[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.43' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 628.794842] block nbd0: shutting down sockets [ 858.015212] INFO: task syz-executor597:7978 blocked for more than 140 seconds. [ 858.022793] Not tainted 4.14.232-syzkaller #0 [ 858.029084] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 858.037095] syz-executor597 D28640 7978 7977 0x80000006 [ 858.042709] Call Trace: [ 858.045336] __schedule+0x88b/0x1de0 [ 858.049093] ? io_schedule_timeout+0x140/0x140 [ 858.053677] ? lock_downgrade+0x740/0x740 [ 858.057871] schedule+0x8d/0x1b0 [ 858.061237] schedule_preempt_disabled+0xf/0x20 [ 858.065944] __mutex_lock+0x669/0x1310 [ 858.069921] ? blkdev_put+0x27/0x4c0 [ 858.073631] ? locks_remove_file+0x2c8/0x420 [ 858.078094] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 858.083550] ? lock_downgrade+0x740/0x740 [ 858.087774] ? _raw_spin_unlock+0x29/0x40 [ 858.091947] ? locks_remove_file+0x2cd/0x420 [ 858.096410] ? blkdev_put+0x4c0/0x4c0 [ 858.100234] blkdev_put+0x27/0x4c0 [ 858.103765] ? blkdev_put+0x4c0/0x4c0 [ 858.107638] blkdev_close+0x86/0xb0 [ 858.111281] __fput+0x25f/0x7a0 [ 858.114544] task_work_run+0x11f/0x190 [ 858.119108] do_exit+0xa44/0x2850 [ 858.122567] ? __mutex_unlock_slowpath+0x75/0x770 [ 858.127458] ? wait_for_completion_io+0x10/0x10 [ 858.132133] ? mm_update_next_owner+0x5b0/0x5b0 [ 858.136952] ? get_signal+0x323/0x1ca0 [ 858.140910] ? lock_acquire+0x170/0x3f0 [ 858.144863] ? lock_downgrade+0x740/0x740 [ 858.149048] do_group_exit+0x100/0x2e0 [ 858.152933] get_signal+0x38d/0x1ca0 [ 858.156713] do_signal+0x7c/0x1550 [ 858.160251] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 858.165410] ? debug_check_no_obj_freed+0x2c0/0x680 [ 858.170439] ? setup_sigcontext+0x820/0x820 [ 858.174761] ? block_ioctl+0xd9/0x120 [ 858.178607] ? blkdev_fallocate+0x3a0/0x3a0 [ 858.182940] ? do_vfs_ioctl+0xe2/0xff0 [ 858.186857] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 858.192308] ? ioctl_preallocate+0x1a0/0x1a0 [ 858.196772] ? kmem_cache_free+0x23a/0x2b0 [ 858.201023] ? putname+0xcd/0x110 [ 858.204455] ? do_sys_open+0x208/0x410 [ 858.208418] ? exit_to_usermode_loop+0x41/0x200 [ 858.213088] exit_to_usermode_loop+0x160/0x200 [ 858.217738] ? SyS_ioctl+0x5c/0xb0 [ 858.221279] do_syscall_64+0x4a3/0x640 [ 858.225248] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 858.230449] RIP: 0033:0x444249 [ 858.233631] RSP: 002b:00007ffed11a2ac8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 858.241393] RAX: fffffffffffffe00 RBX: 00000000004004a0 RCX: 0000000000444249 [ 858.248731] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000006 [ 858.256057] RBP: 0000000000000000 R08: 00007ffed11a2c68 R09: 00007ffed11a2c68 [ 858.263316] R10: 002364626e2f7665 R11: 0000000000000246 R12: 0000000000403560 [ 858.270620] R13: 431bde82d7b634db R14: 00000000004b2018 R15: 00000000004004a0 [ 858.277988] INFO: task systemd-udevd:7982 blocked for more than 140 seconds. [ 858.285227] Not tainted 4.14.232-syzkaller #0 [ 858.290229] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 858.298254] systemd-udevd D27464 7982 4628 0x00000104 [ 858.303900] Call Trace: [ 858.306578] __schedule+0x88b/0x1de0 [ 858.310309] ? io_schedule_timeout+0x140/0x140 [ 858.314887] ? mark_held_locks+0xa6/0xf0 [ 858.318999] schedule+0x8d/0x1b0 [ 858.322378] io_schedule+0xb5/0x120 [ 858.326060] wait_on_page_bit+0x241/0x320 [ 858.330211] ? wake_page_function+0x180/0x180 [ 858.334687] ? __lru_cache_add+0x178/0x250 [ 858.338975] ? __bread_gfp+0x2e0/0x2e0 [ 858.342861] ? add_to_page_cache_lru+0x2b0/0x2b0 [ 858.347663] ? alloc_pages_current+0x15d/0x260 [ 858.352267] do_read_cache_page+0x55f/0xc10 [ 858.356639] ? blkdev_writepages+0xd0/0xd0 [ 858.360889] read_dev_sector+0xbd/0x3c0 [ 858.364843] adfspart_check_ICS+0xf6/0xc00 [ 858.369128] ? pointer+0x9e0/0x9e0 [ 858.372670] ? adfspart_check_ADFS+0x7d0/0x7d0 [ 858.377299] ? snprintf+0xa5/0xd0 [ 858.380747] ? vsprintf+0x30/0x30 [ 858.384178] ? __get_vm_area_node+0x27d/0x340 [ 858.388721] ? adfspart_check_ADFS+0x7d0/0x7d0 [ 858.393301] ? adfspart_check_ADFS+0x7d0/0x7d0 [ 858.397924] check_partition+0x330/0x610 [ 858.401985] rescan_partitions+0x192/0x800 [ 858.406261] ? nbd_open+0x18d/0x380 [ 858.409886] ? nbd_alloc_config+0x150/0x150 [ 858.414205] __blkdev_get+0xd7f/0x1090 [ 858.418137] ? lookup_fast+0x430/0xe30 [ 858.422030] ? sb_min_blocksize+0x1d0/0x1d0 [ 858.426411] ? fsnotify+0x974/0x11b0 [ 858.430121] blkdev_get+0x88/0x890 [ 858.433657] ? __blkdev_get+0x1090/0x1090 [ 858.437974] ? lock_downgrade+0x740/0x740 [ 858.442135] ? do_raw_spin_unlock+0x164/0x220 [ 858.446670] ? _raw_spin_unlock+0x29/0x40 [ 858.450819] blkdev_open+0x1cc/0x250 [ 858.454523] ? security_file_open+0x82/0x190 [ 858.458985] do_dentry_open+0x44b/0xec0 [ 858.462984] ? blkdev_get_by_dev+0x70/0x70 [ 858.467255] vfs_open+0x105/0x220 [ 858.470708] path_openat+0x628/0x2970 [ 858.474491] ? path_lookupat+0x780/0x780 [ 858.478605] ? trace_hardirqs_on+0x10/0x10 [ 858.482852] ? lock_downgrade+0x740/0x740 [ 858.487048] do_filp_open+0x179/0x3c0 [ 858.490860] ? may_open_dev+0xe0/0xe0 [ 858.494647] ? lock_downgrade+0x740/0x740 [ 858.498840] ? do_raw_spin_unlock+0x164/0x220 [ 858.503334] ? _raw_spin_unlock+0x29/0x40 [ 858.507533] ? __alloc_fd+0x1be/0x490 [ 858.511332] do_sys_open+0x296/0x410 [ 858.515085] ? filp_open+0x60/0x60 [ 858.518647] ? do_syscall_64+0x4c/0x640 [ 858.522624] ? do_sys_open+0x410/0x410 [ 858.526544] do_syscall_64+0x1d5/0x640 [ 858.530438] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 858.535688] RIP: 0033:0x7fb50ad3f840 [ 858.539480] RSP: 002b:00007ffd73032618 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 858.547230] RAX: ffffffffffffffda RBX: 0000555e2dc8f880 RCX: 00007fb50ad3f840 [ 858.554491] RDX: 0000555e2c0b4fe3 RSI: 00000000000a0800 RDI: 0000555e2dc91210 [ 858.561843] RBP: 00007ffd73032790 R08: 0000555e2c0b4670 R09: 0000000000000010 [ 858.569186] R10: 0000555e2c0b4d0c R11: 0000000000000246 R12: 00007ffd730326e0 [ 858.576525] R13: 0000555e2dc92070 R14: 0000000000000003 R15: 000000000000000e [ 858.583824] [ 858.583824] Showing all locks held in the system: [ 858.590206] 1 lock held by khungtaskd/1533: [ 858.594586] #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7c/0x21a [ 858.603879] 1 lock held by syz-executor597/7978: [ 858.608704] #0: (&bdev->bd_mutex){+.+.}, at: [] blkdev_put+0x27/0x4c0 [ 858.617128] 1 lock held by systemd-udevd/7982: [ 858.621717] #0: (&bdev->bd_mutex){+.+.}, at: [] __blkdev_get+0x191/0x1090 [ 858.630491] [ 858.632114] ============================================= [ 858.632114] [ 858.639193] NMI backtrace for cpu 0 [ 858.642811] CPU: 0 PID: 1533 Comm: khungtaskd Not tainted 4.14.232-syzkaller #0 [ 858.650237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 858.659571] Call Trace: [ 858.662156] dump_stack+0x1b2/0x281 [ 858.665799] nmi_cpu_backtrace.cold+0x57/0x93 [ 858.670273] ? irq_force_complete_move+0x350/0x350 [ 858.675258] nmi_trigger_cpumask_backtrace+0x13a/0x180 [ 858.680537] watchdog+0x5b9/0xb40 [ 858.683984] ? hungtask_pm_notify+0x50/0x50 [ 858.688289] kthread+0x30d/0x420 [ 858.691635] ? kthread_create_on_node+0xd0/0xd0 [ 858.696289] ret_from_fork+0x24/0x30 [ 858.700081] Sending NMI from CPU 0 to CPUs 1: [ 858.705225] NMI backtrace for cpu 1 [ 858.705229] CPU: 1 PID: 4617 Comm: systemd-journal Not tainted 4.14.232-syzkaller #0 [ 858.705234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 858.705237] task: ffff8880a1abc680 task.stack: ffff8880a1ac0000 [ 858.705239] RIP: 0010:__orc_find+0x86/0xf0 [ 858.705242] RSP: 0018:ffff8880a1ac7820 EFLAGS: 00000083 [ 858.705247] RAX: ffffffff818a2c68 RBX: ffffffff8a19af54 RCX: ffffffff818a2c7c [ 858.705251] RDX: 0000000000000000 RSI: ffffffff8a731830 RDI: ffffffff8a19af44 [ 858.705262] RBP: ffffffff8a19af44 R08: ffffffff8a731830 R09: ffffffff8a7318a8 [ 858.705266] R10: 00000000000212bc R11: 0000000000066071 R12: ffffffff8a19af64 [ 858.705270] R13: ffffffff8a19af44 R14: ffffffff8a19af44 R15: dffffc0000000000 [ 858.705273] FS: 00007f0d44cde8c0(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 [ 858.705277] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 858.705280] CR2: 00007f0d42023000 CR3: 00000000a19bc000 CR4: 00000000001406e0 [ 858.705284] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 858.705287] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 858.705289] Call Trace: [ 858.705292] unwind_next_frame+0x59a/0x17d0 [ 858.705294] ? kmem_cache_free+0x7c/0x2b0 [ 858.705297] ? deref_stack_reg+0x1a0/0x1a0 [ 858.705299] ? __lock_acquire+0x5fc/0x3f20 [ 858.705301] ? putname+0xcd/0x110 [ 858.705304] __save_stack_trace+0x90/0x160 [ 858.705306] ? putname+0xcd/0x110 [ 858.705309] kasan_slab_free+0xc3/0x1a0 [ 858.705311] ? kasan_slab_free+0xc3/0x1a0 [ 858.705314] ? kmem_cache_free+0x7c/0x2b0 [ 858.705316] ? putname+0xcd/0x110 [ 858.705318] ? follow_managed+0xa20/0xa20 [ 858.705321] ? debug_check_no_obj_freed+0x2c0/0x680 [ 858.705324] ? lock_acquire+0x170/0x3f0 [ 858.705326] ? lock_downgrade+0x740/0x740 [ 858.705329] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 858.705332] ? debug_check_no_obj_freed+0x2c0/0x680 [ 858.705334] ? lock_downgrade+0x740/0x740 [ 858.705337] ? debug_object_activate+0x490/0x490 [ 858.705339] ? putname+0xcd/0x110 [ 858.705342] kmem_cache_free+0x7c/0x2b0 [ 858.705344] putname+0xcd/0x110 [ 858.705347] filename_parentat+0x477/0x520 [ 858.705349] ? __put_seccomp_filter+0x90/0x90 [ 858.705351] ? getname+0x20/0x20 [ 858.705354] ? cache_alloc_refill+0x2fa/0x350 [ 858.705356] ? lock_downgrade+0x740/0x740 [ 858.705359] ? do_raw_spin_unlock+0x164/0x220 [ 858.705362] ? check_stack_object+0x86/0xa0 [ 858.705364] filename_create+0x8a/0x3f0 [ 858.705367] ? kern_path_mountpoint+0x40/0x40 [ 858.705369] ? getname_flags+0x22e/0x550 [ 858.705371] SyS_mkdirat+0x95/0x270 [ 858.705374] ? SyS_mknod+0x30/0x30 [ 858.705376] ? do_syscall_64+0x4c/0x640 [ 858.705378] ? SyS_mkdirat+0x270/0x270 [ 858.705381] do_syscall_64+0x1d5/0x640 [ 858.705384] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 858.705386] RIP: 0033:0x7f0d43f99687 [ 858.705389] RSP: 002b:00007fff49ca52e8 EFLAGS: 00000293 ORIG_RAX: 0000000000000053 [ 858.705395] RAX: ffffffffffffffda RBX: 00007fff49ca8350 RCX: 00007f0d43f99687 [ 858.705398] RDX: 0000000000000000 RSI: 00000000000001ed RDI: 0000556f2737e8a0 [ 858.705402] RBP: 00007fff49ca5320 R08: 0000556f260b73e5 R09: 0000000000000018 [ 858.705405] R10: 0000000000000069 R11: 0000000000000293 R12: 0000000000000000 [ 858.705408] R13: 0000000000000001 R14: 0000556f2737e8a0 R15: 00007fff49ca5960 [ 858.705410] Code: 48 d1 f8 48 8d 5c 85 00 48 89 d8 48 c1 e8 03 42 0f b6 14 38 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 48 48 63 03 48 01 d8 <48> 39 c1 73 b0 4c 8d 63 fc 49 39 ec 73 b3 4d 29 ee 49 c1 fe 02 [ 858.705614] Kernel panic - not syncing: hung_task: blocked tasks [ 859.046920] CPU: 0 PID: 1533 Comm: khungtaskd Not tainted 4.14.232-syzkaller #0 [ 859.054341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 859.063674] Call Trace: [ 859.066250] dump_stack+0x1b2/0x281 [ 859.069856] panic+0x1f9/0x42d [ 859.073038] ? add_taint.cold+0x16/0x16 [ 859.077001] watchdog+0x5ca/0xb40 [ 859.080431] ? hungtask_pm_notify+0x50/0x50 [ 859.084744] kthread+0x30d/0x420 [ 859.088090] ? kthread_create_on_node+0xd0/0xd0 [ 859.092736] ret_from_fork+0x24/0x30 [ 859.097145] Kernel Offset: disabled [ 859.100771] Rebooting in 86400 seconds..