[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   27.893947] kauditd_printk_skb: 7 callbacks suppressed
[   27.893958] audit: type=1800 audit(1541410537.224:29): pid=5561 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   27.926836] audit: type=1800 audit(1541410537.224:30): pid=5561 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.93' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [  433.333192] INFO: task syz-executor161:5717 blocked for more than 140 seconds.
[  433.340774]       Not tainted 4.19.0+ #223
[  433.345077] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  433.353072] syz-executor161 D23632  5717   5716 0x20020004
[  433.358730] Call Trace:
[  433.361502]  __schedule+0x8cf/0x21d0
[  433.365273]  ? __sched_text_start+0x8/0x8
[  433.369565]  ? perf_trace_sched_process_exec+0x860/0x860
[  433.375111]  ? zap_class+0x640/0x640
[  433.378825]  ? zap_class+0x640/0x640
[  433.382528]  ? zap_class+0x640/0x640
[  433.386446]  schedule+0xfe/0x460
[  433.389809]  ? __schedule+0x21d0/0x21d0
[  433.393844]  ? find_held_lock+0x36/0x1c0
[  433.397900]  ? mark_held_locks+0xc7/0x130
[  433.402040]  schedule_timeout+0x1cc/0x260
[  433.406225]  ? usleep_range+0x1a0/0x1a0
[  433.410191]  ? wait_for_completion+0x41f/0x8a0
[  433.414872]  ? trace_hardirqs_off_caller+0x310/0x310
[  433.420005]  wait_for_completion+0x427/0x8a0
[  433.424454]  ? wait_for_completion_interruptible+0x840/0x840
[  433.430245]  ? wake_up_q+0x100/0x100
[  433.434001]  ? lock_release+0xa00/0xa00
[  433.437967]  ? __init_waitqueue_head+0x9e/0x150
[  433.442623]  ? init_wait_entry+0x1c0/0x1c0
[  433.446935]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  433.452504]  flush_workqueue+0x742/0x1e10
[  433.456718]  ? print_usage_bug+0xc0/0xc0
[  433.460779]  ? cancel_delayed_work+0x3e0/0x3e0
[  433.465463]  ? is_bpf_text_address+0xac/0x170
[  433.469968]  ? find_held_lock+0x36/0x1c0
[  433.474073]  ? __lock_acquire+0x62f/0x4c20
[  433.478337]  ? depot_save_stack+0x292/0x470
[  433.482647]  ? zap_class+0x640/0x640
[  433.486400]  ? mark_held_locks+0x130/0x130
[  433.490633]  ? lock_acquire+0x1ed/0x520
[  433.494798]  ? vim2m_release+0xbc/0x150
[  433.498822]  ? lock_release+0xa00/0xa00
[  433.502789]  ? perf_trace_sched_process_exec+0x860/0x860
[  433.508340]  ? v4l2_ctrl_handler_free.part.12+0x742/0xb80
[  433.513957]  ? lock_downgrade+0x900/0x900
[  433.518162]  ? kfree+0xcf/0x230
[  433.521441]  ? __mutex_lock+0x85e/0x16f0
[  433.525581]  ? trace_hardirqs_on+0x310/0x310
[  433.530001]  ? zap_class+0x640/0x640
[  433.533765]  vim2m_stop_streaming+0x7c/0x2c0
[  433.538161]  ? vim2m_stop_streaming+0x7c/0x2c0
[  433.542728]  ? mark_held_locks+0xc7/0x130
[  433.546926]  ? vim2m_buf_queue+0xa0/0xa0
[  433.551006]  __vb2_queue_cancel+0x171/0xd20
[  433.555381]  ? trace_hardirqs_on+0xbd/0x310
[  433.559731]  ? kasan_check_read+0x11/0x20
[  433.563957]  ? vb2_buffer_done+0xb90/0xb90
[  433.568182]  ? kasan_check_read+0x11/0x20
[  433.572352]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[  433.577784]  ? v4l2_m2m_cancel_job+0x2f8/0x650
[  433.582410]  ? v4l2_m2m_job_finish+0x4c0/0x4c0
[  433.587047]  ? kasan_check_read+0x11/0x20
[  433.591213]  ? mutex_destroy+0x103/0x200
[  433.595355]  ? percpu_down_write+0x540/0x540
[  433.599758]  ? vidioc_querycap+0xd0/0xd0
[  433.603864]  vb2_core_queue_release+0x26/0x80
[  433.608350]  vb2_queue_release+0x15/0x20
[  433.612397]  v4l2_m2m_ctx_release+0x1e/0x35
[  433.616752]  vim2m_release+0xe6/0x150
[  433.620544]  v4l2_release+0x224/0x3a0
[  433.624376]  ? dev_debug_store+0x140/0x140
[  433.628638]  __fput+0x385/0xa30
[  433.631912]  ? get_max_files+0x20/0x20
[  433.635839]  ? trace_hardirqs_on+0xbd/0x310
[  433.640152]  ? kasan_check_read+0x11/0x20
[  433.644352]  ? task_work_run+0x1af/0x2a0
[  433.648417]  ? trace_hardirqs_off_caller+0x310/0x310
[  433.653592]  ? filp_close+0x1cd/0x250
[  433.657387]  ____fput+0x15/0x20
[  433.660651]  task_work_run+0x1e8/0x2a0
[  433.664572]  ? task_work_cancel+0x240/0x240
[  433.668895]  ? copy_fd_bitmaps+0x210/0x210
[  433.673194]  ? do_fast_syscall_32+0x150/0xfb2
[  433.677705]  exit_to_usermode_loop+0x318/0x380
[  433.682324]  ? __bpf_trace_sys_exit+0x30/0x30
[  433.686873]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  433.692412]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  433.697990]  do_fast_syscall_32+0xcd5/0xfb2
[  433.702304]  ? do_int80_syscall_32+0x890/0x890
[  433.706923]  ? entry_SYSENTER_compat+0x68/0x7f
[  433.711510]  ? trace_hardirqs_off_caller+0xbb/0x310
[  433.716589]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  433.721419]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  433.726303]  ? trace_hardirqs_on_caller+0x310/0x310
[  433.731308]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  433.736356]  ? prepare_exit_to_usermode+0x291/0x3b0
[  433.741367]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  433.746244]  entry_SYSENTER_compat+0x70/0x7f
[  433.750639] RIP: 0023:0xf7f6da29
[  433.754040] Code: Bad RIP value.
[  433.757395] RSP: 002b:00000000fffaa8fc EFLAGS: 00000246 ORIG_RAX: 0000000000000006
[  433.765134] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
[  433.772397] RDX: 0000000000000003 RSI: 00000000080bfdf9 RDI: 0000000000000000
[  433.779711] RBP: 00000000fffaa958 R08: 0000000000000000 R09: 0000000000000000
[  433.787003] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  433.794469] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  433.801741] 
[  433.801741] Showing all locks held in the system:
[  433.808097] 2 locks held by kworker/1:1/22:
[  433.812402]  #0: 00000000845eec84 ((wq_completion)"events"){+.+.}, at: process_one_work+0xb43/0x1c40
[  433.821716]  #1: 0000000031fa8864 ((work_completion)(&smc->tcp_listen_work)){+.+.}, at: process_one_work+0xb9a/0x1c40
[  433.832492] 1 lock held by khungtaskd/1007:
[  433.836917]  #0: 000000004f51a5b3 (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x424
[  433.845553] 1 lock held by rsyslogd/5599:
[  433.849682]  #0: 0000000071224d4b (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200
[  433.857720] 2 locks held by getty/5690:
[  433.861679]  #0: 000000009f4b5ec2 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  433.870065]  #1: 000000001defc28f (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80
[  433.879010] 2 locks held by getty/5691:
[  433.882964]  #0: 00000000db0a8d44 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  433.891252]  #1: 00000000999bc7a6 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80
[  433.900147] 2 locks held by getty/5692:
[  433.904138]  #0: 000000000492ded5 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  433.912361]  #1: 00000000ddbf147a (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80
[  433.921265] 2 locks held by getty/5693:
[  433.925254]  #0: 00000000972bbf95 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  433.933526]  #1: 00000000e3fc51c6 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80
[  433.942439] 2 locks held by getty/5694:
[  433.946452]  #0: 000000000d39e083 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  433.954713]  #1: 00000000fa7d0f4e (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80
[  433.963594] 2 locks held by getty/5695:
[  433.967549]  #0: 00000000218572d7 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  433.975838]  #1: 00000000a578c4da (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80
[  433.984872] 2 locks held by getty/5696:
[  433.988835]  #0: 00000000fd115c7a (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  433.997123]  #1: 0000000083156d2d (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80
[  434.006001] 2 locks held by syz-executor161/5717:
[  434.010840]  #0: 0000000075d8d832 (&mdev->req_queue_mutex){+.+.}, at: v4l2_release+0x1d7/0x3a0
[  434.019649]  #1: 000000007477268d (&dev->dev_mutex){+.+.}, at: vim2m_release+0xbc/0x150
[  434.027837] 
[  434.029451] =============================================
[  434.029451] 
[  434.036511] NMI backtrace for cpu 1
[  434.040128] CPU: 1 PID: 1007 Comm: khungtaskd Not tainted 4.19.0+ #223
[  434.046858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  434.056200] Call Trace:
[  434.058853]  dump_stack+0x244/0x39d
[  434.062471]  ? dump_stack_print_info.cold.1+0x20/0x20
[  434.067648]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  434.073172]  nmi_cpu_backtrace.cold.2+0x5c/0xa1
[  434.077852]  ? lapic_can_unplug_cpu.cold.27+0x3f/0x3f
[  434.083028]  nmi_trigger_cpumask_backtrace+0x1e8/0x22a
[  434.088291]  arch_trigger_cpumask_backtrace+0x14/0x20
[  434.093555]  watchdog+0xb51/0x1060
[  434.097090]  ? hungtask_pm_notify+0xb0/0xb0
[  434.101440]  ? __kthread_parkme+0xce/0x1a0
[  434.105673]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[  434.110761]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[  434.115850]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[  434.120426]  ? trace_hardirqs_on+0xbd/0x310
[  434.124736]  ? kasan_check_read+0x11/0x20
[  434.128877]  ? __kthread_parkme+0xce/0x1a0
[  434.133108]  ? trace_hardirqs_off_caller+0x310/0x310
[  434.138207]  ? trace_hardirqs_off_caller+0x310/0x310
[  434.143297]  ? lockdep_init_map+0x9/0x10
[  434.147347]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[  434.152436]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  434.157957]  ? __kthread_parkme+0xfb/0x1a0
[  434.162175]  ? hungtask_pm_notify+0xb0/0xb0
[  434.166481]  kthread+0x35a/0x440
[  434.169839]  ? kthread_stop+0x900/0x900
[  434.173799]  ret_from_fork+0x3a/0x50
[  434.177603] Sending NMI from CPU 1 to CPUs 0:
[  434.182156] NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x6/0x10
[  434.183097] Kernel panic - not syncing: hung_task: blocked tasks
[  434.195864] CPU: 1 PID: 1007 Comm: khungtaskd Not tainted 4.19.0+ #223
[  434.202573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  434.211911] Call Trace:
[  434.214487]  dump_stack+0x244/0x39d
[  434.218102]  ? dump_stack_print_info.cold.1+0x20/0x20
[  434.223338]  panic+0x2ad/0x55c
[  434.226519]  ? add_taint.cold.5+0x16/0x16
[  434.230660]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  434.236290]  ? nmi_trigger_cpumask_backtrace+0x1d1/0x22a
[  434.241727]  ? nmi_trigger_cpumask_backtrace+0x1c8/0x22a
[  434.247167]  watchdog+0xb62/0x1060
[  434.250768]  ? hungtask_pm_notify+0xb0/0xb0
[  434.255134]  ? __kthread_parkme+0xce/0x1a0
[  434.259366]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[  434.264455]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[  434.269541]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[  434.274107]  ? trace_hardirqs_on+0xbd/0x310
[  434.278509]  ? kasan_check_read+0x11/0x20
[  434.282646]  ? __kthread_parkme+0xce/0x1a0
[  434.286866]  ? trace_hardirqs_off_caller+0x310/0x310
[  434.291954]  ? trace_hardirqs_off_caller+0x310/0x310
[  434.297054]  ? lockdep_init_map+0x9/0x10
[  434.301111]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[  434.306466]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  434.311996]  ? __kthread_parkme+0xfb/0x1a0
[  434.316220]  ? hungtask_pm_notify+0xb0/0xb0
[  434.320566]  kthread+0x35a/0x440
[  434.323926]  ? kthread_stop+0x900/0x900
[  434.327888]  ret_from_fork+0x3a/0x50
[  434.332771] Kernel Offset: disabled
[  434.336473] Rebooting in 86400 seconds..