[ 35.228620] audit: type=1800 audit(1583687784.377:34): pid=7279 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 37.807843] random: sshd: uninitialized urandom read (32 bytes read) [ 38.075037] audit: type=1400 audit(1583687787.247:35): avc: denied { map } for pid=7453 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 38.126420] random: sshd: uninitialized urandom read (32 bytes read) [ 38.867715] random: sshd: uninitialized urandom read (32 bytes read) [ 72.716752] audit: type=1400 audit(1583687821.887:36): avc: denied { map } for pid=7462 comm="sh" path="/bin/dash" dev="sda1" ino=1473 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 908.483381] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.138' (ECDSA) to the list of known hosts. [ 914.004307] random: sshd: uninitialized urandom read (32 bytes read) executing program executing program executing program executing program executing program executing program [ 914.143378] audit: type=1400 audit(1583688663.317:37): avc: denied { map } for pid=7469 comm="syz-executor680" path="/root/syz-executor680030059" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 1144.790209] INFO: task syz-executor680:7476 blocked for more than 140 seconds. [ 1144.790218] Not tainted 4.14.172-syzkaller #0 [ 1144.790221] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.790226] syz-executor680 D28688 7476 7475 0x00000004 [ 1144.790291] Call Trace: [ 1144.790365] ? __schedule+0x7b8/0x1ca0 [ 1144.790445] ? lock_acquire+0x170/0x3f0 [ 1144.790458] ? __sched_text_start+0x8/0x8 [ 1144.790472] schedule+0x8d/0x1b0 [ 1144.790496] schedule_timeout+0x946/0xe40 [ 1144.790508] ? usleep_range+0x130/0x130 [ 1144.790515] ? find_held_lock+0x2d/0x110 [ 1144.790524] ? __down+0x158/0x290 [ 1144.790536] ? lock_downgrade+0x6e0/0x6e0 [ 1144.790545] ? _raw_spin_unlock_irq+0x24/0x80 [ 1144.790557] __down+0x160/0x290 [ 1144.790593] ? ww_mutex_lock+0xb0/0xb0 [ 1144.790599] ? down+0xd/0x80 [ 1144.790614] down+0x57/0x80 [ 1144.790641] console_lock+0x24/0x70 [ 1144.790674] do_fb_ioctl+0x36a/0x940 [ 1144.790682] ? lock_downgrade+0x6e0/0x6e0 [ 1144.790690] ? fb_read+0x520/0x520 [ 1144.790718] ? avc_has_extended_perms+0x802/0xd40 [ 1144.790729] ? lock_downgrade+0x6e0/0x6e0 [ 1144.790762] ? pud_val+0xd0/0xd0 [ 1144.790769] ? avc_ss_reset+0x100/0x100 [ 1144.790779] ? put_page+0x88/0x1b0 [ 1144.790802] ? wp_page_copy+0x9d4/0x1300 [ 1144.790815] ? follow_pfn+0x200/0x200 [ 1144.790842] fb_ioctl+0xdd/0x130 [ 1144.790849] ? do_fb_ioctl+0x940/0x940 [ 1144.790884] do_vfs_ioctl+0x75a/0xfe0 [ 1144.790893] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1144.790903] ? ioctl_preallocate+0x1a0/0x1a0 [ 1144.790915] ? lock_downgrade+0x6e0/0x6e0 [ 1144.790948] ? security_file_ioctl+0x76/0xb0 [ 1144.790956] ? security_file_ioctl+0x83/0xb0 [ 1144.790966] SyS_ioctl+0x7f/0xb0 [ 1144.790974] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1144.790985] do_syscall_64+0x1d5/0x640 [ 1144.790999] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.791007] RIP: 0033:0x441419 [ 1144.791012] RSP: 002b:00007ffcd4e54c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1144.791022] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419 [ 1144.791027] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003 [ 1144.791036] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 1144.791041] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190 [ 1144.791046] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000 [ 1144.791065] INFO: task syz-executor680:7478 blocked for more than 140 seconds. [ 1144.791069] Not tainted 4.14.172-syzkaller #0 [ 1144.791072] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.791076] syz-executor680 D28688 7478 7471 0x00000004 [ 1144.791094] Call Trace: [ 1144.791106] ? __schedule+0x7b8/0x1ca0 [ 1144.791114] ? lock_acquire+0x170/0x3f0 [ 1144.791126] ? __sched_text_start+0x8/0x8 [ 1144.791139] schedule+0x8d/0x1b0 [ 1144.791146] schedule_timeout+0x946/0xe40 [ 1144.791157] ? usleep_range+0x130/0x130 [ 1144.791164] ? find_held_lock+0x2d/0x110 [ 1144.791173] ? __down+0x158/0x290 [ 1144.791185] ? lock_downgrade+0x6e0/0x6e0 [ 1144.791194] ? _raw_spin_unlock_irq+0x24/0x80 [ 1144.791206] __down+0x160/0x290 [ 1144.791217] ? ww_mutex_lock+0xb0/0xb0 [ 1144.791223] ? down+0xd/0x80 [ 1144.791237] down+0x57/0x80 [ 1144.791245] console_lock+0x24/0x70 [ 1144.791251] do_fb_ioctl+0x36a/0x940 [ 1144.791259] ? lock_downgrade+0x6e0/0x6e0 [ 1144.791267] ? fb_read+0x520/0x520 [ 1144.791277] ? avc_has_extended_perms+0x802/0xd40 [ 1144.791287] ? lock_downgrade+0x6e0/0x6e0 [ 1144.791295] ? pud_val+0xd0/0xd0 [ 1144.791303] ? avc_ss_reset+0x100/0x100 [ 1144.791312] ? put_page+0x88/0x1b0 [ 1144.791320] ? wp_page_copy+0x9d4/0x1300 [ 1144.791332] ? follow_pfn+0x200/0x200 [ 1144.791359] fb_ioctl+0xdd/0x130 [ 1144.791366] ? do_fb_ioctl+0x940/0x940 [ 1144.791375] do_vfs_ioctl+0x75a/0xfe0 [ 1144.791383] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1144.791393] ? ioctl_preallocate+0x1a0/0x1a0 [ 1144.791405] ? lock_downgrade+0x6e0/0x6e0 [ 1144.791416] ? security_file_ioctl+0x76/0xb0 [ 1144.791424] ? security_file_ioctl+0x83/0xb0 [ 1144.791434] SyS_ioctl+0x7f/0xb0 [ 1144.791441] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1144.791451] do_syscall_64+0x1d5/0x640 [ 1144.791464] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.791470] RIP: 0033:0x441419 [ 1144.791475] RSP: 002b:00007ffcd4e54c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1144.791484] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419 [ 1144.791499] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003 [ 1144.791504] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 1144.791509] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190 [ 1144.791513] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000 [ 1144.791531] INFO: task syz-executor680:7479 blocked for more than 140 seconds. [ 1144.791535] Not tainted 4.14.172-syzkaller #0 [ 1144.791538] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.791542] syz-executor680 D28688 7479 7474 0x00000004 [ 1144.791558] Call Trace: [ 1144.791576] ? __schedule+0x7b8/0x1ca0 [ 1144.791584] ? lock_acquire+0x170/0x3f0 [ 1144.791596] ? __sched_text_start+0x8/0x8 [ 1144.791609] schedule+0x8d/0x1b0 [ 1144.791617] schedule_timeout+0x946/0xe40 [ 1144.791628] ? usleep_range+0x130/0x130 [ 1144.791635] ? find_held_lock+0x2d/0x110 [ 1144.791643] ? __down+0x158/0x290 [ 1144.791655] ? lock_downgrade+0x6e0/0x6e0 [ 1144.791664] ? _raw_spin_unlock_irq+0x24/0x80 [ 1144.791676] __down+0x160/0x290 [ 1144.791687] ? ww_mutex_lock+0xb0/0xb0 [ 1144.791697] ? down+0xd/0x80 [ 1144.791712] down+0x57/0x80 [ 1144.791720] console_lock+0x24/0x70 [ 1144.791726] do_fb_ioctl+0x36a/0x940 [ 1144.791734] ? lock_downgrade+0x6e0/0x6e0 [ 1144.791742] ? fb_read+0x520/0x520 [ 1144.791752] ? avc_has_extended_perms+0x802/0xd40 [ 1144.791762] ? lock_downgrade+0x6e0/0x6e0 [ 1144.791770] ? pud_val+0xd0/0xd0 [ 1144.791778] ? avc_ss_reset+0x100/0x100 [ 1144.791787] ? put_page+0x88/0x1b0 [ 1144.791795] ? wp_page_copy+0x9d4/0x1300 [ 1144.791807] ? follow_pfn+0x200/0x200 [ 1144.791835] fb_ioctl+0xdd/0x130 [ 1144.791841] ? do_fb_ioctl+0x940/0x940 [ 1144.791850] do_vfs_ioctl+0x75a/0xfe0 [ 1144.791858] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1144.791868] ? ioctl_preallocate+0x1a0/0x1a0 [ 1144.791880] ? lock_downgrade+0x6e0/0x6e0 [ 1144.791892] ? security_file_ioctl+0x76/0xb0 [ 1144.791899] ? security_file_ioctl+0x83/0xb0 [ 1144.791910] SyS_ioctl+0x7f/0xb0 [ 1144.791917] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1144.791927] do_syscall_64+0x1d5/0x640 [ 1144.791940] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.791945] RIP: 0033:0x441419 [ 1144.791950] RSP: 002b:00007ffcd4e54c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1144.791959] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419 [ 1144.791964] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003 [ 1144.791969] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 1144.791973] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190 [ 1144.791978] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000 [ 1144.791996] INFO: task syz-executor680:7480 blocked for more than 140 seconds. [ 1144.792000] Not tainted 4.14.172-syzkaller #0 [ 1144.792003] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.792007] syz-executor680 D28688 7480 7472 0x00000004 [ 1144.792023] Call Trace: [ 1144.792035] ? __schedule+0x7b8/0x1ca0 [ 1144.792043] ? __mutex_lock+0x737/0x1470 [ 1144.792055] ? __sched_text_start+0x8/0x8 [ 1144.792062] ? lock_downgrade+0x6e0/0x6e0 [ 1144.792075] schedule+0x8d/0x1b0 [ 1144.792084] schedule_preempt_disabled+0xf/0x20 [ 1144.792092] __mutex_lock+0x73c/0x1470 [ 1144.792100] ? get_fb_info.part.0+0x5f/0x70 [ 1144.792109] ? fb_open+0xb7/0x400 [ 1144.792121] ? mutex_trylock+0x1a0/0x1a0 [ 1144.792132] ? __mutex_unlock_slowpath+0x75/0x780 [ 1144.792139] ? find_held_lock+0x2d/0x110 [ 1144.792156] ? fb_open+0xb7/0x400 [ 1144.792162] fb_open+0xb7/0x400 [ 1144.792171] ? get_fb_info.part.0+0x70/0x70 [ 1144.792200] chrdev_open+0x1fc/0x540 [ 1144.792210] ? cdev_put.part.0+0x50/0x50 [ 1144.792223] do_dentry_open+0x732/0xe90 [ 1144.792233] ? cdev_put.part.0+0x50/0x50 [ 1144.792242] ? __inode_permission+0x7c/0x300 [ 1144.792252] vfs_open+0x105/0x220 [ 1144.792263] path_openat+0x8ca/0x3c50 [ 1144.792283] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 1144.792300] do_filp_open+0x18e/0x250 [ 1144.792309] ? may_open_dev+0xe0/0xe0 [ 1144.792325] ? lock_downgrade+0x6e0/0x6e0 [ 1144.792336] ? do_raw_spin_unlock+0x164/0x250 [ 1144.792347] ? __alloc_fd+0x1bf/0x490 [ 1144.792361] do_sys_open+0x29d/0x3f0 [ 1144.792371] ? filp_open+0x60/0x60 [ 1144.792381] ? __do_page_fault+0x35b/0xb40 [ 1144.792389] ? do_syscall_64+0x4c/0x640 [ 1144.792396] ? SyS_open+0x30/0x30 [ 1144.792406] do_syscall_64+0x1d5/0x640 [ 1144.792419] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.792425] RIP: 0033:0x441419 [ 1144.792429] RSP: 002b:00007ffcd4e54c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1144.792438] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419 [ 1144.792443] RDX: 0000000000000000 RSI: 0000000020000180 RDI: ffffffffffffff9c [ 1144.792448] RBP: 00000000006cb018 R08: 0000000000000004 R09: 00000000004002c8 [ 1144.792453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402190 [ 1144.792458] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000 [ 1144.792475] INFO: task syz-executor680:7481 blocked for more than 140 seconds. [ 1144.792480] Not tainted 4.14.172-syzkaller #0 [ 1144.792483] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.792487] syz-executor680 D28688 7481 7470 0x00000004 [ 1144.792504] Call Trace: [ 1144.792516] ? __schedule+0x7b8/0x1ca0 [ 1144.792524] ? __mutex_lock+0x737/0x1470 [ 1144.792536] ? __sched_text_start+0x8/0x8 [ 1144.792543] ? lock_downgrade+0x6e0/0x6e0 [ 1144.792555] schedule+0x8d/0x1b0 [ 1144.792564] schedule_preempt_disabled+0xf/0x20 [ 1144.792577] __mutex_lock+0x73c/0x1470 [ 1144.792585] ? get_fb_info.part.0+0x5f/0x70 [ 1144.792594] ? fb_open+0xb7/0x400 [ 1144.792605] ? mutex_trylock+0x1a0/0x1a0 [ 1144.792617] ? __mutex_unlock_slowpath+0x75/0x780 [ 1144.792624] ? find_held_lock+0x2d/0x110 [ 1144.792640] ? fb_open+0xb7/0x400 [ 1144.792646] fb_open+0xb7/0x400 [ 1144.792656] ? get_fb_info.part.0+0x70/0x70 [ 1144.792663] chrdev_open+0x1fc/0x540 [ 1144.792672] ? cdev_put.part.0+0x50/0x50 [ 1144.792685] do_dentry_open+0x732/0xe90 [ 1144.792694] ? cdev_put.part.0+0x50/0x50 [ 1144.792703] ? __inode_permission+0x7c/0x300 [ 1144.792713] vfs_open+0x105/0x220 [ 1144.792723] path_openat+0x8ca/0x3c50 [ 1144.792743] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 1144.792760] do_filp_open+0x18e/0x250 [ 1144.792769] ? may_open_dev+0xe0/0xe0 [ 1144.792784] ? lock_downgrade+0x6e0/0x6e0 [ 1144.792795] ? do_raw_spin_unlock+0x164/0x250 [ 1144.792805] ? __alloc_fd+0x1bf/0x490 [ 1144.792819] do_sys_open+0x29d/0x3f0 [ 1144.792829] ? filp_open+0x60/0x60 [ 1144.792838] ? __do_page_fault+0x35b/0xb40 [ 1144.792846] ? do_syscall_64+0x4c/0x640 [ 1144.792853] ? SyS_open+0x30/0x30 [ 1144.792863] do_syscall_64+0x1d5/0x640 [ 1144.792876] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.792881] RIP: 0033:0x441419 [ 1144.792886] RSP: 002b:00007ffcd4e54c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1144.792894] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419 [ 1144.792899] RDX: 0000000000000000 RSI: 0000000020000180 RDI: ffffffffffffff9c [ 1144.792904] RBP: 00000000006cb018 R08: 0000000000000004 R09: 00000000004002c8 [ 1144.792909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402190 [ 1144.792914] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000 [ 1144.792929] [ 1144.792929] Showing all locks held in the system: [ 1144.792938] 1 lock held by khungtaskd/1056: [ 1144.792942] #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7c/0x21a [ 1144.792973] 1 lock held by rsyslogd/7317: [ 1144.792976] #0: (&f->f_pos_lock){+.+.}, at: [] __fdget_pos+0xa6/0xc0 [ 1144.792997] 2 locks held by getty/7439: [ 1144.793000] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 1144.793058] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e4/0x16f0 [ 1144.793079] 2 locks held by getty/7440: [ 1144.793082] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 1144.793101] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e4/0x16f0 [ 1144.793121] 2 locks held by getty/7441: [ 1144.793124] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 1144.793142] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e4/0x16f0 [ 1144.793163] 2 locks held by getty/7442: [ 1144.793165] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 1144.793184] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e4/0x16f0 [ 1144.793204] 2 locks held by getty/7443: [ 1144.793207] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 1144.793225] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e4/0x16f0 [ 1144.793245] 2 locks held by getty/7445: [ 1144.793248] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 1144.793267] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e4/0x16f0 [ 1144.793287] 2 locks held by getty/7446: [ 1144.793289] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 1144.793308] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e4/0x16f0 [ 1144.793329] 1 lock held by syz-executor680/7480: [ 1144.793332] #0: (&fb_info->lock){+.+.}, at: [] fb_open+0xb7/0x400 [ 1144.793351] 1 lock held by syz-executor680/7481: [ 1144.793354] #0: (&fb_info->lock){+.+.}, at: [] fb_open+0xb7/0x400 [ 1144.793371] [ 1144.793374] ============================================= [ 1144.793374] [ 1144.793379] NMI backtrace for cpu 0 [ 1144.793387] CPU: 0 PID: 1056 Comm: khungtaskd Not tainted 4.14.172-syzkaller #0 [ 1144.793392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1144.793395] Call Trace: [ 1144.793442] dump_stack+0x13e/0x194 [ 1144.793454] nmi_cpu_backtrace.cold+0x57/0x93 [ 1144.793466] ? irq_force_complete_move.cold+0x7b/0x7b [ 1144.793473] nmi_trigger_cpumask_backtrace+0x139/0x17e [ 1144.793502] watchdog+0x5e2/0xb80 [ 1144.793527] ? kthread_flush_work_fn+0x20/0x20 [ 1144.793536] ? hungtask_pm_notify+0x50/0x50 [ 1144.793545] kthread+0x30d/0x420 [ 1144.793553] ? kthread_create_on_node+0xd0/0xd0 [ 1144.793562] ret_from_fork+0x24/0x30 [ 1144.793584] Sending NMI from CPU 0 to CPUs 1: [ 1144.794257] NMI backtrace for cpu 1 [ 1144.794262] CPU: 1 PID: 7477 Comm: syz-executor680 Not tainted 4.14.172-syzkaller #0 [ 1144.794266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1144.794269] task: ffff88807fe32180 task.stack: ffff888097140000 [ 1144.794272] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x50 [ 1144.794275] RSP: 0018:ffff888097147310 EFLAGS: 00000202 [ 1144.794280] RAX: ffff8880000a00f8 RBX: ffff8880000a0100 RCX: 0000000000000000 [ 1144.794284] RDX: 0000000000000000 RSI: ffff8880000a0000 RDI: 0000000000001400 [ 1144.794287] RBP: 0000000000000050 R08: 0000000000001400 R09: 0000000000000040 [ 1144.794290] R10: ffffed1014b4a7e3 R11: ffff8880a5a53f1f R12: ffff8880000a0280 [ 1144.794293] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1144.794297] FS: 0000000001333880(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 [ 1144.794300] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1144.794303] CR2: 0000000020000180 CR3: 0000000089ff9000 CR4: 00000000001406e0 [ 1144.794307] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1144.794310] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1144.794312] Call Trace: [ 1144.794314] bitfill_aligned+0xd4/0x190 [ 1144.794317] cfb_fillrect+0x3d5/0x720 [ 1144.794319] ? cfb_fillrect+0x720/0x720 [ 1144.794321] vga16fb_fillrect+0x61e/0x1880 [ 1144.794324] ? fb_copy_cmap+0x28e/0x350 [ 1144.794326] ? vga16fb_setcolreg+0xfe/0x360 [ 1144.794328] bit_clear_margins+0x2a4/0x480 [ 1144.794331] ? bit_bmove+0x1e0/0x1e0 [ 1144.794333] fbcon_clear_margins+0x285/0x310 [ 1144.794335] fbcon_switch+0xcdf/0x1780 [ 1144.794338] ? kasan_kmalloc+0xbf/0xe0 [ 1144.794340] ? fbcon_set_def_font+0x370/0x370 [ 1144.794343] ? fbcon_cursor+0x4be/0x690 [ 1144.794345] ? bit_clear+0x460/0x460 [ 1144.794347] ? fbcon_set_origin+0x1c/0x40 [ 1144.794350] ? fbcon_scrolldelta+0x10c0/0x10c0 [ 1144.794352] redraw_screen+0x331/0x770 [ 1144.794354] ? con_flush_chars+0x80/0x80 [ 1144.794357] ? fbcon_set_palette+0x470/0x590 [ 1144.794359] fbcon_modechanged+0x59d/0x890 [ 1144.794362] fbcon_event_notify+0x11a/0x1746 [ 1144.794364] ? lock_acquire+0x170/0x3f0 [ 1144.794367] notifier_call_chain+0x107/0x1a0 [ 1144.794369] blocking_notifier_call_chain+0x79/0x90 [ 1144.794372] fb_set_var+0xaad/0xc70 [ 1144.794374] ? fb_set_suspend+0x110/0x110 [ 1144.794376] ? lock_acquire+0x170/0x3f0 [ 1144.794379] ? lock_fb_info+0x1a/0x70 [ 1144.794381] ? lock_fb_info+0x1a/0x70 [ 1144.794383] ? __mutex_lock+0x36a/0x1470 [ 1144.794386] ? trace_hardirqs_on+0x10/0x10 [ 1144.794388] ? mutex_trylock+0x1a0/0x1a0 [ 1144.794390] ? do_fb_ioctl+0x36a/0x940 [ 1144.794393] do_fb_ioctl+0x3cc/0x940 [ 1144.794395] ? lock_downgrade+0x6e0/0x6e0 [ 1144.794397] ? fb_read+0x520/0x520 [ 1144.794400] ? avc_has_extended_perms+0x802/0xd40 [ 1144.794402] ? lock_downgrade+0x6e0/0x6e0 [ 1144.794405] ? pud_val+0xd0/0xd0 [ 1144.794407] ? avc_ss_reset+0x100/0x100 [ 1144.794409] ? put_page+0x88/0x1b0 [ 1144.794411] ? wp_page_copy+0x9d4/0x1300 [ 1144.794414] ? follow_pfn+0x200/0x200 [ 1144.794416] fb_ioctl+0xdd/0x130 [ 1144.794418] ? do_fb_ioctl+0x940/0x940 [ 1144.794421] do_vfs_ioctl+0x75a/0xfe0 [ 1144.794423] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1144.794426] ? ioctl_preallocate+0x1a0/0x1a0 [ 1144.794428] ? lock_downgrade+0x6e0/0x6e0 [ 1144.794431] ? security_file_ioctl+0x76/0xb0 [ 1144.794433] ? security_file_ioctl+0x83/0xb0 [ 1144.794435] SyS_ioctl+0x7f/0xb0 [ 1144.794438] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1144.794440] do_syscall_64+0x1d5/0x640 [ 1144.794443] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.794445] RIP: 0033:0x441419 [ 1144.794447] RSP: 002b:00007ffcd4e54c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1144.794453] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419 [ 1144.794457] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003 [ 1144.794460] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 1144.794463] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190 [ 1144.794467] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000 [ 1144.794468] Code: 00 48 c7 c7 40 91 ad 86 4c 89 3d 6c b1 fe 08 41 bd f4 ff ff ff e8 4c be ee ff 48 c7 05 56 b1 fe 08 00 00 00 00 e9 be ed ff ff 90 <65> 48 8b 04 25 40 ee 01 00 48 85 c0 74 1a 65 8b 15 8b a8 a7 7e [ 1144.794598] Kernel panic - not syncing: hung_task: blocked tasks [ 1144.794605] CPU: 0 PID: 1056 Comm: khungtaskd Not tainted 4.14.172-syzkaller #0 [ 1144.794610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1144.794612] Call Trace: [ 1144.794622] dump_stack+0x13e/0x194 [ 1144.794654] panic+0x1f9/0x42d [ 1144.794662] ? add_taint.cold+0x16/0x16 [ 1144.794672] ? printk_safe_flush+0xac/0x110 [ 1144.794685] watchdog+0x5f3/0xb80 [ 1144.794692] ? kthread_flush_work_fn+0x20/0x20 [ 1144.794701] ? hungtask_pm_notify+0x50/0x50 [ 1144.794710] kthread+0x30d/0x420 [ 1144.794717] ? kthread_create_on_node+0xd0/0xd0 [ 1144.794726] ret_from_fork+0x24/0x30 [ 1144.796081] Kernel Offset: disabled