[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.227' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 895.765897] print_req_error: I/O error, dev loop3, sector 64 [ 895.772229] print_req_error: I/O error, dev loop3, sector 256 [ 895.779790] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 895.793507] print_req_error: I/O error, dev loop3, sector 512 [ 895.800134] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 [ 895.809674] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 895.817796] UDF-fs: Scanning with blocksize 512 failed [ 895.827801] print_req_error: I/O error, dev loop3, sector 64 [ 895.828301] syz-executor784[7994]: segfault at 0 ip 000000000043bd4e sp 00007f4c7108b188 error 4 [ 895.835624] syz-executor784[7995]: segfault at 0 ip 000000000043bd4e sp 00007f4c7108b188 error 4 [ 895.838638] syz-executor784[7998]: segfault at 0 ip 000000000043bd4e sp 00007f4c7108b188 error 4 [ 895.851392] in syz-executor784477392[401000+9a000] [ 895.855203] in syz-executor784477392[401000+9a000] [ 895.868619] syz-executor784[8002]: segfault at 0 ip 000000000043bd4e sp 00007f4c7108b188 error 4 in syz-executor784477392[401000+9a000] [ 895.876321] syz-executor784[8006]: segfault at 0 ip 000000000043bd4e sp 00007f4c7108b188 error 4 in syz-executor784477392[401000+9a000] [ 895.901621] syz-executor784[8008]: segfault at 0 ip 000000000043bd4e sp 00007f4c7108b188 error 4 in syz-executor784477392[401000+9a000] [ 895.917885] in syz-executor784477392[401000+9a000] [ 1144.764493] INFO: task syz-executor784:7986 blocked for more than 140 seconds. [ 1144.772424] Not tainted 4.14.232-syzkaller #0 [ 1144.779815] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.789587] syz-executor784 D29920 7986 7977 0x00000004 [ 1144.798907] Call Trace: [ 1144.802385] __schedule+0x88b/0x1de0 [ 1144.809229] ? io_schedule_timeout+0x140/0x140 [ 1144.815844] ? lock_downgrade+0x740/0x740 [ 1144.820024] schedule+0x8d/0x1b0 [ 1144.824101] schedule_preempt_disabled+0xf/0x20 [ 1144.830489] __mutex_lock+0x669/0x1310 [ 1144.835365] ? mount_bdev+0x71/0x360 [ 1144.839090] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1144.847703] ? __blkdev_get+0x1090/0x1090 [ 1144.851862] ? mntput+0x5c/0x80 [ 1144.856180] ? lookup_bdev+0x8c/0x1c0 [ 1144.859994] ? bdev_read_only+0x6a/0x90 [ 1144.863981] mount_bdev+0x71/0x360 [ 1144.869029] ? udf_load_vrs+0xa90/0xa90 [ 1144.873011] mount_fs+0x92/0x2a0 [ 1144.877428] vfs_kern_mount.part.0+0x5b/0x470 [ 1144.881931] do_mount+0xe53/0x2a00 [ 1144.886920] ? lock_acquire+0x170/0x3f0 [ 1144.890905] ? lock_downgrade+0x740/0x740 [ 1144.896096] ? copy_mount_string+0x40/0x40 [ 1144.900336] ? __might_fault+0x177/0x1b0 [ 1144.905790] ? _copy_from_user+0x96/0x100 [ 1144.909941] ? copy_mount_options+0x1fa/0x2f0 [ 1144.915508] ? copy_mnt_ns+0xa30/0xa30 [ 1144.919401] SyS_mount+0xa8/0x120 [ 1144.922846] ? copy_mnt_ns+0xa30/0xa30 [ 1144.928280] do_syscall_64+0x1d5/0x640 [ 1144.932193] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1144.938495] RIP: 0033:0x44a329 [ 1144.942571] RSP: 002b:00007f4c710ac318 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1144.952132] RAX: ffffffffffffffda RBX: 00000000004cb408 RCX: 000000000044a329 [ 1144.960185] RDX: 0000000020000000 RSI: 0000000020000180 RDI: 0000000020000380 [ 1144.968928] RBP: 00000000004cb400 R08: 0000000000000000 R09: 0000000000000000 [ 1144.976861] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 1144.984135] R13: 00007fffdc4d335f R14: 00007f4c710ac400 R15: 0000000000022000 [ 1144.992629] INFO: task syz-executor784:7982 blocked for more than 140 seconds. [ 1145.000753] Not tainted 4.14.232-syzkaller #0 [ 1145.006516] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1145.015653] syz-executor784 D29848 7982 7975 0x00000004 [ 1145.021481] Call Trace: [ 1145.024072] __schedule+0x88b/0x1de0 [ 1145.029461] ? io_schedule_timeout+0x140/0x140 [ 1145.036882] ? mark_held_locks+0xa6/0xf0 [ 1145.040951] ? _raw_spin_unlock_irq+0x24/0x80 [ 1145.047576] ? rwsem_down_write_failed+0x33e/0x6d0 [ 1145.052512] schedule+0x8d/0x1b0 [ 1145.057057] rwsem_down_write_failed+0x343/0x6d0 [ 1145.061827] ? rwsem_down_read_failed_killable+0x520/0x520 [ 1145.068709] ? lock_acquire+0x170/0x3f0 [ 1145.072699] call_rwsem_down_write_failed+0x13/0x20 [ 1145.079713] down_write+0x4f/0x90 [ 1145.083349] ? grab_super+0x55/0x140 [ 1145.088629] grab_super+0x55/0x140 [ 1145.092177] ? set_bdev_super+0x110/0x110 [ 1145.097468] sget_userns+0x2b1/0xc10 [ 1145.101203] ? set_bdev_super+0x110/0x110 [ 1145.106382] ? ns_test_super+0x50/0x50 [ 1145.110273] ? set_bdev_super+0x110/0x110 [ 1145.115551] ? ns_test_super+0x50/0x50 [ 1145.119440] sget+0xd1/0x110 [ 1145.122455] mount_bdev+0xcd/0x360 [ 1145.127544] ? udf_load_vrs+0xa90/0xa90 [ 1145.131533] mount_fs+0x92/0x2a0 [ 1145.137855] vfs_kern_mount.part.0+0x5b/0x470 [ 1145.143846] do_mount+0xe53/0x2a00 [ 1145.148566] ? lock_acquire+0x170/0x3f0 [ 1145.152554] ? lock_downgrade+0x740/0x740 [ 1145.157950] ? copy_mount_string+0x40/0x40 [ 1145.162206] ? __might_fault+0x177/0x1b0 [ 1145.168299] ? _copy_from_user+0x96/0x100 [ 1145.172469] ? copy_mount_options+0x1fa/0x2f0 [ 1145.178109] ? copy_mnt_ns+0xa30/0xa30 [ 1145.182017] SyS_mount+0xa8/0x120 [ 1145.186681] ? copy_mnt_ns+0xa30/0xa30 [ 1145.190580] do_syscall_64+0x1d5/0x640 [ 1145.195536] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1145.200773] RIP: 0033:0x44a329 [ 1145.203951] RSP: 002b:00007f4c710ac318 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1145.214091] RAX: ffffffffffffffda RBX: 00000000004cb408 RCX: 000000000044a329 [ 1145.222440] RDX: 0000000020000000 RSI: 0000000020000180 RDI: 0000000020000380 [ 1145.230531] RBP: 00000000004cb400 R08: 0000000000000000 R09: 0000000000000000 [ 1145.238544] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 1145.246697] R13: 00007fffdc4d335f R14: 00007f4c710ac400 R15: 0000000000022000 [ 1145.254062] INFO: task syz-executor784:7990 blocked for more than 140 seconds. [ 1145.262661] Not tainted 4.14.232-syzkaller #0 [ 1145.268433] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1145.277107] syz-executor784 D29920 7990 7972 0x00000004 [ 1145.282761] Call Trace: [ 1145.287187] __schedule+0x88b/0x1de0 [ 1145.290928] ? io_schedule_timeout+0x140/0x140 [ 1145.296747] ? lock_downgrade+0x740/0x740 [ 1145.300906] schedule+0x8d/0x1b0 [ 1145.305426] schedule_preempt_disabled+0xf/0x20 [ 1145.310103] __mutex_lock+0x669/0x1310 [ 1145.313995] ? mount_bdev+0x71/0x360 [ 1145.319243] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1145.325559] ? __blkdev_get+0x1090/0x1090 [ 1145.329710] ? mntput+0x5c/0x80 [ 1145.332989] ? lookup_bdev+0x8c/0x1c0 [ 1145.338928] ? bdev_read_only+0x6a/0x90 [ 1145.342918] mount_bdev+0x71/0x360 [ 1145.347666] ? udf_load_vrs+0xa90/0xa90 [ 1145.351644] mount_fs+0x92/0x2a0 [ 1145.356110] vfs_kern_mount.part.0+0x5b/0x470 [ 1145.360611] do_mount+0xe53/0x2a00 [ 1145.364148] ? lock_acquire+0x170/0x3f0 [ 1145.370381] ? lock_downgrade+0x740/0x740 [ 1145.375180] ? copy_mount_string+0x40/0x40 [ 1145.379474] ? __might_fault+0x177/0x1b0 [ 1145.383529] ? _copy_from_user+0x96/0x100 [ 1145.389194] ? copy_mount_options+0x1fa/0x2f0 [ 1145.393696] ? copy_mnt_ns+0xa30/0xa30 [ 1145.398634] SyS_mount+0xa8/0x120 [ 1145.402104] ? copy_mnt_ns+0xa30/0xa30 [ 1145.407153] do_syscall_64+0x1d5/0x640 [ 1145.411050] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1145.417357] RIP: 0033:0x44a329 [ 1145.420545] RSP: 002b:00007f4c710ac318 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1145.429340] RAX: ffffffffffffffda RBX: 00000000004cb408 RCX: 000000000044a329 [ 1145.437341] RDX: 0000000020000000 RSI: 0000000020000180 RDI: 0000000020000380 [ 1145.445273] RBP: 00000000004cb400 R08: 0000000000000000 R09: 0000000000000000 [ 1145.452556] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 1145.460981] R13: 00007fffdc4d335f R14: 00007f4c710ac400 R15: 0000000000022000 [ 1145.469857] INFO: task syz-executor784:7991 blocked for more than 140 seconds. [ 1145.478091] Not tainted 4.14.232-syzkaller #0 [ 1145.483109] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1145.492407] syz-executor784 D29920 7991 7976 0x00000004 [ 1145.499246] Call Trace: [ 1145.501864] __schedule+0x88b/0x1de0 [ 1145.506765] ? io_schedule_timeout+0x140/0x140 [ 1145.511358] ? lock_downgrade+0x740/0x740 [ 1145.516991] schedule+0x8d/0x1b0 [ 1145.520553] schedule_preempt_disabled+0xf/0x20 [ 1145.526423] __mutex_lock+0x669/0x1310 [ 1145.530319] ? mount_bdev+0x71/0x360 [ 1145.534050] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1145.541179] ? __blkdev_get+0x1090/0x1090 [ 1145.546049] ? mntput+0x5c/0x80 [ 1145.549335] ? lookup_bdev+0x8c/0x1c0 [ 1145.553153] ? bdev_read_only+0x6a/0x90 [ 1145.559745] mount_bdev+0x71/0x360 [ 1145.563290] ? udf_load_vrs+0xa90/0xa90 [ 1145.568373] mount_fs+0x92/0x2a0 [ 1145.571758] vfs_kern_mount.part.0+0x5b/0x470 [ 1145.577371] do_mount+0xe53/0x2a00 [ 1145.580919] ? lock_acquire+0x170/0x3f0 [ 1145.585971] ? lock_downgrade+0x740/0x740 [ 1145.590147] ? copy_mount_string+0x40/0x40 [ 1145.596121] ? __might_fault+0x177/0x1b0 [ 1145.600191] ? _copy_from_user+0x96/0x100 [ 1145.605473] ? copy_mount_options+0x1fa/0x2f0 [ 1145.609972] ? copy_mnt_ns+0xa30/0xa30 [ 1145.613855] SyS_mount+0xa8/0x120 [ 1145.618846] ? copy_mnt_ns+0xa30/0xa30 [ 1145.622745] do_syscall_64+0x1d5/0x640 [ 1145.627910] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1145.633104] RIP: 0033:0x44a329 [ 1145.637362] RSP: 002b:00007f4c710ac318 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1145.645923] RAX: ffffffffffffffda RBX: 00000000004cb408 RCX: 000000000044a329 [ 1145.653224] RDX: 0000000020000000 RSI: 0000000020000180 RDI: 0000000020000380 [ 1145.661692] RBP: 00000000004cb400 R08: 0000000000000000 R09: 0000000000000000 [ 1145.669728] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 1145.677740] R13: 00007fffdc4d335f R14: 00007f4c710ac400 R15: 0000000000022000 [ 1145.685960] INFO: task syz-executor784:7989 blocked for more than 140 seconds. [ 1145.693361] Not tainted 4.14.232-syzkaller #0 [ 1145.699632] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1145.708325] syz-executor784 D29920 7989 7974 0x00000004 [ 1145.713977] Call Trace: [ 1145.718296] __schedule+0x88b/0x1de0 [ 1145.722128] ? io_schedule_timeout+0x140/0x140 [ 1145.728740] ? lock_downgrade+0x740/0x740 [ 1145.732916] schedule+0x8d/0x1b0 [ 1145.737461] schedule_preempt_disabled+0xf/0x20 [ 1145.742138] __mutex_lock+0x669/0x1310 [ 1145.747377] ? mount_bdev+0x71/0x360 [ 1145.751096] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1145.758582] ? __blkdev_get+0x1090/0x1090 [ 1145.762743] ? mntput+0x5c/0x80 [ 1145.767141] ? lookup_bdev+0x8c/0x1c0 [ 1145.770952] ? bdev_read_only+0x6a/0x90 [ 1145.775994] mount_bdev+0x71/0x360 [ 1145.779546] ? udf_load_vrs+0xa90/0xa90 [ 1145.783512] mount_fs+0x92/0x2a0 [ 1145.788494] vfs_kern_mount.part.0+0x5b/0x470 [ 1145.793095] do_mount+0xe53/0x2a00 [ 1145.797830] ? lock_acquire+0x170/0x3f0 [ 1145.801813] ? lock_downgrade+0x740/0x740 [ 1145.807173] ? copy_mount_string+0x40/0x40 [ 1145.811415] ? __might_fault+0x177/0x1b0 [ 1145.816523] ? _copy_from_user+0x96/0x100 [ 1145.820680] ? copy_mount_options+0x1fa/0x2f0 [ 1145.826496] ? copy_mnt_ns+0xa30/0xa30 [ 1145.830393] SyS_mount+0xa8/0x120 [ 1145.833837] ? copy_mnt_ns+0xa30/0xa30 [ 1145.839245] do_syscall_64+0x1d5/0x640 [ 1145.843141] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1145.849458] RIP: 0033:0x44a329 [ 1145.852651] RSP: 002b:00007f4c710ac318 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1145.862027] RAX: ffffffffffffffda RBX: 00000000004cb408 RCX: 000000000044a329 [ 1145.870028] RDX: 0000000020000000 RSI: 0000000020000180 RDI: 0000000020000380 [ 1145.878007] RBP: 00000000004cb400 R08: 0000000000000000 R09: 0000000000000000 [ 1145.886313] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 1145.893602] R13: 00007fffdc4d335f R14: 00007f4c710ac400 R15: 0000000000022000 [ 1145.902083] [ 1145.902083] Showing all locks held in the system: [ 1145.909422] 1 lock held by khungtaskd/1533: [ 1145.913839] #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7c/0x21a [ 1145.922970] 1 lock held by syz-executor784/7986: [ 1145.927779] #0: (&bdev->bd_fsfreeze_mutex){+.+.}, at: [] mount_bdev+0x71/0x360 [ 1145.937204] 2 locks held by syz-executor784/7982: [ 1145.942034] #0: (&bdev->bd_fsfreeze_mutex){+.+.}, at: [] mount_bdev+0x71/0x360 [ 1145.951217] #1: (&type->s_umount_key#47){+.+.}, at: [] grab_super+0x55/0x140 [ 1145.960249] 1 lock held by syz-executor784/7990: [ 1145.965033] #0: (&bdev->bd_fsfreeze_mutex){+.+.}, at: [] mount_bdev+0x71/0x360 [ 1145.974152] 1 lock held by syz-executor784/7991: [ 1145.978933] #0: (&bdev->bd_fsfreeze_mutex){+.+.}, at: [] mount_bdev+0x71/0x360 [ 1145.988100] 1 lock held by syz-executor784/7989: [ 1145.992845] #0: (&bdev->bd_fsfreeze_mutex){+.+.}, at: [] mount_bdev+0x71/0x360 [ 1146.002204] [ 1146.003827] ============================================= [ 1146.003827] [ 1146.012690] NMI backtrace for cpu 0 [ 1146.016399] CPU: 0 PID: 1533 Comm: khungtaskd Not tainted 4.14.232-syzkaller #0 [ 1146.023846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1146.033193] Call Trace: [ 1146.035800] dump_stack+0x1b2/0x281 [ 1146.039426] nmi_cpu_backtrace.cold+0x57/0x93 [ 1146.043924] ? irq_force_complete_move+0x350/0x350 [ 1146.048856] nmi_trigger_cpumask_backtrace+0x13a/0x180 [ 1146.054132] watchdog+0x5b9/0xb40 [ 1146.057668] ? hungtask_pm_notify+0x50/0x50 [ 1146.061986] kthread+0x30d/0x420 [ 1146.065367] ? kthread_create_on_node+0xd0/0xd0 [ 1146.070029] ret_from_fork+0x24/0x30 [ 1146.073907] Sending NMI from CPU 0 to CPUs 1: [ 1146.078748] NMI backtrace for cpu 1 [ 1146.078753] CPU: 1 PID: 8 Comm: rcu_preempt Not tainted 4.14.232-syzkaller #0 [ 1146.078757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1146.078760] task: ffff8880b5414200 task.stack: ffff8880b5418000 [ 1146.078763] RIP: 0010:__sanitizer_cov_trace_pc+0xe/0x50 [ 1146.078766] RSP: 0018:ffff8880b541fc70 EFLAGS: 00000286 [ 1146.078771] RAX: ffff8880b5414200 RBX: ffff8880b541fd18 RCX: 0000000000000000 [ 1146.078775] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000297 [ 1146.078778] RBP: ffff8880b541fd48 R08: ffffffff8b9b3610 R09: 0000000000000000 [ 1146.078782] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000297 [ 1146.078785] R13: ffff8880ba522ac0 R14: ffff8880b541fd18 R15: 0000000000000001 [ 1146.078789] FS: 0000000000000000(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 [ 1146.078792] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1146.078795] CR2: 00007fa8c3dad000 CR3: 00000000b0219000 CR4: 00000000001406e0 [ 1146.078799] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1146.078802] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1146.078804] Call Trace: [ 1146.078807] del_timer_sync+0x174/0x240 [ 1146.078809] schedule_timeout+0x4b7/0xe90 [ 1146.078812] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1146.078814] ? usleep_range+0x130/0x130 [ 1146.078817] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1146.078820] ? prepare_to_swait+0x115/0x2a0 [ 1146.078822] ? run_timer_softirq+0x5a0/0x5a0 [ 1146.078825] rcu_gp_kthread+0xc0a/0x1e60 [ 1146.078827] ? force_qs_rnp+0x4f0/0x4f0 [ 1146.078830] ? force_qs_rnp+0x4f0/0x4f0 [ 1146.078832] kthread+0x30d/0x420 [ 1146.078834] ? kthread_create_on_node+0xd0/0xd0 [ 1146.078837] ret_from_fork+0x24/0x30 [ 1146.078838] Code: ff 4c 89 e7 e8 44 a5 29 00 e9 2c fe ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 65 48 8b 04 25 80 df 01 00 48 85 c0 74 1a <65> 8b 15 8b b9 ac 7e 81 e2 00 01 1f 00 75 0b 8b 90 58 13 00 00 [ 1146.080295] Kernel panic - not syncing: hung_task: blocked tasks [ 1146.271408] CPU: 0 PID: 1533 Comm: khungtaskd Not tainted 4.14.232-syzkaller #0 [ 1146.278841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1146.288185] Call Trace: [ 1146.290774] dump_stack+0x1b2/0x281 [ 1146.294396] panic+0x1f9/0x42d [ 1146.297577] ? add_taint.cold+0x16/0x16 [ 1146.301550] watchdog+0x5ca/0xb40 [ 1146.304998] ? hungtask_pm_notify+0x50/0x50 [ 1146.309321] kthread+0x30d/0x420 [ 1146.312682] ? kthread_create_on_node+0xd0/0xd0 [ 1146.317353] ret_from_fork+0x24/0x30 [ 1146.321786] Kernel Offset: disabled [ 1146.325400] Rebooting in 86400 seconds..