[....] Starting enhanced syslogd: rsyslogd[ 14.100282] audit: type=1400 audit(1572873793.057:4): avc: denied { syslog } for pid=1917 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.38' (ECDSA) to the list of known hosts. 2019/11/04 13:23:24 fuzzer started 2019/11/04 13:23:26 dialing manager at 10.128.0.26:46017 2019/11/04 13:23:27 syscalls: 1350 2019/11/04 13:23:27 code coverage: enabled 2019/11/04 13:23:27 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/11/04 13:23:27 extra coverage: extra coverage is not supported by the kernel 2019/11/04 13:23:27 setuid sandbox: enabled 2019/11/04 13:23:27 namespace sandbox: enabled 2019/11/04 13:23:27 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/04 13:23:27 fault injection: kernel does not have systematic fault injection support 2019/11/04 13:23:27 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/04 13:23:27 net packet injection: enabled 2019/11/04 13:23:27 net device setup: enabled 2019/11/04 13:23:27 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/11/04 13:23:27 devlink PCI setup: PCI device 0000:00:10.0 is not available 13:23:40 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKROTATIONAL(r0, 0x127e, &(0x7f0000000040)) 13:23:40 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781500000000f601000800000007000000402c110000000000090000000000000000385a58000000000000000000000000000001000a000000000000000000000040000000bd02000000"], 0x60) 13:23:40 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) ioctl$sock_SIOCSIFBR(r1, 0x8941, &(0x7f0000000140)=@get={0x1, &(0x7f0000000380)=""/171, 0x5}) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) mkdir(&(0x7f0000000300)='./file0/bus\x00', 0x100) r4 = open$dir(&(0x7f0000000080)='./bus\x00', 0x40000, 0x0) getdents64(r4, &(0x7f0000000100)=""/70, 0x46) write$FUSE_NOTIFY_POLL(r3, &(0x7f0000000580)={0x18, 0x1, 0x0, {0x2}}, 0x11) write$cgroup_int(r3, &(0x7f0000000140)=0x3, 0x12) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000480)='./bus\x00', 0x0) fcntl$setstatus(r6, 0x4, 0x6100) truncate(&(0x7f00000000c0)='./bus\x00', 0xa00) r7 = open(&(0x7f0000000340)='./bus\x00', 0x80006002, 0x2) socket$unix(0x1, 0x1, 0x0) lseek(r6, 0x0, 0x2) sendfile(r6, r7, 0x0, 0xfffffffffffffffc) sendfile(r6, r7, &(0x7f0000000040), 0x8000fffffffe) mkdirat(r3, 0x0, 0x18) r8 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000600)='/selinux/policy\x00', 0x0, 0x0) r9 = creat(&(0x7f0000000180)='./file0/bus\x00', 0xbc9dc8fbd81cb4b5) ftruncate(r9, 0x0) r10 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0) ioctl$EVIOCGLED(r10, 0x80404519, &(0x7f0000000080)=""/7) ioctl$TIOCLINUX4(r10, 0x541c, &(0x7f0000000240)) pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_tcp_int(r10, 0x6, 0x7, &(0x7f00000003c0)=0x5, 0x4) getsockopt$inet_pktinfo(r11, 0x0, 0x8, &(0x7f00000000c0)={0x0, @local, @initdev}, &(0x7f0000000140)=0xc) setsockopt$packet_add_memb(r10, 0x107, 0x1, &(0x7f0000000580)={r12, 0x1, 0x6, @local}, 0x10) setsockopt$packet_drop_memb(r9, 0x107, 0x2, &(0x7f0000000000)={r12, 0x1, 0x6, @broadcast}, 0x10) ioctl$sock_inet6_SIOCSIFDSTADDR(r8, 0x8918, &(0x7f0000000180)={@remote, 0xbc, r12}) ioctl$PIO_UNIMAPCLR(r2, 0x4b68, &(0x7f00000001c0)={0x0, 0x7675, 0x4}) fstat(r6, &(0x7f0000000500)) 13:23:40 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x3d, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0x28) 13:23:40 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000240)='.^\x00', 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, "1c69ab0d058b1b678397214eec9ff0d0cc8773ebb2cfd89b0252317a845d3df759d280ad530ff887d31ed8f9bf42b889fadb99a5defc79bd6b2023939c49224f", "e9af2deca424f1d69c3cef2acc10d15cae4da1bf9b1c974dd2de2185a2ae81bbcb58ebaa0b202596b0b84f59798e42bca13b7dd7218fcb5e75d1d7299ff17955", "804c0e6791e9da90dce632e1e4efa40c25402952a8dd77a5bf0805cfc3425350"}) ioctl$LOOP_CLR_FD(r0, 0x4c01) 13:23:40 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='fdinfo\x00') exit(0x0) getdents64(r0, 0x0, 0x3b9) 13:23:41 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKROTATIONAL(r0, 0x127e, &(0x7f0000000040)) 13:23:41 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKROTATIONAL(r0, 0x127e, &(0x7f0000000040)) 13:23:41 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781500000000f601000800000007000000402c110000000000090000000000000000385a58000000000000000000000000000001000a000000000000000000000040000000bd02000000"], 0x60) 13:23:41 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKROTATIONAL(r0, 0x127e, &(0x7f0000000040)) syzkaller login: [ 42.836250] SELinux: mls: error reading low categories 13:23:41 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781500000000f601000800000007000000402c110000000000090000000000000000385a58000000000000000000000000000001000a000000000000000000000040000000bd02000000"], 0x60) 13:23:41 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x2003) [ 42.895773] SELinux: mls: error reading low categories 13:23:41 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x2003) 13:23:41 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781500000000f601000800000007000000402c110000000000090000000000000000385a58000000000000000000000000000001000a000000000000000000000040000000bd02000000"], 0x60) [ 42.954931] SELinux: mls: error reading low categories [ 43.076181] SELinux: mls: error reading low categories [ 43.198082] loop_reread_partitions: partition scan of loop0 (i« ‹gƒ—!NìŸðÐ̇së²ÏØ›R1z„]=÷YÒ€­Sø‡ÓØù¿B¸‰úÛ™¥Þüy½k #“œI") failed (rc=-13) [ 43.249477] loop_reread_partitions: partition scan of loop0 () failed (rc=-13) [ 43.287827] loop_reread_partitions: partition scan of loop0 (i« ‹gƒ—!NìŸðÐ̇së²ÏØ›R1z„]=÷YÒ€­Sø‡ÓØù¿B¸‰úÛ™¥Þüy½k #“œI") failed (rc=-13) 13:23:43 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) ioctl$sock_SIOCSIFBR(r1, 0x8941, &(0x7f0000000140)=@get={0x1, &(0x7f0000000380)=""/171, 0x5}) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) mkdir(&(0x7f0000000300)='./file0/bus\x00', 0x100) r4 = open$dir(&(0x7f0000000080)='./bus\x00', 0x40000, 0x0) getdents64(r4, &(0x7f0000000100)=""/70, 0x46) write$FUSE_NOTIFY_POLL(r3, &(0x7f0000000580)={0x18, 0x1, 0x0, {0x2}}, 0x11) write$cgroup_int(r3, &(0x7f0000000140)=0x3, 0x12) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000480)='./bus\x00', 0x0) fcntl$setstatus(r6, 0x4, 0x6100) truncate(&(0x7f00000000c0)='./bus\x00', 0xa00) r7 = open(&(0x7f0000000340)='./bus\x00', 0x80006002, 0x2) socket$unix(0x1, 0x1, 0x0) lseek(r6, 0x0, 0x2) sendfile(r6, r7, 0x0, 0xfffffffffffffffc) sendfile(r6, r7, &(0x7f0000000040), 0x8000fffffffe) mkdirat(r3, 0x0, 0x18) r8 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000600)='/selinux/policy\x00', 0x0, 0x0) r9 = creat(&(0x7f0000000180)='./file0/bus\x00', 0xbc9dc8fbd81cb4b5) ftruncate(r9, 0x0) r10 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0) ioctl$EVIOCGLED(r10, 0x80404519, &(0x7f0000000080)=""/7) ioctl$TIOCLINUX4(r10, 0x541c, &(0x7f0000000240)) pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_tcp_int(r10, 0x6, 0x7, &(0x7f00000003c0)=0x5, 0x4) getsockopt$inet_pktinfo(r11, 0x0, 0x8, &(0x7f00000000c0)={0x0, @local, @initdev}, &(0x7f0000000140)=0xc) setsockopt$packet_add_memb(r10, 0x107, 0x1, &(0x7f0000000580)={r12, 0x1, 0x6, @local}, 0x10) setsockopt$packet_drop_memb(r9, 0x107, 0x2, &(0x7f0000000000)={r12, 0x1, 0x6, @broadcast}, 0x10) ioctl$sock_inet6_SIOCSIFDSTADDR(r8, 0x8918, &(0x7f0000000180)={@remote, 0xbc, r12}) ioctl$PIO_UNIMAPCLR(r2, 0x4b68, &(0x7f00000001c0)={0x0, 0x7675, 0x4}) fstat(r6, &(0x7f0000000500)) 13:23:43 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x2003) 13:23:43 executing program 1: r0 = socket(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x400000000003b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet6_opts(r0, 0x29, 0x3b, 0x0, &(0x7f0000000100)) 13:23:43 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x3d, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0x28) 13:23:43 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000240)='.^\x00', 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, "1c69ab0d058b1b678397214eec9ff0d0cc8773ebb2cfd89b0252317a845d3df759d280ad530ff887d31ed8f9bf42b889fadb99a5defc79bd6b2023939c49224f", "e9af2deca424f1d69c3cef2acc10d15cae4da1bf9b1c974dd2de2185a2ae81bbcb58ebaa0b202596b0b84f59798e42bca13b7dd7218fcb5e75d1d7299ff17955", "804c0e6791e9da90dce632e1e4efa40c25402952a8dd77a5bf0805cfc3425350"}) ioctl$LOOP_CLR_FD(r0, 0x4c01) 13:23:43 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='fdinfo\x00') exit(0x0) getdents64(r0, 0x0, 0x3b9) 13:23:43 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x3d, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0x28) 13:23:43 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x2003) 13:23:43 executing program 1: r0 = socket(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x400000000003b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet6_opts(r0, 0x29, 0x3b, 0x0, &(0x7f0000000100)) 13:23:43 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x3d, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0x28) 13:23:43 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='fdinfo\x00') exit(0x0) getdents64(r0, 0x0, 0x3b9) 13:23:43 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) ioctl$sock_SIOCSIFBR(r1, 0x8941, &(0x7f0000000140)=@get={0x1, &(0x7f0000000380)=""/171, 0x5}) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) mkdir(&(0x7f0000000300)='./file0/bus\x00', 0x100) r4 = open$dir(&(0x7f0000000080)='./bus\x00', 0x40000, 0x0) getdents64(r4, &(0x7f0000000100)=""/70, 0x46) write$FUSE_NOTIFY_POLL(r3, &(0x7f0000000580)={0x18, 0x1, 0x0, {0x2}}, 0x11) write$cgroup_int(r3, &(0x7f0000000140)=0x3, 0x12) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000480)='./bus\x00', 0x0) fcntl$setstatus(r6, 0x4, 0x6100) truncate(&(0x7f00000000c0)='./bus\x00', 0xa00) r7 = open(&(0x7f0000000340)='./bus\x00', 0x80006002, 0x2) socket$unix(0x1, 0x1, 0x0) lseek(r6, 0x0, 0x2) sendfile(r6, r7, 0x0, 0xfffffffffffffffc) sendfile(r6, r7, &(0x7f0000000040), 0x8000fffffffe) mkdirat(r3, 0x0, 0x18) r8 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000600)='/selinux/policy\x00', 0x0, 0x0) r9 = creat(&(0x7f0000000180)='./file0/bus\x00', 0xbc9dc8fbd81cb4b5) ftruncate(r9, 0x0) r10 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0) ioctl$EVIOCGLED(r10, 0x80404519, &(0x7f0000000080)=""/7) ioctl$TIOCLINUX4(r10, 0x541c, &(0x7f0000000240)) pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_tcp_int(r10, 0x6, 0x7, &(0x7f00000003c0)=0x5, 0x4) getsockopt$inet_pktinfo(r11, 0x0, 0x8, &(0x7f00000000c0)={0x0, @local, @initdev}, &(0x7f0000000140)=0xc) setsockopt$packet_add_memb(r10, 0x107, 0x1, &(0x7f0000000580)={r12, 0x1, 0x6, @local}, 0x10) setsockopt$packet_drop_memb(r9, 0x107, 0x2, &(0x7f0000000000)={r12, 0x1, 0x6, @broadcast}, 0x10) ioctl$sock_inet6_SIOCSIFDSTADDR(r8, 0x8918, &(0x7f0000000180)={@remote, 0xbc, r12}) ioctl$PIO_UNIMAPCLR(r2, 0x4b68, &(0x7f00000001c0)={0x0, 0x7675, 0x4}) fstat(r6, &(0x7f0000000500)) INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes [ 281.637784] INFO: task syz-executor.0:2096 blocked for more than 140 seconds. [ 281.645123] Not tainted 4.4.174+ #17 [ 281.649389] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 281.657378] syz-executor.0 D ffff8800aba0f9c8 24688 2096 1 0x20020004 [ 281.664885] ffff8800aba0f9c8 ffff8800b38f97c0 47b156c57504ba2e ffff8800b38f97c0 [ 281.672919] 0000000000000000 ffff8800b38fa000 ffff8801db71f180 ffff8801db71f1a8 [ 281.680964] ffff8801db71e898 ffff8800b38f8000 ffff8800b38f97c0 ffffed0015741001 [ 281.688995] Call Trace: [ 281.691561] [] schedule+0x99/0x1d0 [ 281.696741] [] schedule_preempt_disabled+0x13/0x20 [ 281.703332] [] mutex_lock_nested+0x3c2/0xb80 [ 281.709407] [] ? lo_ioctl+0x85/0x1a70 [ 281.714845] [] ? quarantine_put+0xda/0x180 [ 281.720736] [] ? mutex_trylock+0x500/0x500 [ 281.726620] [] ? trace_hardirqs_on+0xd/0x10 [ 281.732600] [] lo_ioctl+0x85/0x1a70 [ 281.737875] [] ? compat_SyS_open+0x2a/0x40 [ 281.743736] [] ? do_fast_syscall_32+0x32d/0xa90 [ 281.750127] [] ? sysenter_flags_fixed+0xd/0x1a [ 281.756349] [] lo_compat_ioctl+0xad/0x140 [ 281.762153] [] ? lo_ioctl+0x1a70/0x1a70 [ 281.767779] [] compat_blkdev_ioctl+0xca0/0x344f [ 281.774087] [] ? cfq_merged_request+0x100/0x100 [ 281.780407] [] ? get_unused_fd_flags+0xd0/0xd0 [ 281.786632] [] ? security_file_ioctl+0x8f/0xc0 [ 281.792883] [] ? cfq_merged_request+0x100/0x100 [ 281.799233] [] compat_SyS_ioctl+0x403/0x2210 [ 281.805302] [] ? compat_SyS_ppoll+0x3d0/0x3d0 [ 281.811469] [] ? putname+0xe0/0x120 [ 281.816744] [] ? do_sys_open+0x237/0x600 [ 281.822464] [] ? filp_open+0x70/0x70 [ 281.827842] [] ? SyS_mkdirat+0x164/0x250 [ 281.833535] [] ? SyS_mknod+0x40/0x40 [ 281.838897] [] ? do_fast_syscall_32+0xd6/0xa90 [ 281.845115] [] ? compat_SyS_ppoll+0x3d0/0x3d0 [ 281.851275] [] do_fast_syscall_32+0x32d/0xa90 [ 281.857405] [] sysenter_flags_fixed+0xd/0x1a [ 281.863475] 1 lock held by syz-executor.0/2096: [ 281.868141] #0: (loop_ctl_mutex/1){+.+.+.}, at: [] lo_ioctl+0x85/0x1a70 [ 281.877361] Sending NMI to all CPUs: [ 281.881375] NMI backtrace for cpu 0 [ 281.884984] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.4.174+ #17 [ 281.891317] task: ffffffff82e151c0 task.stack: ffffffff82e00000 [ 281.897356] RIP: 0010:[] [] native_safe_halt+0x2/0x10 [ 281.905770] RSP: 0018:ffffffff82e07db0 EFLAGS: 00000246 [ 281.911219] RAX: 0000000000000007 RBX: ffffffff8319bf68 RCX: 0000000000000000 [ 281.918487] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffffff82e15a84 [ 281.925753] RBP: ffffffff82e07de0 R08: 0000000000000000 R09: 0000000000000000 [ 281.933036] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 281.940310] R13: ffffffff82e08000 R14: dffffc0000000000 R15: ffffffff82e00000 [ 281.947567] FS: 0000000000000000(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000 [ 281.955791] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 281.961681] CR2: 000000c42402d000 CR3: 00000001d777d000 CR4: 00000000001606b0 [ 281.968950] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 281.976294] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 281.983578] Stack: [ 281.985729] ffffffff81020b16 ffffffff82e00000 0000000000000000 ffffffff82e08000 [ 281.993627] dffffc0000000000 ffffffff82e00000 ffffffff82e07df0 ffffffff81022d50 [ 282.001162] ffffffff82e07e08 ffffffff811eb4c8 0000000000000000 ffffffff82e07ed0 [ 282.008690] Call Trace: [ 282.011254] [] ? default_idle+0x56/0x3d0 [ 282.017006] [] arch_cpu_idle+0x10/0x20 [ 282.022599] [] default_idle_call+0x48/0x70 [ 282.028493] [] cpu_startup_entry+0x6d1/0x810 [ 282.034525] [] ? complete+0x18/0x70 [ 282.039807] [] ? call_cpuidle+0xe0/0xe0 [ 282.045413] [] ? schedule+0xab/0x1d0 [ 282.050786] [] rest_init+0x190/0x199 [ 282.056129] [] ? trace_event_define_fields_x86_irq_vector+0x2c/0x2c [ 282.064274] [] start_kernel+0x64a/0x67e [ 282.069894] [] ? thread_stack_cache_init+0xb/0xb [ 282.076269] [] ? early_idt_handler_array+0x120/0x120 [ 282.083015] [] ? early_idt_handler_array+0x120/0x120 [ 282.089761] [] x86_64_start_reservations+0x29/0x2b [ 282.096313] [] x86_64_start_kernel+0x137/0x15a [ 282.102545] Code: 2e 0f 1f 84 00 00 00 00 00 fa c3 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 fb c3 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 fb f4 0f 1f 00 66 2e 0f 1f 84 00 00 00 00 00 f4 c3 0f 1f 40 00 66 [ 282.121554] NMI backtrace for cpu 1 [ 282.125163] CPU: 1 PID: 20 Comm: khungtaskd Not tainted 4.4.174+ #17 [ 282.131663] task: ffff8801da6f4740 task.stack: ffff8800001d0000 [ 282.137716] RIP: 0010:[] [] flat_send_IPI_mask+0xf7/0x1b0 [ 282.146438] RSP: 0018:ffff8800001d7c88 EFLAGS: 00000046 [ 282.151887] RAX: 0000000000000000 RBX: 0000000000000c00 RCX: 0000000000000000 [ 282.159158] RDX: 0000000000000c00 RSI: 0000000000000000 RDI: ffffffffff5fc300 [ 282.166403] RBP: ffff8800001d7cb8 R08: 0000000000000018 R09: 0000000000000000 [ 282.173780] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000246 [ 282.181059] R13: 0000000003000000 R14: ffffffff82e5f2e0 R15: 0000000000000002 [ 282.188334] FS: 0000000000000000(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000 [ 282.196547] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 282.202441] CR2: 000000c423f2b000 CR3: 00000000b894c000 CR4: 00000000001606b0 [ 282.209709] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 282.216956] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 282.224239] Stack: [ 282.226368] 0000000000000001 ffffffff82e5f2e0 ffffffff831a6ac0 fffffbfff0634c34 [ 282.233904] 000000000001b6c0 0000000000000008 ffff8800001d7cd8 ffffffff81092bee [ 282.241438] 0000000000000008 ffffffff82924260 ffff8800001d7d30 ffffffff81ab8252 [ 282.250109] Call Trace: [ 282.252672] [] nmi_raise_cpu_backtrace+0x5e/0x80 [ 282.259075] [] nmi_trigger_all_cpu_backtrace.cold+0xa1/0xae [ 282.266415] [] ? print_lock+0xa8/0xab [ 282.271878] [] ? irq_force_complete_move+0x330/0x330 [ 282.278622] [] arch_trigger_all_cpu_backtrace+0x14/0x20 [ 282.285606] [] watchdog.cold+0xd3/0xee [ 282.291166] [] ? watchdog+0xac/0xa00 [ 282.296542] [] ? reset_hung_task_detector+0x20/0x20 [ 282.303210] [] kthread+0x273/0x310 [ 282.308398] [] ? kthread_create_on_node+0x4c0/0x4c0 [ 282.315335] [] ? _raw_spin_unlock_irq+0x39/0x60 [ 282.321648] [] ? finish_task_switch+0x1e1/0x660 [ 282.327962] [] ? finish_task_switch+0x1b3/0x660 [ 282.334273] [] ? __schedule+0x7af/0x1ee0 [ 282.339999] [] ? __schedule+0x7a3/0x1ee0 [ 282.345689] [] ? __schedule+0x7af/0x1ee0 [ 282.351394] [] ? kthread_create_on_node+0x4c0/0x4c0 [ 282.358056] [] ret_from_fork+0x55/0x80 [ 282.363589] [] ? kthread_create_on_node+0x4c0/0x4c0 [ 282.370265] Code: 00 c3 5f ff 80 e6 10 75 e1 41 c1 e5 18 44 89 2c 25 10 c3 5f ff 44 89 fa 09 da 80 cf 04 41 83 ff 02 0f 44 d3 89 14 25 00 c3 5f ff <41> f7 c4 00 02 00 00 75 1e 4c 89 e7 57 9d 0f 1f 44 00 00 e8 f1 [ 282.389402] Kernel panic - not syncing: hung_task: blocked tasks [ 282.395559] CPU: 0 PID: 20 Comm: khungtaskd Not tainted 4.4.174+ #17 [ 282.402029] 0000000000000000 b35aa040d4febecf ffff8800001d7c60 ffffffff81aad1a1 [ 282.410072] ffff8800b38f97c0 ffffffff82872120 dffffc0000000000 0000000000000003 [ 282.418105] 00000000003fff99 ffff8800001d7d40 ffffffff813a48c2 0000000041b58ab3 [ 282.426152] Call Trace: [ 282.428735] [] dump_stack+0xc1/0x120 [ 282.434078] [] panic+0x1b9/0x37b [ 282.439190] [] ? add_taint.cold+0x16/0x16 [ 282.444964] [] ? nmi_trigger_all_cpu_backtrace+0x3e1/0x490 [ 282.452215] [] ? nmi_trigger_all_cpu_backtrace+0x3c6/0x490 [ 282.459480] [] ? nmi_trigger_all_cpu_backtrace+0x3c6/0x490 [ 282.466730] [] watchdog.cold+0xe4/0xee [ 282.472259] [] ? watchdog+0xac/0xa00 [ 282.477613] [] ? reset_hung_task_detector+0x20/0x20 [ 282.484273] [] kthread+0x273/0x310 [ 282.489437] [] ? kthread_create_on_node+0x4c0/0x4c0 [ 282.496079] [] ? _raw_spin_unlock_irq+0x39/0x60 [ 282.502385] [] ? finish_task_switch+0x1e1/0x660 [ 282.508691] [] ? finish_task_switch+0x1b3/0x660 [ 282.515005] [] ? __schedule+0x7af/0x1ee0 [ 282.520700] [] ? __schedule+0x7a3/0x1ee0 [ 282.526403] [] ? __schedule+0x7af/0x1ee0 [ 282.532090] [] ? kthread_create_on_node+0x4c0/0x4c0 [ 282.538729] [] ret_from_fork+0x55/0x80 [ 282.544240] [] ? kthread_create_on_node+0x4c0/0x4c0 [ 282.551383] Kernel Offset: disabled [ 282.555008] Rebooting in 86400 seconds..