[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.133' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 749.845746] print_req_error: I/O error, dev loop3, sector 64 [ 749.852060] print_req_error: I/O error, dev loop3, sector 256 [ 749.859977] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 749.871932] print_req_error: I/O error, dev loop3, sector 512 [ 749.878756] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 [ 749.888642] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 749.897037] UDF-fs: Scanning with blocksize 512 failed [ 749.903962] print_req_error: I/O error, dev loop3, sector 64 [ 1001.394970] INFO: task syz-executor498:8007 blocked for more than 140 seconds. [ 1001.402482] Not tainted 4.14.212-syzkaller #0 [ 1001.409424] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1001.418149] syz-executor498 D29920 8007 7998 0x00000004 [ 1001.424056] Call Trace: [ 1001.428407] __schedule+0x88b/0x1de0 [ 1001.432131] ? io_schedule_timeout+0x140/0x140 [ 1001.437876] ? lock_downgrade+0x740/0x740 [ 1001.442034] schedule+0x8d/0x1b0 [ 1001.446524] schedule_preempt_disabled+0xf/0x20 [ 1001.451216] __mutex_lock+0x669/0x1310 [ 1001.456293] ? mount_bdev+0x71/0x360 [ 1001.460104] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1001.466855] ? __blkdev_get+0x1090/0x1090 [ 1001.471017] ? mntput+0x5c/0x80 [ 1001.474487] ? lookup_bdev+0x8c/0x1c0 [ 1001.479948] ? bdev_read_only+0x6a/0x90 [ 1001.483989] mount_bdev+0x71/0x360 [ 1001.488950] ? udf_load_vrs+0xa90/0xa90 [ 1001.492931] mount_fs+0x92/0x2a0 [ 1001.497465] vfs_kern_mount.part.0+0x5b/0x470 [ 1001.501981] do_mount+0xe53/0x2a00 [ 1001.506619] ? lock_acquire+0x170/0x3f0 [ 1001.510601] ? lock_downgrade+0x740/0x740 [ 1001.514750] ? copy_mount_string+0x40/0x40 [ 1001.520634] ? __might_fault+0x177/0x1b0 [ 1001.524707] ? _copy_from_user+0x96/0x100 [ 1001.530928] ? copy_mount_options+0x1fa/0x2f0 [ 1001.536218] ? copy_mnt_ns+0xa30/0xa30 [ 1001.540119] SyS_mount+0xa8/0x120 [ 1001.543567] ? copy_mnt_ns+0xa30/0xa30 [ 1001.548953] do_syscall_64+0x1d5/0x640 [ 1001.552856] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1001.559839] RIP: 0033:0x44ab29 [ 1001.563034] RSP: 002b:00007f894c4aedb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1001.571925] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044ab29 [ 1001.580009] RDX: 0000000020000040 RSI: 0000000020000280 RDI: 00000000200004c0 [ 1001.588030] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 1001.596064] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 1001.603434] R13: 00007ffcf5eda3ff R14: 00007f894c4af9c0 R15: 0000000000000000 [ 1001.611958] INFO: task syz-executor498:8003 blocked for more than 140 seconds. [ 1001.620134] Not tainted 4.14.212-syzkaller #0 [ 1001.625860] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1001.633974] syz-executor498 D29848 8003 7996 0x00000004 [ 1001.641012] Call Trace: [ 1001.643615] __schedule+0x88b/0x1de0 [ 1001.648963] ? io_schedule_timeout+0x140/0x140 [ 1001.653561] ? mark_held_locks+0xa6/0xf0 [ 1001.658910] ? _raw_spin_unlock_irq+0x24/0x80 [ 1001.663417] ? rwsem_down_write_failed+0x33e/0x6d0 [ 1001.669574] schedule+0x8d/0x1b0 [ 1001.672949] rwsem_down_write_failed+0x343/0x6d0 [ 1001.678847] ? rwsem_down_read_failed_killable+0x520/0x520 [ 1001.684498] ? __mutex_lock+0x356/0x1310 [ 1001.690261] ? lock_downgrade+0x740/0x740 [ 1001.694426] call_rwsem_down_write_failed+0x13/0x20 [ 1001.700724] down_write+0x4f/0x90 [ 1001.704182] ? grab_super+0x55/0x140 [ 1001.709027] grab_super+0x55/0x140 [ 1001.712838] ? set_bdev_super+0x110/0x110 [ 1001.718139] sget_userns+0x2b1/0xc10 [ 1001.721859] ? set_bdev_super+0x110/0x110 [ 1001.727163] ? ns_test_super+0x50/0x50 [ 1001.731185] ? set_bdev_super+0x110/0x110 [ 1001.737546] ? ns_test_super+0x50/0x50 [ 1001.741577] sget+0xd1/0x110 [ 1001.744595] mount_bdev+0xcd/0x360 [ 1001.749672] ? udf_load_vrs+0xa90/0xa90 [ 1001.753758] mount_fs+0x92/0x2a0 [ 1001.758316] vfs_kern_mount.part.0+0x5b/0x470 [ 1001.762823] do_mount+0xe53/0x2a00 [ 1001.767438] ? lock_acquire+0x170/0x3f0 [ 1001.771420] ? lock_downgrade+0x740/0x740 [ 1001.776693] ? copy_mount_string+0x40/0x40 [ 1001.781124] ? __might_fault+0x177/0x1b0 [ 1001.786502] ? _copy_from_user+0x96/0x100 [ 1001.790689] ? copy_mount_options+0x1fa/0x2f0 [ 1001.796330] ? copy_mnt_ns+0xa30/0xa30 [ 1001.800229] SyS_mount+0xa8/0x120 [ 1001.803676] ? copy_mnt_ns+0xa30/0xa30 [ 1001.809121] do_syscall_64+0x1d5/0x640 [ 1001.813026] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1001.820020] RIP: 0033:0x44ab29 [ 1001.823218] RSP: 002b:00007f894c4aedb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1001.832134] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044ab29 [ 1001.840275] RDX: 0000000020000040 RSI: 0000000020000280 RDI: 00000000200004c0 [ 1001.848336] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 1001.856451] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 1001.863735] R13: 00007ffcf5eda3ff R14: 00007f894c4af9c0 R15: 0000000000000000 [ 1001.872247] INFO: task syz-executor498:8012 blocked for more than 140 seconds. [ 1001.880517] Not tainted 4.14.212-syzkaller #0 [ 1001.886452] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1001.894444] syz-executor498 D29920 8012 7993 0x00000004 [ 1001.902246] Call Trace: [ 1001.905687] __schedule+0x88b/0x1de0 [ 1001.909431] ? io_schedule_timeout+0x140/0x140 [ 1001.914103] ? lock_downgrade+0x740/0x740 [ 1001.919896] schedule+0x8d/0x1b0 [ 1001.923277] schedule_preempt_disabled+0xf/0x20 [ 1001.930007] __mutex_lock+0x669/0x1310 [ 1001.934098] ? mount_bdev+0x71/0x360 [ 1001.938924] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1001.944396] ? __blkdev_get+0x1090/0x1090 [ 1001.950358] ? mntput+0x5c/0x80 [ 1001.953659] ? lookup_bdev+0x8c/0x1c0 [ 1001.958639] ? bdev_read_only+0x6a/0x90 [ 1001.962630] mount_bdev+0x71/0x360 [ 1001.967333] ? udf_load_vrs+0xa90/0xa90 [ 1001.971323] mount_fs+0x92/0x2a0 [ 1001.974693] vfs_kern_mount.part.0+0x5b/0x470 [ 1001.980761] do_mount+0xe53/0x2a00 [ 1001.984319] ? lock_acquire+0x170/0x3f0 [ 1001.989479] ? lock_downgrade+0x740/0x740 [ 1001.993646] ? copy_mount_string+0x40/0x40 [ 1001.998993] ? __might_fault+0x177/0x1b0 [ 1002.003089] ? _copy_from_user+0x96/0x100 [ 1002.008437] ? copy_mount_options+0x1fa/0x2f0 [ 1002.012951] ? copy_mnt_ns+0xa30/0xa30 [ 1002.018044] SyS_mount+0xa8/0x120 [ 1002.021512] ? copy_mnt_ns+0xa30/0xa30 [ 1002.026457] do_syscall_64+0x1d5/0x640 [ 1002.030359] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1002.036918] RIP: 0033:0x44ab29 [ 1002.040116] RSP: 002b:00007f894c4aedb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1002.048995] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044ab29 [ 1002.057117] RDX: 0000000020000040 RSI: 0000000020000280 RDI: 00000000200004c0 [ 1002.064403] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 1002.072863] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 1002.081576] R13: 00007ffcf5eda3ff R14: 00007f894c4af9c0 R15: 0000000000000000 [ 1002.089764] INFO: task syz-executor498:8009 blocked for more than 140 seconds. [ 1002.097886] Not tainted 4.14.212-syzkaller #0 [ 1002.102915] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1002.112508] syz-executor498 D29920 8009 7997 0x00000004 [ 1002.119052] Call Trace: [ 1002.121653] __schedule+0x88b/0x1de0 [ 1002.127256] ? io_schedule_timeout+0x140/0x140 [ 1002.131852] ? lock_downgrade+0x740/0x740 [ 1002.137115] schedule+0x8d/0x1b0 [ 1002.140498] schedule_preempt_disabled+0xf/0x20 [ 1002.146294] __mutex_lock+0x669/0x1310 [ 1002.150199] ? mount_bdev+0x71/0x360 [ 1002.156961] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1002.162433] ? __blkdev_get+0x1090/0x1090 [ 1002.167787] ? mntput+0x5c/0x80 [ 1002.171082] ? lookup_bdev+0x8c/0x1c0 [ 1002.176070] ? bdev_read_only+0x6a/0x90 [ 1002.180084] mount_bdev+0x71/0x360 [ 1002.183622] ? udf_load_vrs+0xa90/0xa90 [ 1002.189170] mount_fs+0x92/0x2a0 [ 1002.192552] vfs_kern_mount.part.0+0x5b/0x470 [ 1002.198239] do_mount+0xe53/0x2a00 [ 1002.201788] ? lock_acquire+0x170/0x3f0 [ 1002.207502] ? lock_downgrade+0x740/0x740 [ 1002.211665] ? copy_mount_string+0x40/0x40 [ 1002.217038] ? __might_fault+0x177/0x1b0 [ 1002.221115] ? _copy_from_user+0x96/0x100 [ 1002.226376] ? copy_mount_options+0x1fa/0x2f0 [ 1002.230878] ? copy_mnt_ns+0xa30/0xa30 [ 1002.234762] SyS_mount+0xa8/0x120 [ 1002.239667] ? copy_mnt_ns+0xa30/0xa30 [ 1002.243550] do_syscall_64+0x1d5/0x640 [ 1002.248531] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1002.253754] RIP: 0033:0x44ab29 [ 1002.258042] RSP: 002b:00007f894c4aedb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1002.266528] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044ab29 [ 1002.273814] RDX: 0000000020000040 RSI: 0000000020000280 RDI: 00000000200004c0 [ 1002.282273] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 1002.290297] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 1002.298511] R13: 00007ffcf5eda3ff R14: 00007f894c4af9c0 R15: 0000000000000000 [ 1002.306738] INFO: task syz-executor498:8011 blocked for more than 140 seconds. [ 1002.314123] Not tainted 4.14.212-syzkaller #0 [ 1002.320361] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1002.330586] syz-executor498 D29920 8011 7995 0x00000004 [ 1002.337542] Call Trace: [ 1002.340151] __schedule+0x88b/0x1de0 [ 1002.343866] ? io_schedule_timeout+0x140/0x140 [ 1002.349953] ? lock_downgrade+0x740/0x740 [ 1002.354119] schedule+0x8d/0x1b0 [ 1002.358770] schedule_preempt_disabled+0xf/0x20 [ 1002.363458] __mutex_lock+0x669/0x1310 [ 1002.368508] ? mount_bdev+0x71/0x360 [ 1002.372246] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1002.378937] ? __blkdev_get+0x1090/0x1090 [ 1002.383100] ? mntput+0x5c/0x80 [ 1002.387526] ? lookup_bdev+0x8c/0x1c0 [ 1002.391342] ? bdev_read_only+0x6a/0x90 [ 1002.396497] mount_bdev+0x71/0x360 [ 1002.400051] ? udf_load_vrs+0xa90/0xa90 [ 1002.404022] mount_fs+0x92/0x2a0 [ 1002.408915] vfs_kern_mount.part.0+0x5b/0x470 [ 1002.413447] do_mount+0xe53/0x2a00 [ 1002.418157] ? lock_acquire+0x170/0x3f0 [ 1002.422143] ? lock_downgrade+0x740/0x740 [ 1002.427440] ? copy_mount_string+0x40/0x40 [ 1002.431690] ? __might_fault+0x177/0x1b0 [ 1002.436932] ? _copy_from_user+0x96/0x100 [ 1002.441092] ? copy_mount_options+0x1fa/0x2f0 [ 1002.446732] ? copy_mnt_ns+0xa30/0xa30 [ 1002.450627] SyS_mount+0xa8/0x120 [ 1002.454074] ? copy_mnt_ns+0xa30/0xa30 [ 1002.459564] do_syscall_64+0x1d5/0x640 [ 1002.463474] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1002.470416] RIP: 0033:0x44ab29 [ 1002.473628] RSP: 002b:00007f894c4aedb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1002.482473] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044ab29 [ 1002.490441] RDX: 0000000020000040 RSI: 0000000020000280 RDI: 00000000200004c0 [ 1002.499215] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 1002.507250] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 1002.514539] R13: 00007ffcf5eda3ff R14: 00007f894c4af9c0 R15: 0000000000000000 [ 1002.523913] [ 1002.523913] Showing all locks held in the system: [ 1002.531091] 1 lock held by khungtaskd/1532: [ 1002.535623] #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7c/0x21a [ 1002.544712] 1 lock held by syz-executor498/8007: [ 1002.549515] #0: (&bdev->bd_fsfreeze_mutex){+.+.}, at: [] mount_bdev+0x71/0x360 [ 1002.558687] 2 locks held by syz-executor498/8003: [ 1002.563708] #0: (&bdev->bd_fsfreeze_mutex){+.+.}, at: [] mount_bdev+0x71/0x360 [ 1002.572987] #1: (&type->s_umount_key#47){+.+.}, at: [] grab_super+0x55/0x140 [ 1002.582144] 1 lock held by syz-executor498/8012: [ 1002.586944] #0: (&bdev->bd_fsfreeze_mutex){+.+.}, at: [] mount_bdev+0x71/0x360 [ 1002.596152] 1 lock held by syz-executor498/8009: [ 1002.600911] #0: (&bdev->bd_fsfreeze_mutex){+.+.}, at: [] mount_bdev+0x71/0x360 [ 1002.610101] 1 lock held by syz-executor498/8011: [ 1002.614886] #0: (&bdev->bd_fsfreeze_mutex){+.+.}, at: [] mount_bdev+0x71/0x360 [ 1002.624011] [ 1002.625708] ============================================= [ 1002.625708] [ 1002.636037] NMI backtrace for cpu 1 [ 1002.639687] CPU: 1 PID: 1532 Comm: khungtaskd Not tainted 4.14.212-syzkaller #0 [ 1002.647128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1002.656483] Call Trace: [ 1002.659074] dump_stack+0x1b2/0x283 [ 1002.662702] nmi_cpu_backtrace.cold+0x57/0x93 [ 1002.667202] ? irq_force_complete_move.cold+0x89/0x89 [ 1002.672398] nmi_trigger_cpumask_backtrace+0x13a/0x17f [ 1002.677676] watchdog+0x5b9/0xb40 [ 1002.681130] ? hungtask_pm_notify+0x50/0x50 [ 1002.685496] kthread+0x30d/0x420 [ 1002.688883] ? kthread_create_on_node+0xd0/0xd0 [ 1002.693567] ret_from_fork+0x24/0x30 [ 1002.697418] Sending NMI from CPU 1 to CPUs 0: [ 1002.702347] NMI backtrace for cpu 0 [ 1002.702352] CPU: 0 PID: 4625 Comm: systemd-journal Not tainted 4.14.212-syzkaller #0 [ 1002.702356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1002.702359] task: ffff8880a1148180 task.stack: ffff8880a1150000 [ 1002.702362] RIP: 0010:__sanitizer_cov_trace_pc+0x23/0x50 [ 1002.702365] RSP: 0018:ffff8880a1157e20 EFLAGS: 00000246 [ 1002.702370] RAX: ffff8880a1148180 RBX: ffff8880a1157f58 RCX: 0000000000000000 [ 1002.702374] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8880a1148188 [ 1002.702377] RBP: 1ffff1101422afc9 R08: 0000000000000000 R09: 0000000000000000 [ 1002.702381] R10: 0000000000000000 R11: 0000000000000000 R12: 00000000c000003e [ 1002.702384] R13: 0000000000000100 R14: 0000000000000027 R15: ffff8880a1157fd0 [ 1002.702388] FS: 00007fc0b225a8c0(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 [ 1002.702391] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1002.702394] CR2: 00007fc0af59c000 CR3: 00000000a1435000 CR4: 00000000001406f0 [ 1002.702398] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1002.702401] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1002.702403] Call Trace: [ 1002.702406] syscall_trace_enter+0x1fd/0xc20 [ 1002.702408] ? syscall_slow_exit_work+0x560/0x560 [ 1002.702411] ? lock_downgrade+0x740/0x740 [ 1002.702413] ? do_syscall_64+0x4c/0x640 [ 1002.702416] do_syscall_64+0x41b/0x640 [ 1002.702418] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1002.702421] RIP: 0033:0x7fc0b14f3f17 [ 1002.702423] RSP: 002b:00007ffebef988a8 EFLAGS: 00000202 ORIG_RAX: 0000000000000027 [ 1002.702429] RAX: ffffffffffffffda RBX: 000056431b8c81e0 RCX: 00007fc0b14f3f17 [ 1002.702433] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 000056431b8c81e0 [ 1002.702436] RBP: 00007ffebef989a0 R08: 00007ffebefc4000 R09: 0000010df6a63a6f [ 1002.702440] R10: 00086980b2e76fd4 R11: 0000000000000202 R12: 0000000000001211 [ 1002.702443] R13: 00007ffebef98a38 R14: ffffffffffffffff R15: 0005b6c9636c6197 [ 1002.702445] Code: 00 00 e9 c6 ed ff ff 90 65 48 8b 04 25 80 df 01 00 48 85 c0 74 1a 65 8b 15 bb 9f aa 7e 81 e2 00 01 1f 00 75 0b 8b 90 58 13 00 00 <83> fa 01 74 01 c3 48 8b 34 24 48 8b 88 60 13 00 00 8b 80 5c 13 [ 1002.704663] Kernel panic - not syncing: hung_task: blocked tasks [ 1002.915266] CPU: 1 PID: 1532 Comm: khungtaskd Not tainted 4.14.212-syzkaller #0 [ 1002.922721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1002.932502] Call Trace: [ 1002.935092] dump_stack+0x1b2/0x283 [ 1002.938714] panic+0x1f9/0x42d [ 1002.941910] ? add_taint.cold+0x16/0x16 [ 1002.945887] watchdog+0x5ca/0xb40 [ 1002.949336] ? hungtask_pm_notify+0x50/0x50 [ 1002.953649] kthread+0x30d/0x420 [ 1002.957012] ? kthread_create_on_node+0xd0/0xd0 [ 1002.961691] ret_from_fork+0x24/0x30 [ 1002.966047] Kernel Offset: disabled [ 1002.969777] Rebooting in 86400 seconds..