/0xa2 [ 861.476205] ? lapic_can_unplug_cpu+0x80/0x80 [ 861.480714] nmi_trigger_cpumask_backtrace+0x1a6/0x1f0 [ 861.486000] watchdog+0x991/0xe60 [ 861.489465] ? reset_hung_task_detector+0x30/0x30 [ 861.494316] kthread+0x33f/0x460 [ 861.497683] ? kthread_park+0x180/0x180 [ 861.501664] ret_from_fork+0x24/0x30 [ 861.505442] Sending NMI from CPU 0 to CPUs 1: [ 861.510421] NMI backtrace for cpu 1 [ 861.510428] CPU: 1 PID: 23 Comm: kworker/u4:1 Not tainted 4.19.190-syzkaller #0 [ 861.510434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 861.510438] Workqueue: events_unbound flush_to_ldisc [ 861.510445] RIP: 0010:lock_acquire+0x2fb/0x3c0 [ 861.510456] Code: fe ff ff 65 ff 05 35 aa b6 7e 48 8b 05 46 ae c3 09 e8 49 48 05 00 85 c0 74 09 80 3d e1 5d c3 09 00 74 3f 65 ff 0d 15 aa b6 7e <0f> 85 3e fe ff ff e8 2c 08 b5 ff e9 34 fe ff ff 0f 0b 0f 0b 0f 0b [ 861.510460] RSP: 0018:ffff8880b504f808 EFLAGS: 00000082 [ 861.510468] RAX: 0000000000000000 RBX: ffff8880b5042600 RCX: 0000000000000001 [ 861.510473] RDX: 0000000000000001 RSI: 0000000000000002 RDI: ffff8880b5042e84 [ 861.510479] RBP: ffffffff8d434d60 R08: 0000000000000001 R09: 0000000000000000 [ 861.510483] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 [ 861.510489] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000001 [ 861.510494] FS: 0000000000000000(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 [ 861.510499] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 861.510509] CR2: 00007f11bb008000 CR3: 000000009f37d000 CR4: 00000000001406e0 [ 861.510514] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 861.510519] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 861.510522] Call Trace: [ 861.510526] _raw_spin_lock_irqsave+0x8c/0xc0 [ 861.510531] ? debug_object_activate+0x12f/0x450 [ 861.510535] debug_object_activate+0x12f/0x450 [ 861.510539] ? debug_object_assert_init+0x2e0/0x2e0 [ 861.510543] __queue_work+0x5bc/0x1100 [ 861.510547] ? ___preempt_schedule+0x16/0x18 [ 861.510550] queue_work_on+0x17e/0x1f0 [ 861.510554] pty_write+0x195/0x1f0 [ 861.510558] ? __kasan_slab_free+0x186/0x1f0 [ 861.510562] tty_put_char+0x122/0x150 [ 861.510565] ? dev_match_devt+0x90/0x90 [ 861.510569] ? tty_buffer_space_avail+0x20/0xb0 [ 861.510573] ? pty_write_room+0xbe/0xe0 [ 861.510577] ? ptmx_open+0x350/0x350 [ 861.510581] __process_echoes+0x583/0x9f0 [ 861.510585] n_tty_receive_buf_common+0xc0c/0x2a90 [ 861.510589] tty_ldisc_receive_buf+0xa9/0x190 [ 861.510593] ? n_tty_receive_buf_common+0x2a90/0x2a90 [ 861.510597] tty_port_default_receive_buf+0x78/0xa0 [ 861.510601] flush_to_ldisc+0x21f/0x390 [ 861.510605] process_one_work+0x864/0x1570 [ 861.510609] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 861.510613] worker_thread+0x64c/0x1130 [ 861.510617] ? process_one_work+0x1570/0x1570 [ 861.510620] kthread+0x33f/0x460 [ 861.510624] ? kthread_park+0x180/0x180 [ 861.510628] ret_from_fork+0x24/0x30 [ 861.535241] Kernel panic - not syncing: hung_task: blocked tasks [ 861.761102] CPU: 0 PID: 1569 Comm: khungtaskd Not tainted 4.19.190-syzkaller #0 [ 861.768543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 861.777891] Call Trace: [ 861.780490] dump_stack+0x1fc/0x2ef [ 861.784126] panic+0x26a/0x50e [ 861.787319] ? __warn_printk+0xf3/0xf3 [ 861.791214] ? lapic_can_unplug_cpu+0x80/0x80 [ 861.795710] ? ___preempt_schedule+0x16/0x18 [ 861.800225] ? watchdog+0x991/0xe60 [ 861.803853] ? nmi_trigger_cpumask_backtrace+0x15e/0x1f0 [ 861.809307] watchdog+0x9a2/0xe60 [ 861.812764] ? reset_hung_task_detector+0x30/0x30 [ 861.817614] kthread+0x33f/0x460 [ 861.820980] ? kthread_park+0x180/0x180 [ 861.824957] ret_from_fork+0x24/0x30 [ 861.829261] Kernel Offset: disabled [ 861.832884] Rebooting in 86400 seconds..