[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.4' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 849.089285] block nbd0: shutting down sockets [ 1004.450806] INFO: task syz-executor114:8099 blocked for more than 140 seconds. [ 1004.458557] Not tainted 4.19.206-syzkaller #0 [ 1004.464255] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1004.472735] syz-executor114 D27064 8099 8088 0x00000004 [ 1004.478375] Call Trace: [ 1004.481469] __schedule+0x887/0x2040 [ 1004.485387] ? io_schedule_timeout+0x140/0x140 [ 1004.489958] schedule+0x8d/0x1b0 [ 1004.493784] io_schedule+0xb5/0x120 [ 1004.497422] wait_on_page_bit+0x2c5/0x3f0 [ 1004.501941] ? wake_page_function+0x1b0/0x1b0 [ 1004.506437] ? set_precision+0x160/0x160 [ 1004.510483] ? add_to_page_cache_lru+0x680/0x680 [ 1004.515696] ? pagecache_get_page+0x1c4/0xd50 [ 1004.520189] ? string+0x1bb/0x220 [ 1004.523994] do_read_cache_page+0x20a/0x1170 [ 1004.528401] ? blkdev_writepages+0x20/0x20 [ 1004.532979] read_dev_sector+0xbf/0x500 [ 1004.537041] ? adfspart_check_ADFS+0x8e0/0x8e0 [ 1004.541969] adfspart_check_ICS+0x114/0xe70 [ 1004.546364] ? adfspart_check_ADFS+0x8e0/0x8e0 [ 1004.551489] ? snprintf+0xbb/0xf0 [ 1004.554960] ? vsprintf+0x30/0x30 [ 1004.558436] ? _raw_spin_unlock+0x29/0x40 [ 1004.563061] ? __get_vm_area_node+0x2e2/0x3a0 [ 1004.567647] ? adfspart_check_ADFS+0x8e0/0x8e0 [ 1004.572568] check_partition+0x390/0x690 [ 1004.576692] rescan_partitions+0x1b5/0x970 [ 1004.581484] ? nbd_open+0x4cc/0x6f0 [ 1004.585113] ? nbd_add_socket+0x840/0x840 [ 1004.589269] bdev_disk_changed+0x179/0x1b0 [ 1004.593926] __blkdev_get+0x1282/0x1480 [ 1004.597907] ? bdev_disk_changed+0x1b0/0x1b0 [ 1004.603552] ? mark_held_locks+0xf0/0xf0 [ 1004.607783] ? mark_held_locks+0xf0/0xf0 [ 1004.612129] blkdev_get+0xb0/0x940 [ 1004.615670] ? bd_acquire+0x245/0x440 [ 1004.619454] ? __blkdev_get+0x1480/0x1480 [ 1004.624129] ? lock_downgrade+0x720/0x720 [ 1004.628287] ? lock_acquire+0x170/0x3c0 [ 1004.632591] ? bd_acquire+0x21/0x440 [ 1004.636312] ? do_raw_spin_unlock+0x171/0x230 [ 1004.641144] blkdev_open+0x202/0x290 [ 1004.644881] do_dentry_open+0x4aa/0x1160 [ 1004.649012] ? blkdev_get_by_dev+0x70/0x70 [ 1004.653663] ? chown_common+0x550/0x550 [ 1004.657706] ? inode_permission+0x3d/0x140 [ 1004.662294] path_openat+0x793/0x2df0 [ 1004.666103] ? path_lookupat+0x8d0/0x8d0 [ 1004.670174] ? do_anonymous_page+0x704/0x1be0 [ 1004.675037] ? mark_held_locks+0xf0/0xf0 [ 1004.679108] do_filp_open+0x18c/0x3f0 [ 1004.683264] ? may_open_dev+0xf0/0xf0 [ 1004.687210] ? lock_downgrade+0x720/0x720 [ 1004.691873] ? lock_acquire+0x170/0x3c0 [ 1004.696026] ? __alloc_fd+0x34/0x570 [ 1004.699738] ? do_raw_spin_unlock+0x171/0x230 [ 1004.704608] ? _raw_spin_unlock+0x29/0x40 [ 1004.708759] ? __alloc_fd+0x28d/0x570 [ 1004.712887] do_sys_open+0x3b3/0x520 [ 1004.716606] ? filp_open+0x70/0x70 [ 1004.720403] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1004.726247] ? trace_hardirqs_off_caller+0x6e/0x210 [ 1004.731507] ? do_syscall_64+0x21/0x620 [ 1004.735487] do_syscall_64+0xf9/0x620 [ 1004.739310] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1004.745186] RIP: 0033:0x406db4 [ 1004.748389] Code: Bad RIP value. [ 1004.752063] RSP: 002b:00007f6a216b6d50 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1004.759770] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000406db4 [ 1004.767363] RDX: 0000000000000000 RSI: 00007f6a216b6de0 RDI: 00000000ffffff9c [ 1004.774856] RBP: 00007f6a216b6de0 R08: 0000000000000000 R09: 002364626e2f7665 [ 1004.782475] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1004.789772] R13: 00007ffe65818f1f R14: 00007f6a216b7300 R15: 0000000000022000 [ 1004.797466] INFO: task syz-executor114:8100 blocked for more than 140 seconds. [ 1004.804918] Not tainted 4.19.206-syzkaller #0 [ 1004.809929] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1004.817954] syz-executor114 D28976 8100 8088 0x00000004 [ 1004.823656] Call Trace: [ 1004.826248] __schedule+0x887/0x2040 [ 1004.829952] ? io_schedule_timeout+0x140/0x140 [ 1004.834587] ? lock_downgrade+0x720/0x720 [ 1004.838736] ? __mutex_lock+0x415/0x1200 [ 1004.842871] schedule+0x8d/0x1b0 [ 1004.846327] schedule_preempt_disabled+0xf/0x20 [ 1004.851046] __mutex_lock+0x604/0x1200 [ 1004.854935] ? unwind_get_return_address+0x51/0x90 [ 1004.859846] ? __blkdev_get+0x1d0/0x1480 [ 1004.863975] ? mutex_trylock+0x1a0/0x1a0 [ 1004.868174] ? lock_downgrade+0x720/0x720 [ 1004.872388] ? lock_acquire+0x170/0x3c0 [ 1004.876362] ? get_gendisk+0x83/0x380 [ 1004.880150] ? disk_block_events+0x1d/0x130 [ 1004.884545] __blkdev_get+0x1d0/0x1480 [ 1004.888431] ? bdev_disk_changed+0x1b0/0x1b0 [ 1004.893770] ? mark_held_locks+0xf0/0xf0 [ 1004.897839] ? mark_held_locks+0xf0/0xf0 [ 1004.902105] blkdev_get+0xb0/0x940 [ 1004.905666] ? bd_acquire+0x245/0x440 [ 1004.909451] ? __blkdev_get+0x1480/0x1480 [ 1004.913650] ? lock_downgrade+0x720/0x720 [ 1004.917798] ? lock_acquire+0x170/0x3c0 [ 1004.921833] ? bd_acquire+0x21/0x440 [ 1004.925547] ? do_raw_spin_unlock+0x171/0x230 [ 1004.930030] blkdev_open+0x202/0x290 [ 1004.933796] do_dentry_open+0x4aa/0x1160 [ 1004.937860] ? blkdev_get_by_dev+0x70/0x70 [ 1004.942165] ? chown_common+0x550/0x550 [ 1004.946133] ? inode_permission+0x3d/0x140 [ 1004.950360] path_openat+0x793/0x2df0 [ 1004.954228] ? path_lookupat+0x8d0/0x8d0 [ 1004.958287] ? do_anonymous_page+0x704/0x1be0 [ 1004.962848] ? mark_held_locks+0xf0/0xf0 [ 1004.966918] ? mark_held_locks+0xf0/0xf0 [ 1004.971059] do_filp_open+0x18c/0x3f0 [ 1004.974862] ? may_open_dev+0xf0/0xf0 [ 1004.978648] ? lock_downgrade+0x720/0x720 [ 1004.982866] ? lock_acquire+0x170/0x3c0 [ 1004.986836] ? __alloc_fd+0x34/0x570 [ 1004.990620] ? do_raw_spin_unlock+0x171/0x230 [ 1004.995115] ? _raw_spin_unlock+0x29/0x40 [ 1004.999248] ? __alloc_fd+0x28d/0x570 [ 1005.003125] do_sys_open+0x3b3/0x520 [ 1005.006831] ? filp_open+0x70/0x70 [ 1005.010357] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1005.015774] ? trace_hardirqs_off_caller+0x6e/0x210 [ 1005.020879] ? do_syscall_64+0x21/0x620 [ 1005.024842] do_syscall_64+0xf9/0x620 [ 1005.028635] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1005.033872] RIP: 0033:0x406db4 [ 1005.037079] Code: Bad RIP value. [ 1005.040425] RSP: 002b:00007f6a21695d50 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1005.048203] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000406db4 [ 1005.055533] RDX: 0000000000000000 RSI: 00007f6a21695de0 RDI: 00000000ffffff9c [ 1005.062866] RBP: 00007f6a21695de0 R08: 0000000000000000 R09: 002364626e2f7665 [ 1005.070128] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1005.077450] R13: 00007ffe65818f1f R14: 00007f6a21696300 R15: 0000000000022000 [ 1005.084820] INFO: task syz-executor114:8101 blocked for more than 140 seconds. [ 1005.092308] Not tainted 4.19.206-syzkaller #0 [ 1005.097326] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1005.105376] syz-executor114 D28600 8101 8088 0x00000004 [ 1005.111275] Call Trace: [ 1005.113855] __schedule+0x887/0x2040 [ 1005.117556] ? io_schedule_timeout+0x140/0x140 [ 1005.122213] ? lock_downgrade+0x720/0x720 [ 1005.126360] ? __mutex_lock+0x415/0x1200 [ 1005.130416] schedule+0x8d/0x1b0 [ 1005.133827] schedule_preempt_disabled+0xf/0x20 [ 1005.138531] __mutex_lock+0x604/0x1200 [ 1005.142492] ? unwind_get_return_address+0x51/0x90 [ 1005.147434] ? __blkdev_get+0x1d0/0x1480 [ 1005.151571] ? mutex_trylock+0x1a0/0x1a0 [ 1005.155643] ? lock_downgrade+0x720/0x720 [ 1005.159783] ? lock_acquire+0x170/0x3c0 [ 1005.163832] ? get_gendisk+0x83/0x380 [ 1005.167839] ? disk_block_events+0x1d/0x130 [ 1005.172222] __blkdev_get+0x1d0/0x1480 [ 1005.176123] ? bdev_disk_changed+0x1b0/0x1b0 [ 1005.180616] ? mark_held_locks+0xf0/0xf0 [ 1005.184679] ? mark_held_locks+0xf0/0xf0 [ 1005.188724] blkdev_get+0xb0/0x940 [ 1005.192320] ? bd_acquire+0x245/0x440 [ 1005.196130] ? __blkdev_get+0x1480/0x1480 [ 1005.200277] ? lock_downgrade+0x720/0x720 [ 1005.204525] ? lock_acquire+0x170/0x3c0 [ 1005.208495] ? bd_acquire+0x21/0x440 [ 1005.212269] ? do_raw_spin_unlock+0x171/0x230 [ 1005.216767] blkdev_open+0x202/0x290 [ 1005.220470] do_dentry_open+0x4aa/0x1160 [ 1005.224619] ? blkdev_get_by_dev+0x70/0x70 [ 1005.228872] ? chown_common+0x550/0x550 [ 1005.232954] ? inode_permission+0x3d/0x140 [ 1005.237202] path_openat+0x793/0x2df0 [ 1005.241087] ? path_lookupat+0x8d0/0x8d0 [ 1005.245153] ? do_anonymous_page+0x704/0x1be0 [ 1005.249640] ? mark_held_locks+0xf0/0xf0 [ 1005.253764] ? mark_held_locks+0xf0/0xf0 [ 1005.257849] do_filp_open+0x18c/0x3f0 [ 1005.261722] ? may_open_dev+0xf0/0xf0 [ 1005.265528] ? lock_downgrade+0x720/0x720 [ 1005.269662] ? lock_acquire+0x170/0x3c0 [ 1005.273690] ? __alloc_fd+0x34/0x570 [ 1005.277414] ? do_raw_spin_unlock+0x171/0x230 [ 1005.281983] ? _raw_spin_unlock+0x29/0x40 [ 1005.286128] ? __alloc_fd+0x28d/0x570 [ 1005.289920] do_sys_open+0x3b3/0x520 [ 1005.293784] ? filp_open+0x70/0x70 [ 1005.297334] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1005.302781] ? trace_hardirqs_off_caller+0x6e/0x210 [ 1005.307802] ? do_syscall_64+0x21/0x620 [ 1005.312046] do_syscall_64+0xf9/0x620 [ 1005.315944] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1005.321353] RIP: 0033:0x406db4 [ 1005.324551] Code: Bad RIP value. [ 1005.328001] RSP: 002b:00007f6a21674d50 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1005.336322] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000406db4 [ 1005.343943] RDX: 0000000000000000 RSI: 00007f6a21674de0 RDI: 00000000ffffff9c [ 1005.351260] RBP: 00007f6a21674de0 R08: 0000000000000000 R09: 002364626e2f7665 [ 1005.358537] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1005.365888] R13: 00007ffe65818f1f R14: 00007f6a21675300 R15: 0000000000022000 [ 1005.373254] [ 1005.373254] Showing all locks held in the system: [ 1005.379575] 1 lock held by khungtaskd/1571: [ 1005.383971] #0: 00000000a92526b4 (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 [ 1005.392679] 1 lock held by in:imklog/7807: [ 1005.396923] #0: 000000004aa9779e (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 [ 1005.405012] 1 lock held by syz-executor114/8099: [ 1005.409765] #0: 000000009cf650ee (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x1d0/0x1480 [ 1005.418094] 1 lock held by syz-executor114/8100: [ 1005.422917] #0: 000000009cf650ee (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x1d0/0x1480 [ 1005.431349] 1 lock held by syz-executor114/8101: [ 1005.436129] #0: 000000009cf650ee (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x1d0/0x1480 [ 1005.444463] [ 1005.446083] ============================================= [ 1005.446083] [ 1005.453149] NMI backtrace for cpu 0 [ 1005.456957] CPU: 0 PID: 1571 Comm: khungtaskd Not tainted 4.19.206-syzkaller #0 [ 1005.464397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1005.473738] Call Trace: [ 1005.476337] dump_stack+0x1fc/0x2ef [ 1005.479953] nmi_cpu_backtrace.cold+0x63/0xa2 [ 1005.484449] ? lapic_can_unplug_cpu+0x80/0x80 [ 1005.489019] nmi_trigger_cpumask_backtrace+0x1a6/0x1f0 [ 1005.494284] watchdog+0x991/0xe60 [ 1005.497729] ? reset_hung_task_detector+0x30/0x30 [ 1005.502555] kthread+0x33f/0x460 [ 1005.505907] ? kthread_park+0x180/0x180 [ 1005.509954] ret_from_fork+0x24/0x30 [ 1005.513829] Sending NMI from CPU 0 to CPUs 1: [ 1005.518919] NMI backtrace for cpu 1 [ 1005.518926] CPU: 1 PID: 4694 Comm: systemd-journal Not tainted 4.19.206-syzkaller #0 [ 1005.518932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1005.518936] RIP: 0010:__orc_find+0x6/0xf0 [ 1005.518947] Code: 6e 00 e9 a7 fd ff ff e8 08 de 6e 00 e9 ea fc ff ff 48 8b 3c 24 e8 8a de 6e 00 e9 7b fe ff ff 90 90 90 90 90 41 57 89 d0 41 56 <41> 55 41 54 4c 8d 64 87 fc 55 53 48 83 ec 10 85 d2 0f 84 95 00 00 [ 1005.518952] RSP: 0018:ffff8880a0f979b8 EFLAGS: 00000012 [ 1005.518960] RAX: 0000000000000008 RBX: 1ffff110141f2f43 RCX: ffffffff810059f0 [ 1005.518965] RDX: 0000000000000008 RSI: ffffffff8b8cd332 RDI: ffffffff8b304eb0 [ 1005.518970] RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffff8b8cd332 [ 1005.518976] R10: ffff8880a0f97b5f R11: 0000000000074071 R12: ffff8880a0f97b48 [ 1005.518981] R13: ffff8880a0f97b35 R14: ffff8880a0f97b00 R15: ffffffff810059f0 [ 1005.518987] FS: 00007f4691df28c0(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 [ 1005.518991] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1005.518997] CR2: 00007f468f1d4000 CR3: 00000000a0fad000 CR4: 00000000001406e0 [ 1005.519002] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1005.519007] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1005.519010] Call Trace: [ 1005.519014] ? exit_to_usermode_loop+0x250/0x2a0 [ 1005.519018] unwind_next_frame+0x339/0x1400 [ 1005.519022] ? exit_to_usermode_loop+0x251/0x2a0 [ 1005.519026] ? deref_stack_reg+0x1d0/0x1d0 [ 1005.519030] ? __unwind_start+0x5b8/0x960 [ 1005.519034] ? unwind_next_frame+0x1400/0x1400 [ 1005.519037] ? exit_to_usermode_loop+0x251/0x2a0 [ 1005.519041] __save_stack_trace+0x9f/0x190 [ 1005.519045] ? exit_to_usermode_loop+0x251/0x2a0 [ 1005.519049] __kasan_slab_free+0x126/0x1f0 [ 1005.519052] ? kfree+0xcc/0x210 [ 1005.519056] ? apparmor_file_free_security+0x9a/0xd0 [ 1005.519060] ? security_file_free+0x3e/0x70 [ 1005.519064] ? __fput+0x42a/0x890 [ 1005.519067] ? task_work_run+0x148/0x1c0 [ 1005.519071] ? exit_to_usermode_loop+0x251/0x2a0 [ 1005.519075] ? kmem_cache_free+0x7f/0x260 [ 1005.519079] ? putname+0xe1/0x120 [ 1005.519083] ? do_sys_open+0x2ba/0x520 [ 1005.519086] ? do_syscall_64+0xf9/0x620 [ 1005.519091] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1005.519095] ? __lock_acquire+0x6de/0x3ff0 [ 1005.519099] ? debug_check_no_obj_freed+0x201/0x490 [ 1005.519103] ? lock_downgrade+0x720/0x720 [ 1005.519106] ? lock_acquire+0x170/0x3c0 [ 1005.519111] ? debug_check_no_obj_freed+0xb5/0x490 [ 1005.519114] ? trace_hardirqs_off+0x64/0x200 [ 1005.519119] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1005.519123] ? debug_check_no_obj_freed+0x201/0x490 [ 1005.519127] ? apparmor_file_free_security+0x9a/0xd0 [ 1005.519131] kfree+0xcc/0x210 [ 1005.519135] apparmor_file_free_security+0x9a/0xd0 [ 1005.519139] security_file_free+0x3e/0x70 [ 1005.519142] __fput+0x42a/0x890 [ 1005.519146] ? _raw_spin_unlock_irq+0x24/0x80 [ 1005.519149] task_work_run+0x148/0x1c0 [ 1005.519153] exit_to_usermode_loop+0x251/0x2a0 [ 1005.519157] do_syscall_64+0x538/0x620 [ 1005.519161] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1005.519165] RIP: 0033:0x7f4691381840 [ 1005.519176] Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24 [ 1005.519180] RSP: 002b:00007ffd29f02868 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 1005.519190] RAX: fffffffffffffffe RBX: 00007ffd29f02b70 RCX: 00007f4691381840 [ 1005.519195] RDX: 00000000000001a0 RSI: 0000000000080042 RDI: 0000565084a88300 [ 1005.519200] RBP: 000000000000000d R08: 0000000000000000 R09: 00000000ffffffff [ 1005.519206] R10: 0000000000000069 R11: 0000000000000246 R12: 00000000ffffffff [ 1005.519211] R13: 0000565084a84040 R14: 00007ffd29f02b30 R15: 0000565084a91470 [ 1005.519343] Kernel panic - not syncing: hung_task: blocked tasks [ 1005.885933] CPU: 0 PID: 1571 Comm: khungtaskd Not tainted 4.19.206-syzkaller #0 [ 1005.893617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1005.902949] Call Trace: [ 1005.905526] dump_stack+0x1fc/0x2ef [ 1005.909135] panic+0x26a/0x50e [ 1005.912396] ? __warn_printk+0xf3/0xf3 [ 1005.916268] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1005.921366] ? cpumask_next+0x3c/0x40 [ 1005.925150] ? printk_safe_flush+0xd6/0x120 [ 1005.929554] ? watchdog+0x991/0xe60 [ 1005.933168] ? nmi_trigger_cpumask_backtrace+0x15e/0x1f0 [ 1005.938603] watchdog+0x9a2/0xe60 [ 1005.942039] ? reset_hung_task_detector+0x30/0x30 [ 1005.946860] kthread+0x33f/0x460 [ 1005.950206] ? kthread_park+0x180/0x180 [ 1005.954162] ret_from_fork+0x24/0x30 [ 1005.958288] Kernel Offset: disabled [ 1005.961908] Rebooting in 86400 seconds..