[   32.782405] audit: type=1800 audit(1575344821.685:33): pid=6885 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
[   32.810966] audit: type=1800 audit(1575344821.685:34): pid=6885 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   37.645492] random: sshd: uninitialized urandom read (32 bytes read)
[   37.924246] audit: type=1400 audit(1575344826.825:35): avc:  denied  { map } for  pid=7059 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   37.980458] random: sshd: uninitialized urandom read (32 bytes read)
[   38.542555] random: sshd: uninitialized urandom read (32 bytes read)
[  956.807752] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.171' (ECDSA) to the list of known hosts.
[  962.395350] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
executing program
executing program
executing program
[  962.511764] audit: type=1400 audit(1575345751.415:36): avc:  denied  { map } for  pid=7071 comm="syz-executor260" path="/root/syz-executor260914159" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 1144.800168] INFO: task syz-executor260:7079 blocked for more than 140 seconds.
[ 1144.800176]       Not tainted 4.14.157-syzkaller #0
[ 1144.800180] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1144.800185] syz-executor260 D28528  7079   7075 0x00000004
[ 1144.800205] Call Trace:
[ 1144.800315]  __schedule+0x7b8/0x1cd0
[ 1144.800328]  ? firmware_map_remove+0x196/0x196
[ 1144.800339]  ? __lock_acquire+0x5f7/0x4620
[ 1144.800349]  schedule+0x92/0x1c0
[ 1144.800358]  schedule_timeout+0x93b/0xe10
[ 1144.800365]  ? __down+0x158/0x290
[ 1144.800373]  ? find_held_lock+0x35/0x130
[ 1144.800381]  ? usleep_range+0x130/0x130
[ 1144.800387]  ? __down+0x158/0x290
[ 1144.800395]  ? save_trace+0x290/0x290
[ 1144.800407]  ? _raw_spin_unlock_irq+0x28/0x90
[ 1144.800416]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1144.800426]  __down+0x160/0x290
[ 1144.800436]  ? ww_mutex_lock+0xc0/0xc0
[ 1144.800450]  down+0x64/0x90
[ 1144.800459]  console_lock+0x28/0x80
[ 1144.800501]  do_fb_ioctl+0x36a/0x940
[ 1144.800509]  ? lock_downgrade+0x740/0x740
[ 1144.800517]  ? fb_read+0x520/0x520
[ 1144.800557]  ? avc_has_extended_perms+0x8ec/0xe40
[ 1144.800565]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.800576]  ? avc_ss_reset+0x110/0x110
[ 1144.800617]  ? follow_pfn+0x220/0x220
[ 1144.800625]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.800635]  ? do_wp_page+0x253/0x1250
[ 1144.800655]  ? __might_sleep+0x93/0xb0
[ 1144.800662]  ? save_trace+0x290/0x290
[ 1144.800672]  fb_ioctl+0xe6/0x130
[ 1144.800680]  ? do_fb_ioctl+0x940/0x940
[ 1144.800717]  do_vfs_ioctl+0x7ae/0x1060
[ 1144.800753]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1144.800763]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1144.800771]  ? lock_downgrade+0x740/0x740
[ 1144.800786]  ? security_file_ioctl+0x7d/0xb0
[ 1144.800793]  ? security_file_ioctl+0x89/0xb0
[ 1144.800804]  SyS_ioctl+0x8f/0xc0
[ 1144.800811]  ? do_vfs_ioctl+0x1060/0x1060
[ 1144.800823]  do_syscall_64+0x1e8/0x640
[ 1144.800831]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1144.800883]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1144.800891] RIP: 0033:0x441419
[ 1144.800895] RSP: 002b:00007ffedc91df68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1144.800905] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419
[ 1144.800910] RDX: 0000000020000180 RSI: 0000000000004601 RDI: 0000000000000003
[ 1144.800915] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
[ 1144.800920] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190
[ 1144.800925] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000
[ 1144.800944] INFO: task syz-executor260:7080 blocked for more than 140 seconds.
[ 1144.800948]       Not tainted 4.14.157-syzkaller #0
[ 1144.800952] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1144.800956] syz-executor260 D28528  7080   7073 0x00000004
[ 1144.800973] Call Trace:
[ 1144.800983]  __schedule+0x7b8/0x1cd0
[ 1144.800995]  ? firmware_map_remove+0x196/0x196
[ 1144.801003]  ? __lock_acquire+0x5f7/0x4620
[ 1144.801013]  schedule+0x92/0x1c0
[ 1144.801021]  schedule_timeout+0x93b/0xe10
[ 1144.801028]  ? __down+0x158/0x290
[ 1144.801036]  ? find_held_lock+0x35/0x130
[ 1144.801044]  ? usleep_range+0x130/0x130
[ 1144.801050]  ? __down+0x158/0x290
[ 1144.801059]  ? save_trace+0x290/0x290
[ 1144.801069]  ? _raw_spin_unlock_irq+0x28/0x90
[ 1144.801079]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1144.801089]  __down+0x160/0x290
[ 1144.801098]  ? ww_mutex_lock+0xc0/0xc0
[ 1144.801113]  down+0x64/0x90
[ 1144.801120]  console_lock+0x28/0x80
[ 1144.801127]  do_fb_ioctl+0x36a/0x940
[ 1144.801134]  ? lock_downgrade+0x740/0x740
[ 1144.801141]  ? fb_read+0x520/0x520
[ 1144.801151]  ? avc_has_extended_perms+0x8ec/0xe40
[ 1144.801159]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.801170]  ? avc_ss_reset+0x110/0x110
[ 1144.801181]  ? follow_pfn+0x220/0x220
[ 1144.801189]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.801199]  ? do_wp_page+0x253/0x1250
[ 1144.801217]  ? __might_sleep+0x93/0xb0
[ 1144.801223]  ? save_trace+0x290/0x290
[ 1144.801234]  fb_ioctl+0xe6/0x130
[ 1144.801242]  ? do_fb_ioctl+0x940/0x940
[ 1144.801249]  do_vfs_ioctl+0x7ae/0x1060
[ 1144.801257]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1144.801266]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1144.801274]  ? lock_downgrade+0x740/0x740
[ 1144.801289]  ? security_file_ioctl+0x7d/0xb0
[ 1144.801295]  ? security_file_ioctl+0x89/0xb0
[ 1144.801306]  SyS_ioctl+0x8f/0xc0
[ 1144.801313]  ? do_vfs_ioctl+0x1060/0x1060
[ 1144.801322]  do_syscall_64+0x1e8/0x640
[ 1144.801329]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1144.801342]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1144.801346] RIP: 0033:0x441419
[ 1144.801350] RSP: 002b:00007ffedc91df68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1144.801359] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419
[ 1144.801363] RDX: 0000000020000180 RSI: 0000000000004601 RDI: 0000000000000003
[ 1144.801368] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
[ 1144.801373] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190
[ 1144.801378] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000
[ 1144.801394] INFO: task syz-executor260:7081 blocked for more than 140 seconds.
[ 1144.801398]       Not tainted 4.14.157-syzkaller #0
[ 1144.801401] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1144.801405] syz-executor260 D28528  7081   7076 0x00000004
[ 1144.801420] Call Trace:
[ 1144.801430]  __schedule+0x7b8/0x1cd0
[ 1144.801436]  ? __mutex_lock+0x737/0x1470
[ 1144.801447]  ? firmware_map_remove+0x196/0x196
[ 1144.801458]  schedule+0x92/0x1c0
[ 1144.801467]  schedule_preempt_disabled+0x13/0x20
[ 1144.801473]  __mutex_lock+0x73c/0x1470
[ 1144.801512]  ? fb_open+0xb7/0x420
[ 1144.801523]  ? mutex_trylock+0x1c0/0x1c0
[ 1144.801532]  ? __mutex_unlock_slowpath+0x71/0x800
[ 1144.801539]  ? find_held_lock+0x35/0x130
[ 1144.801555]  mutex_lock_nested+0x16/0x20
[ 1144.801562]  ? mutex_lock_nested+0x16/0x20
[ 1144.801569]  fb_open+0xb7/0x420
[ 1144.801578]  ? get_fb_info.part.0+0x80/0x80
[ 1144.801613]  chrdev_open+0x207/0x590
[ 1144.801622]  ? cdev_put.part.0+0x50/0x50
[ 1144.801631]  ? security_file_open+0x89/0x190
[ 1144.801666]  do_dentry_open+0x73b/0xeb0
[ 1144.801676]  ? cdev_put.part.0+0x50/0x50
[ 1144.801688]  vfs_open+0x105/0x220
[ 1144.801699]  path_openat+0x8bd/0x3f70
[ 1144.801706]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1144.801725]  ? path_lookupat.isra.0+0x7b0/0x7b0
[ 1144.801732]  ? __lock_is_held+0xb6/0x140
[ 1144.801740]  ? save_trace+0x290/0x290
[ 1144.801760]  ? __alloc_fd+0x1d4/0x4a0
[ 1144.801769]  do_filp_open+0x18e/0x250
[ 1144.801776]  ? __alloc_fd+0x1d4/0x4a0
[ 1144.801784]  ? may_open_dev+0xe0/0xe0
[ 1144.801798]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.801807]  ? _raw_spin_unlock+0x2d/0x50
[ 1144.801815]  ? __alloc_fd+0x1d4/0x4a0
[ 1144.801832]  do_sys_open+0x2c5/0x430
[ 1144.801846]  ? filp_open+0x70/0x70
[ 1144.801853]  ? up_read+0x1a/0x40
[ 1144.801867]  SyS_openat+0x30/0x40
[ 1144.801874]  ? SyS_open+0x40/0x40
[ 1144.801882]  do_syscall_64+0x1e8/0x640
[ 1144.801890]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1144.801902]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1144.801907] RIP: 0033:0x441419
[ 1144.801912] RSP: 002b:00007ffedc91df68 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1144.801920] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419
[ 1144.801925] RDX: 0000000000000000 RSI: 0000000020000840 RDI: ffffffffffffff9c
[ 1144.801930] RBP: 00000000006cb018 R08: 0000000000000004 R09: 00000000004002c8
[ 1144.801934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402190
[ 1144.801939] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000
[ 1144.801956] INFO: task syz-executor260:7082 blocked for more than 140 seconds.
[ 1144.801961]       Not tainted 4.14.157-syzkaller #0
[ 1144.801964] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1144.801967] syz-executor260 D28528  7082   7074 0x00000004
[ 1144.801984] Call Trace:
[ 1144.801994]  __schedule+0x7b8/0x1cd0
[ 1144.802001]  ? __mutex_lock+0x737/0x1470
[ 1144.802012]  ? firmware_map_remove+0x196/0x196
[ 1144.802023]  schedule+0x92/0x1c0
[ 1144.802031]  schedule_preempt_disabled+0x13/0x20
[ 1144.802038]  __mutex_lock+0x73c/0x1470
[ 1144.802048]  ? fb_open+0xb7/0x420
[ 1144.802058]  ? mutex_trylock+0x1c0/0x1c0
[ 1144.802068]  ? __mutex_unlock_slowpath+0x71/0x800
[ 1144.802075]  ? find_held_lock+0x35/0x130
[ 1144.802092]  mutex_lock_nested+0x16/0x20
[ 1144.802098]  ? mutex_lock_nested+0x16/0x20
[ 1144.802105]  fb_open+0xb7/0x420
[ 1144.802114]  ? get_fb_info.part.0+0x80/0x80
[ 1144.802121]  chrdev_open+0x207/0x590
[ 1144.802130]  ? cdev_put.part.0+0x50/0x50
[ 1144.802139]  ? security_file_open+0x89/0x190
[ 1144.802149]  do_dentry_open+0x73b/0xeb0
[ 1144.802158]  ? cdev_put.part.0+0x50/0x50
[ 1144.802170]  vfs_open+0x105/0x220
[ 1144.802180]  path_openat+0x8bd/0x3f70
[ 1144.802187]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1144.802198]  ? trace_hardirqs_on+0x10/0x10
[ 1144.802212]  ? path_lookupat.isra.0+0x7b0/0x7b0
[ 1144.802219]  ? __lock_is_held+0xb6/0x140
[ 1144.802227]  ? save_trace+0x290/0x290
[ 1144.802238]  ? __alloc_fd+0x1d4/0x4a0
[ 1144.802247]  do_filp_open+0x18e/0x250
[ 1144.802254]  ? __alloc_fd+0x1d4/0x4a0
[ 1144.802262]  ? may_open_dev+0xe0/0xe0
[ 1144.802276]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.802285]  ? _raw_spin_unlock+0x2d/0x50
[ 1144.802293]  ? __alloc_fd+0x1d4/0x4a0
[ 1144.802310]  do_sys_open+0x2c5/0x430
[ 1144.802320]  ? filp_open+0x70/0x70
[ 1144.802326]  ? up_read+0x1a/0x40
[ 1144.802340]  SyS_openat+0x30/0x40
[ 1144.802346]  ? SyS_open+0x40/0x40
[ 1144.802355]  do_syscall_64+0x1e8/0x640
[ 1144.802362]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1144.802374]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1144.802379] RIP: 0033:0x441419
[ 1144.802383] RSP: 002b:00007ffedc91df68 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1144.802392] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419
[ 1144.802396] RDX: 0000000000000000 RSI: 0000000020000840 RDI: ffffffffffffff9c
[ 1144.802401] RBP: 00000000006cb018 R08: 0000000000000004 R09: 00000000004002c8
[ 1144.802406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402190
[ 1144.802410] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000
[ 1144.802427] INFO: task syz-executor260:7083 blocked for more than 140 seconds.
[ 1144.802431]       Not tainted 4.14.157-syzkaller #0
[ 1144.802434] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1144.802437] syz-executor260 D28528  7083   7072 0x00000004
[ 1144.802454] Call Trace:
[ 1144.802464]  __schedule+0x7b8/0x1cd0
[ 1144.802476]  ? firmware_map_remove+0x196/0x196
[ 1144.802483]  ? __lock_acquire+0x5f7/0x4620
[ 1144.802493]  schedule+0x92/0x1c0
[ 1144.802502]  schedule_timeout+0x93b/0xe10
[ 1144.802508]  ? __down+0x158/0x290
[ 1144.802517]  ? find_held_lock+0x35/0x130
[ 1144.802524]  ? usleep_range+0x130/0x130
[ 1144.802530]  ? __down+0x158/0x290
[ 1144.802539]  ? save_trace+0x290/0x290
[ 1144.802550]  ? _raw_spin_unlock_irq+0x28/0x90
[ 1144.802559]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1144.802569]  __down+0x160/0x290
[ 1144.802579]  ? ww_mutex_lock+0xc0/0xc0
[ 1144.802593]  down+0x64/0x90
[ 1144.802601]  console_lock+0x28/0x80
[ 1144.802608]  do_fb_ioctl+0x36a/0x940
[ 1144.802615]  ? lock_downgrade+0x740/0x740
[ 1144.802622]  ? fb_read+0x520/0x520
[ 1144.802633]  ? avc_has_extended_perms+0x8ec/0xe40
[ 1144.802640]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.802651]  ? avc_ss_reset+0x110/0x110
[ 1144.802662]  ? follow_pfn+0x220/0x220
[ 1144.802670]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.802680]  ? do_wp_page+0x253/0x1250
[ 1144.802698]  ? __might_sleep+0x93/0xb0
[ 1144.802705]  ? save_trace+0x290/0x290
[ 1144.802716]  fb_ioctl+0xe6/0x130
[ 1144.802724]  ? do_fb_ioctl+0x940/0x940
[ 1144.802731]  do_vfs_ioctl+0x7ae/0x1060
[ 1144.802739]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1144.802749]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1144.802757]  ? lock_downgrade+0x740/0x740
[ 1144.802772]  ? security_file_ioctl+0x7d/0xb0
[ 1144.802778]  ? security_file_ioctl+0x89/0xb0
[ 1144.802789]  SyS_ioctl+0x8f/0xc0
[ 1144.802796]  ? do_vfs_ioctl+0x1060/0x1060
[ 1144.802805]  do_syscall_64+0x1e8/0x640
[ 1144.802812]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1144.802825]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1144.802830] RIP: 0033:0x441419
[ 1144.802834] RSP: 002b:00007ffedc91df68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1144.802847] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419
[ 1144.802852] RDX: 0000000020000180 RSI: 0000000000004601 RDI: 0000000000000003
[ 1144.802857] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
[ 1144.802861] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190
[ 1144.802866] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000
[ 1144.802882] 
[ 1144.802882] Showing all locks held in the system:
[ 1144.802892] 1 lock held by khungtaskd/1042:
[ 1144.802896]  #0:  (tasklist_lock){.+.+}, at: [<ffffffff8148a428>] debug_show_all_locks+0x7f/0x21f
[ 1144.802932] 1 lock held by rsyslogd/6923:
[ 1144.802935]  #0:  (&f->f_pos_lock){+.+.}, at: [<ffffffff8196407b>] __fdget_pos+0xab/0xd0
[ 1144.802955] 2 locks held by getty/7046:
[ 1144.802958]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff86614193>] ldsem_down_read+0x33/0x40
[ 1144.802975]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8348e086>] n_tty_read+0x1e6/0x17b0
[ 1144.803024] 2 locks held by getty/7047:
[ 1144.803027]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff86614193>] ldsem_down_read+0x33/0x40
[ 1144.803044]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8348e086>] n_tty_read+0x1e6/0x17b0
[ 1144.803063] 2 locks held by getty/7048:
[ 1144.803066]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff86614193>] ldsem_down_read+0x33/0x40
[ 1144.803083]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8348e086>] n_tty_read+0x1e6/0x17b0
[ 1144.803102] 2 locks held by getty/7049:
[ 1144.803105]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff86614193>] ldsem_down_read+0x33/0x40
[ 1144.803122]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8348e086>] n_tty_read+0x1e6/0x17b0
[ 1144.803141] 2 locks held by getty/7050:
[ 1144.803144]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff86614193>] ldsem_down_read+0x33/0x40
[ 1144.803161]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8348e086>] n_tty_read+0x1e6/0x17b0
[ 1144.803180] 2 locks held by getty/7051:
[ 1144.803182]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff86614193>] ldsem_down_read+0x33/0x40
[ 1144.803199]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8348e086>] n_tty_read+0x1e6/0x17b0
[ 1144.803218] 2 locks held by getty/7052:
[ 1144.803221]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff86614193>] ldsem_down_read+0x33/0x40
[ 1144.803238]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8348e086>] n_tty_read+0x1e6/0x17b0
[ 1144.803258] 1 lock held by syz-executor260/7081:
[ 1144.803260]  #0:  (&fb_info->lock){+.+.}, at: [<ffffffff83246fd7>] fb_open+0xb7/0x420
[ 1144.803279] 1 lock held by syz-executor260/7082:
[ 1144.803281]  #0:  (&fb_info->lock){+.+.}, at: [<ffffffff83246fd7>] fb_open+0xb7/0x420
[ 1144.803297] 
[ 1144.803300] =============================================
[ 1144.803300] 
[ 1144.803305] NMI backtrace for cpu 1
[ 1144.803313] CPU: 1 PID: 1042 Comm: khungtaskd Not tainted 4.14.157-syzkaller #0
[ 1144.803318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1144.803321] Call Trace:
[ 1144.803375]  dump_stack+0x142/0x197
[ 1144.803387]  nmi_cpu_backtrace.cold+0x57/0x94
[ 1144.803397]  ? irq_force_complete_move.cold+0x7d/0x7d
[ 1144.803406]  nmi_trigger_cpumask_backtrace+0x141/0x189
[ 1144.803416]  arch_trigger_cpumask_backtrace+0x14/0x20
[ 1144.803493]  watchdog+0x5e7/0xb90
[ 1144.803508]  kthread+0x319/0x430
[ 1144.803515]  ? hungtask_pm_notify+0x50/0x50
[ 1144.803522]  ? kthread_create_on_node+0xd0/0xd0
[ 1144.803531]  ret_from_fork+0x24/0x30
[ 1144.803548] Sending NMI from CPU 1 to CPUs 0:
[ 1144.804073] NMI backtrace for cpu 0
[ 1144.804077] CPU: 0 PID: 7078 Comm: syz-executor260 Not tainted 4.14.157-syzkaller #0
[ 1144.804080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1144.804083] task: ffff888071cac300 task.stack: ffff8880985b0000
[ 1144.804085] RIP: 0010:cfb_fillrect+0x3a2/0x720
[ 1144.804087] RSP: 0018:ffff8880985b72c0 EFLAGS: 00000297
[ 1144.804091] RAX: ffff888071cac300 RBX: ffff8880a5831540 RCX: 0000000000000006
[ 1144.804094] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000040
[ 1144.804096] RBP: ffff8880985b7320 R08: 0000000000001400 R09: 0000000000000040
[ 1144.804099] R10: ffffed1014bea1d3 R11: ffff8880a5f50e9f R12: ffff8880000a0000
[ 1144.804102] R13: 0000000000000000 R14: 0000000000001400 R15: 00000000332ec410
[ 1144.804104] FS:  00000000025c8880(0000) GS:ffff8880aec00000(0000) knlGS:0000000000000000
[ 1144.804107] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1144.804109] CR2: 0000000020000840 CR3: 000000007e9b3000 CR4: 00000000001406f0
[ 1144.804112] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1144.804115] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1144.804116] Call Trace:
[ 1144.804118]  ? cfb_fillrect+0x720/0x720
[ 1144.804120]  vga16fb_fillrect+0x618/0x1880
[ 1144.804122]  ? memcpy+0x46/0x50
[ 1144.804124]  bit_clear_margins+0x2d5/0x4f0
[ 1144.804125]  ? bit_bmove+0x240/0x240
[ 1144.804128]  ? efifb_probe.cold+0x1379/0x1379
[ 1144.804129]  fbcon_clear_margins+0x292/0x320
[ 1144.804131]  fbcon_switch+0xd38/0x1820
[ 1144.804133]  ? fbcon_set_def_font+0x360/0x360
[ 1144.804135]  ? fbcon_set_origin+0x21/0x50
[ 1144.804137]  ? fbcon_scrolldelta+0x1100/0x1100
[ 1144.804139]  ? set_origin+0x108/0x3c0
[ 1144.804141]  redraw_screen+0x335/0x7c0
[ 1144.804143]  ? con_flush_chars+0x90/0x90
[ 1144.804145]  ? fbcon_set_palette+0x203/0x5b0
[ 1144.804147]  fbcon_modechanged+0x59e/0x880
[ 1144.804149]  fbcon_event_notify+0x11f/0x17af
[ 1144.804150]  ? lock_acquire+0x16f/0x430
[ 1144.804152]  notifier_call_chain+0x111/0x1b0
[ 1144.804154]  blocking_notifier_call_chain+0x80/0xa0
[ 1144.804156]  fb_notifier_call_chain+0x25/0x30
[ 1144.804158]  fb_set_var+0xb09/0xcf0
[ 1144.804160]  ? fb_set_suspend+0x110/0x110
[ 1144.804162]  ? lock_acquire+0x16f/0x430
[ 1144.804164]  ? lock_fb_info+0x1f/0x80
[ 1144.804165]  ? lock_fb_info+0x1f/0x80
[ 1144.804167]  ? __mutex_lock+0x36a/0x1470
[ 1144.804169]  ? trace_hardirqs_on+0x10/0x10
[ 1144.804171]  ? lock_acquire+0x16f/0x430
[ 1144.804173]  ? __down+0x16b/0x290
[ 1144.804174]  ? mutex_trylock+0x1c0/0x1c0
[ 1144.804176]  ? down+0x70/0x90
[ 1144.804178]  ? mutex_lock_nested+0x16/0x20
[ 1144.804180]  ? mutex_lock_nested+0x16/0x20
[ 1144.804182]  do_fb_ioctl+0x3cc/0x940
[ 1144.804183]  ? fb_read+0x520/0x520
[ 1144.804186]  ? avc_has_extended_perms+0x8ec/0xe40
[ 1144.804187]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.804189]  ? avc_ss_reset+0x110/0x110
[ 1144.804191]  ? follow_pfn+0x220/0x220
[ 1144.804193]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.804195]  ? do_wp_page+0x253/0x1250
[ 1144.804197]  ? __might_sleep+0x93/0xb0
[ 1144.804198]  ? save_trace+0x290/0x290
[ 1144.804200]  fb_ioctl+0xe6/0x130
[ 1144.804202]  ? do_fb_ioctl+0x940/0x940
[ 1144.804204]  do_vfs_ioctl+0x7ae/0x1060
[ 1144.804206]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1144.804208]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1144.804210]  ? lock_downgrade+0x740/0x740
[ 1144.804212]  ? security_file_ioctl+0x7d/0xb0
[ 1144.804213]  ? security_file_ioctl+0x89/0xb0
[ 1144.804215]  SyS_ioctl+0x8f/0xc0
[ 1144.804217]  ? do_vfs_ioctl+0x1060/0x1060
[ 1144.804219]  do_syscall_64+0x1e8/0x640
[ 1144.804221]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1144.804223]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1144.804225] RIP: 0033:0x441419
[ 1144.804227] RSP: 002b:00007ffedc91df68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1144.804232] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419
[ 1144.804234] RDX: 0000000020000180 RSI: 0000000000004601 RDI: 0000000000000003
[ 1144.804237] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
[ 1144.804240] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190
[ 1144.804243] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000
[ 1144.804244] Code: bc f8 48 8b 45 a0 89 7d c0 44 0f af 75 a8 48 c1 e8 03 48 01 d0 48 89 45 b8 44 89 f8 4d 89 ef 41 89 c5 e8 32 b1 34 fe 0f b6 4d c0 <44> 89 e8 41 83 e5 3f 6a 00 41 b9 40 00 00 00 45 89 f0 44 89 ea 
[ 1144.804563] Kernel panic - not syncing: hung_task: blocked tasks
[ 1144.804570] CPU: 1 PID: 1042 Comm: khungtaskd Not tainted 4.14.157-syzkaller #0
[ 1144.804575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1144.804577] Call Trace:
[ 1144.804585]  dump_stack+0x142/0x197
[ 1144.804596]  panic+0x1f9/0x42d
[ 1144.804603]  ? add_taint.cold+0x16/0x16
[ 1144.804614]  ? irq_force_complete_move.cold+0x7d/0x7d
[ 1144.804626]  watchdog+0x5f8/0xb90
[ 1144.804640]  kthread+0x319/0x430
[ 1144.804646]  ? hungtask_pm_notify+0x50/0x50
[ 1144.804653]  ? kthread_create_on_node+0xd0/0xd0
[ 1144.804661]  ret_from_fork+0x24/0x30
[ 1144.806432] Kernel Offset: disabled