[ 35.711787] audit: type=1800 audit(1585502893.757:33): pid=7168 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 35.733781] audit: type=1800 audit(1585502893.757:34): pid=7168 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 36.983869] random: sshd: uninitialized urandom read (32 bytes read) [ 37.335836] audit: type=1400 audit(1585502895.377:35): avc: denied { map } for pid=7343 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 37.386340] random: sshd: uninitialized urandom read (32 bytes read) [ 38.134739] random: sshd: uninitialized urandom read (32 bytes read) [ 925.568348] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.60' (ECDSA) to the list of known hosts. [ 931.169984] random: sshd: uninitialized urandom read (32 bytes read) executing program executing program executing program executing program executing program executing program [ 931.293776] audit: type=1400 audit(1585503789.337:36): avc: denied { map } for pid=7356 comm="syz-executor880" path="/root/syz-executor880832074" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 1144.800226] INFO: task syz-executor880:7363 blocked for more than 140 seconds. [ 1144.800234] Not tainted 4.14.174-syzkaller #0 [ 1144.800238] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.800242] syz-executor880 D28688 7363 7362 0x00000004 [ 1144.800336] Call Trace: [ 1144.800456] ? __schedule+0x7b8/0x1ca0 [ 1144.800494] ? lock_acquire+0x170/0x3f0 [ 1144.800506] ? __sched_text_start+0x8/0x8 [ 1144.800520] schedule+0x8d/0x1b0 [ 1144.800528] schedule_timeout+0x946/0xe40 [ 1144.800539] ? usleep_range+0x130/0x130 [ 1144.800547] ? find_held_lock+0x2d/0x110 [ 1144.800555] ? __down+0x158/0x290 [ 1144.800568] ? lock_downgrade+0x6e0/0x6e0 [ 1144.800577] ? _raw_spin_unlock_irq+0x24/0x80 [ 1144.800589] __down+0x160/0x290 [ 1144.800600] ? ww_mutex_lock+0xb0/0xb0 [ 1144.800607] ? down+0xd/0x80 [ 1144.800621] down+0x57/0x80 [ 1144.800648] console_lock+0x24/0x70 [ 1144.800677] do_fb_ioctl+0x36a/0x940 [ 1144.800685] ? lock_downgrade+0x6e0/0x6e0 [ 1144.800693] ? fb_read+0x520/0x520 [ 1144.800725] ? avc_has_extended_perms+0x802/0xd40 [ 1144.800735] ? lock_downgrade+0x6e0/0x6e0 [ 1144.800787] ? pud_val+0xd0/0xd0 [ 1144.800794] ? avc_ss_reset+0x100/0x100 [ 1144.800803] ? put_page+0x88/0x1b0 [ 1144.800811] ? wp_page_copy+0x9d4/0x1300 [ 1144.800823] ? follow_pfn+0x200/0x200 [ 1144.800848] fb_ioctl+0xdd/0x130 [ 1144.800855] ? do_fb_ioctl+0x940/0x940 [ 1144.800887] do_vfs_ioctl+0x75a/0xfe0 [ 1144.800896] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1144.800906] ? ioctl_preallocate+0x1a0/0x1a0 [ 1144.800918] ? lock_downgrade+0x6e0/0x6e0 [ 1144.800948] ? security_file_ioctl+0x76/0xb0 [ 1144.800956] ? security_file_ioctl+0x83/0xb0 [ 1144.800966] SyS_ioctl+0x7f/0xb0 [ 1144.800974] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1144.800990] do_syscall_64+0x1d5/0x640 [ 1144.801004] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.801011] RIP: 0033:0x441419 [ 1144.801016] RSP: 002b:00007ffcd78b0b38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1144.801025] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419 [ 1144.801030] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003 [ 1144.801036] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 1144.801041] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190 [ 1144.801045] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000 [ 1144.801063] INFO: task syz-executor880:7365 blocked for more than 140 seconds. [ 1144.801068] Not tainted 4.14.174-syzkaller #0 [ 1144.801072] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.801076] syz-executor880 D28688 7365 7358 0x00000004 [ 1144.801092] Call Trace: [ 1144.801104] ? __schedule+0x7b8/0x1ca0 [ 1144.801111] ? lock_acquire+0x170/0x3f0 [ 1144.801124] ? __sched_text_start+0x8/0x8 [ 1144.801136] schedule+0x8d/0x1b0 [ 1144.801144] schedule_timeout+0x946/0xe40 [ 1144.801154] ? usleep_range+0x130/0x130 [ 1144.801162] ? find_held_lock+0x2d/0x110 [ 1144.801170] ? __down+0x158/0x290 [ 1144.801182] ? lock_downgrade+0x6e0/0x6e0 [ 1144.801191] ? _raw_spin_unlock_irq+0x24/0x80 [ 1144.801202] __down+0x160/0x290 [ 1144.801213] ? ww_mutex_lock+0xb0/0xb0 [ 1144.801219] ? down+0xd/0x80 [ 1144.801233] down+0x57/0x80 [ 1144.801240] console_lock+0x24/0x70 [ 1144.801247] do_fb_ioctl+0x36a/0x940 [ 1144.801254] ? lock_downgrade+0x6e0/0x6e0 [ 1144.801262] ? fb_read+0x520/0x520 [ 1144.801272] ? avc_has_extended_perms+0x802/0xd40 [ 1144.801282] ? lock_downgrade+0x6e0/0x6e0 [ 1144.801290] ? pud_val+0xd0/0xd0 [ 1144.801297] ? avc_ss_reset+0x100/0x100 [ 1144.801312] ? put_page+0x88/0x1b0 [ 1144.801319] ? wp_page_copy+0x9d4/0x1300 [ 1144.801340] ? follow_pfn+0x200/0x200 [ 1144.801366] fb_ioctl+0xdd/0x130 [ 1144.801373] ? do_fb_ioctl+0x940/0x940 [ 1144.801381] do_vfs_ioctl+0x75a/0xfe0 [ 1144.801392] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1144.801402] ? ioctl_preallocate+0x1a0/0x1a0 [ 1144.801419] ? lock_downgrade+0x6e0/0x6e0 [ 1144.801430] ? security_file_ioctl+0x76/0xb0 [ 1144.801443] ? security_file_ioctl+0x83/0xb0 [ 1144.801454] SyS_ioctl+0x7f/0xb0 [ 1144.801461] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1144.801471] do_syscall_64+0x1d5/0x640 [ 1144.801483] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.801489] RIP: 0033:0x441419 [ 1144.801493] RSP: 002b:00007ffcd78b0b38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1144.801502] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419 [ 1144.801507] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003 [ 1144.801511] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 1144.801516] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190 [ 1144.801521] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000 [ 1144.801537] INFO: task syz-executor880:7366 blocked for more than 140 seconds. [ 1144.801541] Not tainted 4.14.174-syzkaller #0 [ 1144.801545] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.801548] syz-executor880 D28688 7366 7361 0x00000004 [ 1144.801565] Call Trace: [ 1144.801576] ? __schedule+0x7b8/0x1ca0 [ 1144.801583] ? lock_acquire+0x170/0x3f0 [ 1144.801595] ? __sched_text_start+0x8/0x8 [ 1144.801608] schedule+0x8d/0x1b0 [ 1144.801616] schedule_timeout+0x946/0xe40 [ 1144.801626] ? usleep_range+0x130/0x130 [ 1144.801633] ? find_held_lock+0x2d/0x110 [ 1144.801641] ? __down+0x158/0x290 [ 1144.801654] ? lock_downgrade+0x6e0/0x6e0 [ 1144.801662] ? _raw_spin_unlock_irq+0x24/0x80 [ 1144.801674] __down+0x160/0x290 [ 1144.801684] ? ww_mutex_lock+0xb0/0xb0 [ 1144.801690] ? down+0xd/0x80 [ 1144.801704] down+0x57/0x80 [ 1144.801712] console_lock+0x24/0x70 [ 1144.801718] do_fb_ioctl+0x36a/0x940 [ 1144.801725] ? lock_downgrade+0x6e0/0x6e0 [ 1144.801733] ? fb_read+0x520/0x520 [ 1144.801743] ? avc_has_extended_perms+0x802/0xd40 [ 1144.801753] ? lock_downgrade+0x6e0/0x6e0 [ 1144.801761] ? pud_val+0xd0/0xd0 [ 1144.801769] ? avc_ss_reset+0x100/0x100 [ 1144.801778] ? put_page+0x88/0x1b0 [ 1144.801785] ? wp_page_copy+0x9d4/0x1300 [ 1144.801797] ? follow_pfn+0x200/0x200 [ 1144.801823] fb_ioctl+0xdd/0x130 [ 1144.801829] ? do_fb_ioctl+0x940/0x940 [ 1144.801837] do_vfs_ioctl+0x75a/0xfe0 [ 1144.801845] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1144.801855] ? ioctl_preallocate+0x1a0/0x1a0 [ 1144.801867] ? lock_downgrade+0x6e0/0x6e0 [ 1144.801878] ? security_file_ioctl+0x76/0xb0 [ 1144.801886] ? security_file_ioctl+0x83/0xb0 [ 1144.801896] SyS_ioctl+0x7f/0xb0 [ 1144.801903] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1144.801912] do_syscall_64+0x1d5/0x640 [ 1144.801925] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.801930] RIP: 0033:0x441419 [ 1144.801935] RSP: 002b:00007ffcd78b0b38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1144.801943] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419 [ 1144.801948] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003 [ 1144.801952] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 1144.801957] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190 [ 1144.801962] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000 [ 1144.801978] INFO: task syz-executor880:7367 blocked for more than 140 seconds. [ 1144.801982] Not tainted 4.14.174-syzkaller #0 [ 1144.801985] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.801989] syz-executor880 D28688 7367 7359 0x00000004 [ 1144.802004] Call Trace: [ 1144.802016] ? __schedule+0x7b8/0x1ca0 [ 1144.802023] ? __mutex_lock+0x737/0x1470 [ 1144.802035] ? __sched_text_start+0x8/0x8 [ 1144.802043] ? lock_downgrade+0x6e0/0x6e0 [ 1144.802054] schedule+0x8d/0x1b0 [ 1144.802063] schedule_preempt_disabled+0xf/0x20 [ 1144.802071] __mutex_lock+0x73c/0x1470 [ 1144.802079] ? get_fb_info.part.0+0x5f/0x70 [ 1144.802088] ? fb_open+0xb7/0x400 [ 1144.802099] ? mutex_trylock+0x1a0/0x1a0 [ 1144.802111] ? __mutex_unlock_slowpath+0x75/0x780 [ 1144.802118] ? find_held_lock+0x2d/0x110 [ 1144.802133] ? fb_open+0xb7/0x400 [ 1144.802139] fb_open+0xb7/0x400 [ 1144.802148] ? get_fb_info.part.0+0x70/0x70 [ 1144.802156] chrdev_open+0x1fc/0x540 [ 1144.802165] ? cdev_put.part.0+0x50/0x50 [ 1144.802202] do_dentry_open+0x732/0xe90 [ 1144.802211] ? cdev_put.part.0+0x50/0x50 [ 1144.802219] ? __inode_permission+0x7c/0x300 [ 1144.802229] vfs_open+0x105/0x220 [ 1144.802240] path_openat+0x8ca/0x3c50 [ 1144.802259] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 1144.802275] do_filp_open+0x18e/0x250 [ 1144.802284] ? may_open_dev+0xe0/0xe0 [ 1144.802304] ? lock_downgrade+0x6e0/0x6e0 [ 1144.802314] ? do_raw_spin_unlock+0x164/0x250 [ 1144.802347] ? __alloc_fd+0x1bf/0x490 [ 1144.802361] do_sys_open+0x29d/0x3f0 [ 1144.802371] ? filp_open+0x60/0x60 [ 1144.802380] ? __do_page_fault+0x35b/0xb40 [ 1144.802388] ? do_syscall_64+0x4c/0x640 [ 1144.802396] ? SyS_open+0x30/0x30 [ 1144.802405] do_syscall_64+0x1d5/0x640 [ 1144.802418] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.802424] RIP: 0033:0x441419 [ 1144.802428] RSP: 002b:00007ffcd78b0b38 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1144.802436] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419 [ 1144.802441] RDX: 0000000000000000 RSI: 0000000020000180 RDI: ffffffffffffff9c [ 1144.802446] RBP: 00000000006cb018 R08: 0000000000000004 R09: 00000000004002c8 [ 1144.802451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402190 [ 1144.802455] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000 [ 1144.802472] INFO: task syz-executor880:7368 blocked for more than 140 seconds. [ 1144.802476] Not tainted 4.14.174-syzkaller #0 [ 1144.802479] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.802483] syz-executor880 D28688 7368 7357 0x00000004 [ 1144.802498] Call Trace: [ 1144.802510] ? __schedule+0x7b8/0x1ca0 [ 1144.802518] ? __mutex_lock+0x737/0x1470 [ 1144.802529] ? __sched_text_start+0x8/0x8 [ 1144.802537] ? lock_downgrade+0x6e0/0x6e0 [ 1144.802548] schedule+0x8d/0x1b0 [ 1144.802557] schedule_preempt_disabled+0xf/0x20 [ 1144.802565] __mutex_lock+0x73c/0x1470 [ 1144.802572] ? get_fb_info.part.0+0x5f/0x70 [ 1144.802581] ? fb_open+0xb7/0x400 [ 1144.802592] ? mutex_trylock+0x1a0/0x1a0 [ 1144.802604] ? __mutex_unlock_slowpath+0x75/0x780 [ 1144.802610] ? find_held_lock+0x2d/0x110 [ 1144.802626] ? fb_open+0xb7/0x400 [ 1144.802632] fb_open+0xb7/0x400 [ 1144.802641] ? get_fb_info.part.0+0x70/0x70 [ 1144.802648] chrdev_open+0x1fc/0x540 [ 1144.802657] ? cdev_put.part.0+0x50/0x50 [ 1144.802669] do_dentry_open+0x732/0xe90 [ 1144.802678] ? cdev_put.part.0+0x50/0x50 [ 1144.802686] ? __inode_permission+0x7c/0x300 [ 1144.802696] vfs_open+0x105/0x220 [ 1144.802707] path_openat+0x8ca/0x3c50 [ 1144.802726] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 1144.802742] do_filp_open+0x18e/0x250 [ 1144.802751] ? may_open_dev+0xe0/0xe0 [ 1144.802765] ? lock_downgrade+0x6e0/0x6e0 [ 1144.802776] ? do_raw_spin_unlock+0x164/0x250 [ 1144.802785] ? __alloc_fd+0x1bf/0x490 [ 1144.802799] do_sys_open+0x29d/0x3f0 [ 1144.802809] ? filp_open+0x60/0x60 [ 1144.802817] ? __do_page_fault+0x35b/0xb40 [ 1144.802825] ? do_syscall_64+0x4c/0x640 [ 1144.802832] ? SyS_open+0x30/0x30 [ 1144.802841] do_syscall_64+0x1d5/0x640 [ 1144.802854] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.802859] RIP: 0033:0x441419 [ 1144.802864] RSP: 002b:00007ffcd78b0b38 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1144.802872] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419 [ 1144.802876] RDX: 0000000000000000 RSI: 0000000020000180 RDI: ffffffffffffff9c [ 1144.802881] RBP: 00000000006cb018 R08: 0000000000000004 R09: 00000000004002c8 [ 1144.802886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402190 [ 1144.802890] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000 [ 1144.802905] [ 1144.802905] Showing all locks held in the system: [ 1144.802914] 1 lock held by khungtaskd/1056: [ 1144.802918] #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7c/0x21a [ 1144.802954] 1 lock held by rsyslogd/7208: [ 1144.802956] #0: (&f->f_pos_lock){+.+.}, at: [] __fdget_pos+0xa6/0xc0 [ 1144.802976] 2 locks held by getty/7330: [ 1144.802979] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 1144.803036] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e4/0x16f0 [ 1144.803057] 2 locks held by getty/7331: [ 1144.803059] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 1144.803077] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e4/0x16f0 [ 1144.803097] 2 locks held by getty/7332: [ 1144.803099] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 1144.803118] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e4/0x16f0 [ 1144.803137] 2 locks held by getty/7333: [ 1144.803140] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 1144.803158] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e4/0x16f0 [ 1144.803177] 2 locks held by getty/7334: [ 1144.803180] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 1144.803198] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e4/0x16f0 [ 1144.803217] 2 locks held by getty/7335: [ 1144.803220] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 1144.803238] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e4/0x16f0 [ 1144.803257] 2 locks held by getty/7336: [ 1144.803260] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 1144.803278] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e4/0x16f0 [ 1144.803299] 1 lock held by syz-executor880/7367: [ 1144.803302] #0: (&fb_info->lock){+.+.}, at: [] fb_open+0xb7/0x400 [ 1144.803320] 1 lock held by syz-executor880/7368: [ 1144.803323] #0: (&fb_info->lock){+.+.}, at: [] fb_open+0xb7/0x400 [ 1144.803344] [ 1144.803347] ============================================= [ 1144.803347] [ 1144.803351] NMI backtrace for cpu 1 [ 1144.803358] CPU: 1 PID: 1056 Comm: khungtaskd Not tainted 4.14.174-syzkaller #0 [ 1144.803363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1144.803366] Call Trace: [ 1144.803412] dump_stack+0x13e/0x194 [ 1144.803424] nmi_cpu_backtrace.cold+0x57/0x93 [ 1144.803435] ? irq_force_complete_move.cold+0x7b/0x7b [ 1144.803443] nmi_trigger_cpumask_backtrace+0x139/0x17e [ 1144.803471] watchdog+0x5e2/0xb80 [ 1144.803502] ? kthread_flush_work_fn+0x20/0x20 [ 1144.803511] ? hungtask_pm_notify+0x50/0x50 [ 1144.803520] kthread+0x30d/0x420 [ 1144.803527] ? kthread_create_on_node+0xd0/0xd0 [ 1144.803536] ret_from_fork+0x24/0x30 [ 1144.803552] Sending NMI from CPU 1 to CPUs 0: [ 1144.804095] NMI backtrace for cpu 0 [ 1144.804099] CPU: 0 PID: 7364 Comm: syz-executor880 Not tainted 4.14.174-syzkaller #0 [ 1144.804103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1144.804106] task: ffff8880a132a140 task.stack: ffff8880a4120000 [ 1144.804108] RIP: 0010:__sanitizer_cov_trace_pc+0x23/0x50 [ 1144.804111] RSP: 0018:ffff8880a4127310 EFLAGS: 00000246 [ 1144.804115] RAX: ffff8880a132a140 RBX: ffff8880000a0240 RCX: 0000000000000000 [ 1144.804118] RDX: 0000000000000000 RSI: ffff8880000a0000 RDI: 0000000000001400 [ 1144.804121] RBP: 0000000000000050 R08: 0000000000001400 R09: 0000000000000040 [ 1144.804124] R10: ffffed1043241ecb R11: ffff88821920f65f R12: ffff8880000a0280 [ 1144.804127] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1144.804131] FS: 0000000000dbe880(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000 [ 1144.804133] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1144.804136] CR2: 0000000020000180 CR3: 00000000996e8000 CR4: 00000000001406f0 [ 1144.804139] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1144.804142] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1144.804144] Call Trace: [ 1144.804146] bitfill_aligned+0xd4/0x190 [ 1144.804148] cfb_fillrect+0x3d5/0x720 [ 1144.804150] ? cfb_fillrect+0x720/0x720 [ 1144.804152] vga16fb_fillrect+0x61e/0x1880 [ 1144.804154] ? fb_copy_cmap+0x28e/0x350 [ 1144.804156] ? vga16fb_setcolreg+0xfe/0x360 [ 1144.804158] bit_clear_margins+0x2a4/0x480 [ 1144.804160] ? bit_bmove+0x1e0/0x1e0 [ 1144.804162] fbcon_clear_margins+0x285/0x310 [ 1144.804164] fbcon_switch+0xcdf/0x1780 [ 1144.804166] ? kasan_kmalloc+0xbf/0xe0 [ 1144.804168] ? fbcon_set_def_font+0x370/0x370 [ 1144.804170] ? fbcon_cursor+0x4be/0x690 [ 1144.804172] ? bit_clear+0x460/0x460 [ 1144.804174] ? fbcon_set_origin+0x1c/0x40 [ 1144.804176] ? fbcon_scrolldelta+0x10c0/0x10c0 [ 1144.804178] redraw_screen+0x331/0x770 [ 1144.804180] ? con_flush_chars+0x80/0x80 [ 1144.804182] ? fbcon_set_palette+0x470/0x590 [ 1144.804185] fbcon_modechanged+0x59d/0x890 [ 1144.804187] fbcon_event_notify+0x11a/0x1746 [ 1144.804189] ? lock_acquire+0x170/0x3f0 [ 1144.804191] notifier_call_chain+0x107/0x1a0 [ 1144.804193] blocking_notifier_call_chain+0x79/0x90 [ 1144.804195] fb_set_var+0xaad/0xc70 [ 1144.804197] ? fb_set_suspend+0x110/0x110 [ 1144.804199] ? lock_acquire+0x170/0x3f0 [ 1144.804201] ? lock_fb_info+0x1a/0x70 [ 1144.804203] ? lock_fb_info+0x1a/0x70 [ 1144.804205] ? __mutex_lock+0x36a/0x1470 [ 1144.804207] ? trace_hardirqs_on+0x10/0x10 [ 1144.804210] ? mutex_trylock+0x1a0/0x1a0 [ 1144.804212] ? do_fb_ioctl+0x36a/0x940 [ 1144.804214] do_fb_ioctl+0x3cc/0x940 [ 1144.804216] ? lock_downgrade+0x6e0/0x6e0 [ 1144.804217] ? fb_read+0x520/0x520 [ 1144.804220] ? avc_has_extended_perms+0x802/0xd40 [ 1144.804222] ? lock_downgrade+0x6e0/0x6e0 [ 1144.804224] ? pud_val+0xd0/0xd0 [ 1144.804225] ? avc_ss_reset+0x100/0x100 [ 1144.804227] ? put_page+0x88/0x1b0 [ 1144.804229] ? wp_page_copy+0x9d4/0x1300 [ 1144.804231] ? follow_pfn+0x200/0x200 [ 1144.804233] fb_ioctl+0xdd/0x130 [ 1144.804235] ? do_fb_ioctl+0x940/0x940 [ 1144.804237] do_vfs_ioctl+0x75a/0xfe0 [ 1144.804239] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1144.804241] ? ioctl_preallocate+0x1a0/0x1a0 [ 1144.804243] ? lock_downgrade+0x6e0/0x6e0 [ 1144.804245] ? security_file_ioctl+0x76/0xb0 [ 1144.804247] ? security_file_ioctl+0x83/0xb0 [ 1144.804249] SyS_ioctl+0x7f/0xb0 [ 1144.804251] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1144.804253] do_syscall_64+0x1d5/0x640 [ 1144.804256] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.804257] RIP: 0033:0x441419 [ 1144.804260] RSP: 002b:00007ffcd78b0b38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1144.804265] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419 [ 1144.804267] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003 [ 1144.804270] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 1144.804273] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190 [ 1144.804277] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000 [ 1144.804278] Code: 00 00 e9 be ed ff ff 90 65 48 8b 04 25 40 ee 01 00 48 85 c0 74 1a 65 8b 15 3b a6 a7 7e 81 e2 00 01 1f 00 75 0b 8b 90 50 13 00 00 <83> fa 01 74 01 c3 48 8b 34 24 48 8b 88 58 13 00 00 8b 80 54 13 [ 1144.804567] Kernel panic - not syncing: hung_task: blocked tasks [ 1144.804574] CPU: 1 PID: 1056 Comm: khungtaskd Not tainted 4.14.174-syzkaller #0 [ 1144.804578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1144.804581] Call Trace: [ 1144.804589] dump_stack+0x13e/0x194 [ 1144.804623] panic+0x1f9/0x42d [ 1144.804630] ? add_taint.cold+0x16/0x16 [ 1144.804660] ? printk_safe_flush+0xac/0x110 [ 1144.804672] watchdog+0x5f3/0xb80 [ 1144.804680] ? kthread_flush_work_fn+0x20/0x20 [ 1144.804689] ? hungtask_pm_notify+0x50/0x50 [ 1144.804697] kthread+0x30d/0x420 [ 1144.804704] ? kthread_create_on_node+0xd0/0xd0 [ 1144.804713] ret_from_fork+0x24/0x30 [ 1144.806664] Kernel Offset: disabled