
Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   33.297426] random: sshd: uninitialized urandom read (32 bytes read)
[   33.552820] kauditd_printk_skb: 9 callbacks suppressed
[   33.552828] audit: type=1400 audit(1575349905.559:35): avc:  denied  { map } for  pid=6925 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   33.626223] random: sshd: uninitialized urandom read (32 bytes read)
[   34.181421] random: sshd: uninitialized urandom read (32 bytes read)
[  349.268636] audit: type=1400 audit(1575350221.269:36): avc:  denied  { map } for  pid=6934 comm="sh" path="/bin/dash" dev="sda1" ino=1473 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[  919.718773] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.95' (ECDSA) to the list of known hosts.
[  925.255782] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
executing program
executing program
executing program
[  925.371030] audit: type=1400 audit(1575350797.379:37): avc:  denied  { map } for  pid=6941 comm="syz-executor794" path="/root/syz-executor794859909" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 1144.790193] INFO: task syz-executor794:6948 blocked for more than 140 seconds.
[ 1144.790202]       Not tainted 4.14.157-syzkaller #0
[ 1144.790205] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1144.790210] syz-executor794 D28528  6948   6947 0x00000004
[ 1144.790231] Call Trace:
[ 1144.790378]  __schedule+0x7b8/0x1cd0
[ 1144.790392]  ? firmware_map_remove+0x196/0x196
[ 1144.790504]  ? __lock_acquire+0x5f7/0x4620
[ 1144.790515]  schedule+0x92/0x1c0
[ 1144.790524]  schedule_timeout+0x93b/0xe10
[ 1144.790531]  ? __down+0x158/0x290
[ 1144.790539]  ? find_held_lock+0x35/0x130
[ 1144.790547]  ? usleep_range+0x130/0x130
[ 1144.790553]  ? __down+0x158/0x290
[ 1144.790562]  ? save_trace+0x290/0x290
[ 1144.790573]  ? _raw_spin_unlock_irq+0x28/0x90
[ 1144.790582]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1144.790592]  __down+0x160/0x290
[ 1144.790602]  ? ww_mutex_lock+0xc0/0xc0
[ 1144.790616]  down+0x64/0x90
[ 1144.790651]  console_lock+0x28/0x80
[ 1144.790702]  do_fb_ioctl+0x36a/0x940
[ 1144.790710]  ? lock_downgrade+0x740/0x740
[ 1144.790717]  ? fb_read+0x520/0x520
[ 1144.790762]  ? avc_has_extended_perms+0x8ec/0xe40
[ 1144.790769]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.790780]  ? avc_ss_reset+0x110/0x110
[ 1144.790827]  ? follow_pfn+0x220/0x220
[ 1144.790835]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.790845]  ? do_wp_page+0x253/0x1250
[ 1144.790883]  ? __might_sleep+0x93/0xb0
[ 1144.790890]  ? save_trace+0x290/0x290
[ 1144.790901]  fb_ioctl+0xe6/0x130
[ 1144.790909]  ? do_fb_ioctl+0x940/0x940
[ 1144.790949]  do_vfs_ioctl+0x7ae/0x1060
[ 1144.790975]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1144.790985]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1144.790993]  ? lock_downgrade+0x740/0x740
[ 1144.791008]  ? security_file_ioctl+0x7d/0xb0
[ 1144.791015]  ? security_file_ioctl+0x89/0xb0
[ 1144.791025]  SyS_ioctl+0x8f/0xc0
[ 1144.791033]  ? do_vfs_ioctl+0x1060/0x1060
[ 1144.791072]  do_syscall_64+0x1e8/0x640
[ 1144.791105]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1144.791118]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1144.791125] RIP: 0033:0x441419
[ 1144.791130] RSP: 002b:00007ffed7c23898 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1144.791139] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419
[ 1144.791145] RDX: 0000000020000340 RSI: 0000000000004601 RDI: 0000000000000003
[ 1144.791150] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
[ 1144.791154] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190
[ 1144.791159] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000
[ 1144.791178] INFO: task syz-executor794:6950 blocked for more than 140 seconds.
[ 1144.791182]       Not tainted 4.14.157-syzkaller #0
[ 1144.791186] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1144.791189] syz-executor794 D28528  6950   6943 0x00000004
[ 1144.791206] Call Trace:
[ 1144.791217]  __schedule+0x7b8/0x1cd0
[ 1144.791229]  ? firmware_map_remove+0x196/0x196
[ 1144.791236]  ? __lock_acquire+0x5f7/0x4620
[ 1144.791247]  schedule+0x92/0x1c0
[ 1144.791255]  schedule_timeout+0x93b/0xe10
[ 1144.791261]  ? __down+0x158/0x290
[ 1144.791269]  ? find_held_lock+0x35/0x130
[ 1144.791277]  ? usleep_range+0x130/0x130
[ 1144.791283]  ? __down+0x158/0x290
[ 1144.791291]  ? save_trace+0x290/0x290
[ 1144.791302]  ? _raw_spin_unlock_irq+0x28/0x90
[ 1144.791312]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1144.791322]  __down+0x160/0x290
[ 1144.791331]  ? ww_mutex_lock+0xc0/0xc0
[ 1144.791346]  down+0x64/0x90
[ 1144.791354]  console_lock+0x28/0x80
[ 1144.791360]  do_fb_ioctl+0x36a/0x940
[ 1144.791368]  ? lock_downgrade+0x740/0x740
[ 1144.791374]  ? fb_read+0x520/0x520
[ 1144.791385]  ? avc_has_extended_perms+0x8ec/0xe40
[ 1144.791392]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.791403]  ? avc_ss_reset+0x110/0x110
[ 1144.791419]  ? follow_pfn+0x220/0x220
[ 1144.791428]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.791438]  ? do_wp_page+0x253/0x1250
[ 1144.791456]  ? __might_sleep+0x93/0xb0
[ 1144.791462]  ? save_trace+0x290/0x290
[ 1144.791473]  fb_ioctl+0xe6/0x130
[ 1144.791481]  ? do_fb_ioctl+0x940/0x940
[ 1144.791488]  do_vfs_ioctl+0x7ae/0x1060
[ 1144.791496]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1144.791506]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1144.791513]  ? lock_downgrade+0x740/0x740
[ 1144.791528]  ? security_file_ioctl+0x7d/0xb0
[ 1144.791534]  ? security_file_ioctl+0x89/0xb0
[ 1144.791545]  SyS_ioctl+0x8f/0xc0
[ 1144.791552]  ? do_vfs_ioctl+0x1060/0x1060
[ 1144.791561]  do_syscall_64+0x1e8/0x640
[ 1144.791568]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1144.791580]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1144.791586] RIP: 0033:0x441419
[ 1144.791590] RSP: 002b:00007ffed7c23898 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1144.791598] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419
[ 1144.791603] RDX: 0000000020000340 RSI: 0000000000004601 RDI: 0000000000000003
[ 1144.791608] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
[ 1144.791612] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190
[ 1144.791617] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000
[ 1144.791633] INFO: task syz-executor794:6951 blocked for more than 140 seconds.
[ 1144.791637]       Not tainted 4.14.157-syzkaller #0
[ 1144.791641] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1144.791644] syz-executor794 D28528  6951   6946 0x00000004
[ 1144.791660] Call Trace:
[ 1144.791669]  __schedule+0x7b8/0x1cd0
[ 1144.791681]  ? firmware_map_remove+0x196/0x196
[ 1144.791689]  ? __lock_acquire+0x5f7/0x4620
[ 1144.791699]  schedule+0x92/0x1c0
[ 1144.791707]  schedule_timeout+0x93b/0xe10
[ 1144.791713]  ? __down+0x158/0x290
[ 1144.791722]  ? find_held_lock+0x35/0x130
[ 1144.791729]  ? usleep_range+0x130/0x130
[ 1144.791735]  ? __down+0x158/0x290
[ 1144.791744]  ? save_trace+0x290/0x290
[ 1144.791755]  ? _raw_spin_unlock_irq+0x28/0x90
[ 1144.791764]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1144.791774]  __down+0x160/0x290
[ 1144.791783]  ? ww_mutex_lock+0xc0/0xc0
[ 1144.791797]  down+0x64/0x90
[ 1144.791805]  console_lock+0x28/0x80
[ 1144.791812]  do_fb_ioctl+0x36a/0x940
[ 1144.791819]  ? lock_downgrade+0x740/0x740
[ 1144.791826]  ? fb_read+0x520/0x520
[ 1144.791837]  ? avc_has_extended_perms+0x8ec/0xe40
[ 1144.791844]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.791855]  ? avc_ss_reset+0x110/0x110
[ 1144.791866]  ? follow_pfn+0x220/0x220
[ 1144.791874]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.791884]  ? do_wp_page+0x253/0x1250
[ 1144.791902]  ? __might_sleep+0x93/0xb0
[ 1144.791908]  ? save_trace+0x290/0x290
[ 1144.791919]  fb_ioctl+0xe6/0x130
[ 1144.791927]  ? do_fb_ioctl+0x940/0x940
[ 1144.791934]  do_vfs_ioctl+0x7ae/0x1060
[ 1144.791942]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1144.791952]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1144.791960]  ? lock_downgrade+0x740/0x740
[ 1144.791974]  ? security_file_ioctl+0x7d/0xb0
[ 1144.791981]  ? security_file_ioctl+0x89/0xb0
[ 1144.791991]  SyS_ioctl+0x8f/0xc0
[ 1144.791998]  ? do_vfs_ioctl+0x1060/0x1060
[ 1144.792007]  do_syscall_64+0x1e8/0x640
[ 1144.792014]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1144.792026]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1144.792031] RIP: 0033:0x441419
[ 1144.792036] RSP: 002b:00007ffed7c23898 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1144.792044] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419
[ 1144.792048] RDX: 0000000020000340 RSI: 0000000000004601 RDI: 0000000000000003
[ 1144.792053] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
[ 1144.792058] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190
[ 1144.792063] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000
[ 1144.792079] INFO: task syz-executor794:6952 blocked for more than 140 seconds.
[ 1144.792083]       Not tainted 4.14.157-syzkaller #0
[ 1144.792086] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1144.792090] syz-executor794 D28528  6952   6944 0x00000004
[ 1144.792105] Call Trace:
[ 1144.792114]  __schedule+0x7b8/0x1cd0
[ 1144.792126]  ? firmware_map_remove+0x196/0x196
[ 1144.792133]  ? __lock_acquire+0x5f7/0x4620
[ 1144.792144]  schedule+0x92/0x1c0
[ 1144.792152]  schedule_timeout+0x93b/0xe10
[ 1144.792158]  ? __down+0x158/0x290
[ 1144.792166]  ? find_held_lock+0x35/0x130
[ 1144.792174]  ? usleep_range+0x130/0x130
[ 1144.792179]  ? __down+0x158/0x290
[ 1144.792188]  ? save_trace+0x290/0x290
[ 1144.792199]  ? _raw_spin_unlock_irq+0x28/0x90
[ 1144.792208]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1144.792218]  __down+0x160/0x290
[ 1144.792227]  ? ww_mutex_lock+0xc0/0xc0
[ 1144.792242]  down+0x64/0x90
[ 1144.792249]  console_lock+0x28/0x80
[ 1144.792256]  do_fb_ioctl+0x36a/0x940
[ 1144.792263]  ? lock_downgrade+0x740/0x740
[ 1144.792270]  ? fb_read+0x520/0x520
[ 1144.792281]  ? avc_has_extended_perms+0x8ec/0xe40
[ 1144.792288]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.792299]  ? avc_ss_reset+0x110/0x110
[ 1144.792310]  ? follow_pfn+0x220/0x220
[ 1144.792318]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.792328]  ? do_wp_page+0x253/0x1250
[ 1144.792346]  ? __might_sleep+0x93/0xb0
[ 1144.792353]  ? save_trace+0x290/0x290
[ 1144.792364]  fb_ioctl+0xe6/0x130
[ 1144.792371]  ? do_fb_ioctl+0x940/0x940
[ 1144.792378]  do_vfs_ioctl+0x7ae/0x1060
[ 1144.792386]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1144.792396]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1144.792404]  ? lock_downgrade+0x740/0x740
[ 1144.792423]  ? security_file_ioctl+0x7d/0xb0
[ 1144.792429]  ? security_file_ioctl+0x89/0xb0
[ 1144.792440]  SyS_ioctl+0x8f/0xc0
[ 1144.792447]  ? do_vfs_ioctl+0x1060/0x1060
[ 1144.792456]  do_syscall_64+0x1e8/0x640
[ 1144.792463]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1144.792475]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1144.792480] RIP: 0033:0x441419
[ 1144.792485] RSP: 002b:00007ffed7c23898 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1144.792493] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419
[ 1144.792498] RDX: 0000000020000340 RSI: 0000000000004601 RDI: 0000000000000003
[ 1144.792502] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
[ 1144.792507] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190
[ 1144.792512] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000
[ 1144.792528] INFO: task syz-executor794:6953 blocked for more than 140 seconds.
[ 1144.792532]       Not tainted 4.14.157-syzkaller #0
[ 1144.792535] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1144.792538] syz-executor794 D28528  6953   6942 0x00000004
[ 1144.792553] Call Trace:
[ 1144.792563]  __schedule+0x7b8/0x1cd0
[ 1144.792569]  ? __mutex_lock+0x737/0x1470
[ 1144.792580]  ? firmware_map_remove+0x196/0x196
[ 1144.792592]  schedule+0x92/0x1c0
[ 1144.792600]  schedule_preempt_disabled+0x13/0x20
[ 1144.792606]  __mutex_lock+0x73c/0x1470
[ 1144.792637]  ? fb_open+0xb7/0x420
[ 1144.792647]  ? mutex_trylock+0x1c0/0x1c0
[ 1144.792657]  ? __mutex_unlock_slowpath+0x71/0x800
[ 1144.792664]  ? find_held_lock+0x35/0x130
[ 1144.792680]  mutex_lock_nested+0x16/0x20
[ 1144.792686]  ? mutex_lock_nested+0x16/0x20
[ 1144.792693]  fb_open+0xb7/0x420
[ 1144.792701]  ? get_fb_info.part.0+0x80/0x80
[ 1144.792727]  chrdev_open+0x207/0x590
[ 1144.792737]  ? cdev_put.part.0+0x50/0x50
[ 1144.792746]  ? security_file_open+0x89/0x190
[ 1144.792773]  do_dentry_open+0x73b/0xeb0
[ 1144.792783]  ? cdev_put.part.0+0x50/0x50
[ 1144.792795]  vfs_open+0x105/0x220
[ 1144.792805]  path_openat+0x8bd/0x3f70
[ 1144.792813]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1144.792823]  ? trace_hardirqs_on+0x10/0x10
[ 1144.792838]  ? path_lookupat.isra.0+0x7b0/0x7b0
[ 1144.792845]  ? __lock_is_held+0xb6/0x140
[ 1144.792853]  ? save_trace+0x290/0x290
[ 1144.792868]  ? __alloc_fd+0x1d4/0x4a0
[ 1144.792878]  do_filp_open+0x18e/0x250
[ 1144.792885]  ? __alloc_fd+0x1d4/0x4a0
[ 1144.792892]  ? may_open_dev+0xe0/0xe0
[ 1144.792907]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.792915]  ? _raw_spin_unlock+0x2d/0x50
[ 1144.792923]  ? __alloc_fd+0x1d4/0x4a0
[ 1144.792940]  do_sys_open+0x2c5/0x430
[ 1144.792950]  ? filp_open+0x70/0x70
[ 1144.792956]  ? up_read+0x1a/0x40
[ 1144.792970]  SyS_openat+0x30/0x40
[ 1144.792977]  ? SyS_open+0x40/0x40
[ 1144.792986]  do_syscall_64+0x1e8/0x640
[ 1144.792993]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1144.793005]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1144.793010] RIP: 0033:0x441419
[ 1144.793015] RSP: 002b:00007ffed7c23898 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1144.793023] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419
[ 1144.793028] RDX: 0000000000000000 RSI: 0000000020000840 RDI: ffffffffffffff9c
[ 1144.793032] RBP: 00000000006cb018 R08: 0000000000000004 R09: 00000000004002c8
[ 1144.793037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402190
[ 1144.793042] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000
[ 1144.793057] 
[ 1144.793057] Showing all locks held in the system:
[ 1144.793066] 1 lock held by khungtaskd/1042:
[ 1144.793070]  #0:  (tasklist_lock){.+.+}, at: [<ffffffff8148a428>] debug_show_all_locks+0x7f/0x21f
[ 1144.793104] 1 lock held by rsyslogd/6790:
[ 1144.793106]  #0:  (&f->f_pos_lock){+.+.}, at: [<ffffffff8196407b>] __fdget_pos+0xab/0xd0
[ 1144.793126] 2 locks held by getty/6912:
[ 1144.793129]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff86614193>] ldsem_down_read+0x33/0x40
[ 1144.793147]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8348e086>] n_tty_read+0x1e6/0x17b0
[ 1144.793197] 2 locks held by getty/6913:
[ 1144.793199]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff86614193>] ldsem_down_read+0x33/0x40
[ 1144.793216]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8348e086>] n_tty_read+0x1e6/0x17b0
[ 1144.793236] 2 locks held by getty/6914:
[ 1144.793238]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff86614193>] ldsem_down_read+0x33/0x40
[ 1144.793255]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8348e086>] n_tty_read+0x1e6/0x17b0
[ 1144.793275] 2 locks held by getty/6915:
[ 1144.793277]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff86614193>] ldsem_down_read+0x33/0x40
[ 1144.793294]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8348e086>] n_tty_read+0x1e6/0x17b0
[ 1144.793314] 2 locks held by getty/6916:
[ 1144.793316]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff86614193>] ldsem_down_read+0x33/0x40
[ 1144.793333]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8348e086>] n_tty_read+0x1e6/0x17b0
[ 1144.793352] 2 locks held by getty/6917:
[ 1144.793355]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff86614193>] ldsem_down_read+0x33/0x40
[ 1144.793372]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8348e086>] n_tty_read+0x1e6/0x17b0
[ 1144.793391] 2 locks held by getty/6918:
[ 1144.793394]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff86614193>] ldsem_down_read+0x33/0x40
[ 1144.793411]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8348e086>] n_tty_read+0x1e6/0x17b0
[ 1144.793436] 1 lock held by syz-executor794/6953:
[ 1144.793439]  #0:  (&fb_info->lock){+.+.}, at: [<ffffffff83246fd7>] fb_open+0xb7/0x420
[ 1144.793456] 
[ 1144.793459] =============================================
[ 1144.793459] 
[ 1144.793464] NMI backtrace for cpu 1
[ 1144.793471] CPU: 1 PID: 1042 Comm: khungtaskd Not tainted 4.14.157-syzkaller #0
[ 1144.793476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1144.793479] Call Trace:
[ 1144.793528]  dump_stack+0x142/0x197
[ 1144.793540]  nmi_cpu_backtrace.cold+0x57/0x94
[ 1144.793592]  ? irq_force_complete_move.cold+0x7d/0x7d
[ 1144.793601]  nmi_trigger_cpumask_backtrace+0x141/0x189
[ 1144.793611]  arch_trigger_cpumask_backtrace+0x14/0x20
[ 1144.793658]  watchdog+0x5e7/0xb90
[ 1144.793690]  kthread+0x319/0x430
[ 1144.793697]  ? hungtask_pm_notify+0x50/0x50
[ 1144.793704]  ? kthread_create_on_node+0xd0/0xd0
[ 1144.793712]  ret_from_fork+0x24/0x30
[ 1144.793729] Sending NMI from CPU 1 to CPUs 0:
[ 1144.794244] NMI backtrace for cpu 0
[ 1144.794248] CPU: 0 PID: 6949 Comm: syz-executor794 Not tainted 4.14.157-syzkaller #0
[ 1144.794252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1144.794254] task: ffff8880898f22c0 task.stack: ffff8880a0f90000
[ 1144.794256] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60
[ 1144.794258] RSP: 0018:ffff8880a0f97268 EFLAGS: 00000206
[ 1144.794262] RAX: ffff8880000a0178 RBX: 0000000000000050 RCX: 0000000000000000
[ 1144.794265] RDX: 0000000000000000 RSI: ffff8880000a0000 RDI: 0000000000000040
[ 1144.794268] RBP: ffff8880a0f972a8 R08: 0000000000001400 R09: 0000000000000040
[ 1144.794270] R10: ffffed10432461f3 R11: ffff888219230f9f R12: ffff8880000a0280
[ 1144.794273] R13: 0000000000000000 R14: ffff8880000a0180 R15: 0000000000000000
[ 1144.794276] FS:  0000000002288880(0000) GS:ffff8880aec00000(0000) knlGS:0000000000000000
[ 1144.794278] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1144.794281] CR2: 00000000006cc080 CR3: 000000008b9e4000 CR4: 00000000001406f0
[ 1144.794284] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1144.794286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1144.794288] Call Trace:
[ 1144.794290]  ? bitfill_aligned+0xdc/0x190
[ 1144.794292]  cfb_fillrect+0x3d0/0x720
[ 1144.794293]  ? cfb_fillrect+0x720/0x720
[ 1144.794295]  vga16fb_fillrect+0x618/0x1880
[ 1144.794297]  ? memcpy+0x46/0x50
[ 1144.794299]  bit_clear_margins+0x2d5/0x4f0
[ 1144.794301]  ? bit_bmove+0x240/0x240
[ 1144.794303]  ? efifb_probe.cold+0x1379/0x1379
[ 1144.794305]  fbcon_clear_margins+0x292/0x320
[ 1144.794307]  fbcon_switch+0xd38/0x1820
[ 1144.794308]  ? fbcon_set_def_font+0x360/0x360
[ 1144.794310]  ? fbcon_set_origin+0x21/0x50
[ 1144.794312]  ? fbcon_scrolldelta+0x1100/0x1100
[ 1144.794314]  ? set_origin+0x108/0x3c0
[ 1144.794316]  redraw_screen+0x335/0x7c0
[ 1144.794318]  ? con_flush_chars+0x90/0x90
[ 1144.794320]  ? fbcon_set_palette+0x203/0x5b0
[ 1144.794322]  fbcon_modechanged+0x59e/0x880
[ 1144.794324]  fbcon_event_notify+0x11f/0x17af
[ 1144.794326]  ? lock_acquire+0x16f/0x430
[ 1144.794328]  notifier_call_chain+0x111/0x1b0
[ 1144.794330]  blocking_notifier_call_chain+0x80/0xa0
[ 1144.794332]  fb_notifier_call_chain+0x25/0x30
[ 1144.794333]  fb_set_var+0xb09/0xcf0
[ 1144.794335]  ? fb_set_suspend+0x110/0x110
[ 1144.794337]  ? lock_acquire+0x16f/0x430
[ 1144.794339]  ? lock_fb_info+0x1f/0x80
[ 1144.794341]  ? lock_fb_info+0x1f/0x80
[ 1144.794343]  ? __mutex_lock+0x36a/0x1470
[ 1144.794345]  ? trace_hardirqs_on+0x10/0x10
[ 1144.794347]  ? lock_acquire+0x16f/0x430
[ 1144.794348]  ? __down+0x16b/0x290
[ 1144.794350]  ? mutex_trylock+0x1c0/0x1c0
[ 1144.794352]  ? down+0x70/0x90
[ 1144.794354]  ? mutex_lock_nested+0x16/0x20
[ 1144.794356]  ? mutex_lock_nested+0x16/0x20
[ 1144.794357]  do_fb_ioctl+0x3cc/0x940
[ 1144.794359]  ? fb_read+0x520/0x520
[ 1144.794361]  ? avc_has_extended_perms+0x8ec/0xe40
[ 1144.794363]  ? avc_ss_reset+0x110/0x110
[ 1144.794365]  ? follow_pfn+0x220/0x220
[ 1144.794367]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.794369]  ? do_wp_page+0x253/0x1250
[ 1144.794370]  ? __might_sleep+0x93/0xb0
[ 1144.794372]  ? save_trace+0x290/0x290
[ 1144.794374]  fb_ioctl+0xe6/0x130
[ 1144.794376]  ? do_fb_ioctl+0x940/0x940
[ 1144.794377]  do_vfs_ioctl+0x7ae/0x1060
[ 1144.794379]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1144.794382]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1144.794384]  ? lock_downgrade+0x740/0x740
[ 1144.794385]  ? security_file_ioctl+0x7d/0xb0
[ 1144.794388]  ? security_file_ioctl+0x89/0xb0
[ 1144.794389]  SyS_ioctl+0x8f/0xc0
[ 1144.794391]  ? do_vfs_ioctl+0x1060/0x1060
[ 1144.794393]  do_syscall_64+0x1e8/0x640
[ 1144.794395]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1144.794397]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1144.794399] RIP: 0033:0x441419
[ 1144.794401] RSP: 002b:00007ffed7c23898 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1144.794406] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419
[ 1144.794408] RDX: 0000000020000340 RSI: 0000000000004601 RDI: 0000000000000003
[ 1144.794411] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
[ 1144.794414] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190
[ 1144.794418] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000
[ 1144.794419] Code: 00 00 48 c7 c7 20 ba cd 86 4c 89 35 bb d1 4a 08 41 be f4 ff ff ff e8 53 39 ee ff 48 c7 05 a5 d1 4a 08 00 00 00 00 e9 14 ec ff ff <65> 48 8b 04 25 40 ee 01 00 48 85 c0 74 1a 65 8b 15 1b c8 a4 7e 
[ 1144.794743] Kernel panic - not syncing: hung_task: blocked tasks
[ 1144.794750] CPU: 1 PID: 1042 Comm: khungtaskd Not tainted 4.14.157-syzkaller #0
[ 1144.794754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1144.794757] Call Trace:
[ 1144.794765]  dump_stack+0x142/0x197
[ 1144.794798]  panic+0x1f9/0x42d
[ 1144.794805]  ? add_taint.cold+0x16/0x16
[ 1144.794816]  ? irq_force_complete_move.cold+0x7d/0x7d
[ 1144.794828]  watchdog+0x5f8/0xb90
[ 1144.794842]  kthread+0x319/0x430
[ 1144.794848]  ? hungtask_pm_notify+0x50/0x50
[ 1144.794855]  ? kthread_create_on_node+0xd0/0xd0
[ 1144.794863]  ret_from_fork+0x24/0x30
[ 1144.796449] Kernel Offset: disabled