[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.1' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 645.992481] INFO: task syz-executor938:8082 blocked for more than 140 seconds. [ 645.999972] Not tainted 4.19.211-syzkaller #0 [ 646.005531] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 646.013568] syz-executor938 D27952 8082 8080 0x00000004 [ 646.019189] Call Trace: [ 646.021768] __schedule+0x887/0x2040 [ 646.025535] ? io_schedule_timeout+0x140/0x140 [ 646.030119] ? mark_held_locks+0xa6/0xf0 [ 646.034233] ? rwsem_down_write_failed+0x3a5/0x760 [ 646.039160] schedule+0x8d/0x1b0 [ 646.042590] rwsem_down_write_failed+0x3aa/0x760 [ 646.047347] ? rwsem_down_read_failed_killable+0x580/0x580 [ 646.053015] ? rcu_nmi_exit+0xb3/0x180 [ 646.056903] ? retint_kernel+0x2d/0x2d [ 646.060778] ? __lock_acquire+0x2853/0x3ff0 [ 646.065164] call_rwsem_down_write_failed+0x13/0x20 [ 646.070187] ? __lock_acquire+0x2853/0x3ff0 [ 646.074561] down_write+0x4f/0x90 [ 646.078014] ? fuse_reverse_inval_entry+0xaa/0x660 [ 646.083003] fuse_reverse_inval_entry+0xaa/0x660 [ 646.087757] ? fuse_update_attributes+0xc0/0xc0 [ 646.092615] ? fuse_dev_do_write+0x24c7/0x2bc0 [ 646.097194] fuse_dev_do_write+0x251c/0x2bc0 [ 646.101584] ? futex_wait_queue_me+0x404/0x5e0 [ 646.106228] ? lock_acquire+0x170/0x3c0 [ 646.110198] ? mark_held_locks+0xf0/0xf0 [ 646.114320] ? fuse_dev_read+0x1f0/0x1f0 [ 646.118377] ? futex_wait+0x48e/0x610 [ 646.122175] ? lock_downgrade+0x720/0x720 [ 646.126400] ? check_preemption_disabled+0x41/0x280 [ 646.131403] ? check_preemption_disabled+0x41/0x280 [ 646.136470] ? aa_file_perm+0x417/0xd20 [ 646.140449] fuse_dev_write+0x153/0x1e0 [ 646.144490] ? fuse_dev_splice_write+0xa00/0xa00 [ 646.149240] ? do_futex+0x171/0x1880 [ 646.153007] ? ksys_mount+0xf4/0x130 [ 646.156723] ? __x64_sys_mount+0xba/0x150 [ 646.160861] ? do_syscall_64+0xf9/0x620 [ 646.164905] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 646.170290] ? iov_iter_init+0xb8/0x1d0 [ 646.174311] ? iov_iter_init+0xb8/0x1d0 [ 646.178312] __vfs_write+0x51b/0x770 [ 646.182097] ? kernel_read+0x110/0x110 [ 646.186070] ? security_file_permission+0x1c0/0x220 [ 646.191084] vfs_write+0x1f3/0x540 [ 646.194685] ksys_write+0x12b/0x2a0 [ 646.198314] ? __ia32_sys_read+0xb0/0xb0 [ 646.202431] ? trace_hardirqs_off_caller+0x6e/0x210 [ 646.207438] ? do_syscall_64+0x21/0x620 [ 646.211393] do_syscall_64+0xf9/0x620 [ 646.215242] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 646.220423] RIP: 0033:0x7fa76fb18b79 [ 646.224191] Code: Bad RIP value. [ 646.227546] RSP: 002b:00007fa76fac22f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 646.235290] RAX: ffffffffffffffda RBX: 00007fa76fb9a4a0 RCX: 00007fa76fb18b79 [ 646.242618] RDX: 0000000000000029 RSI: 00000000200043c0 RDI: 0000000000000003 [ 646.249870] RBP: 00007fa76fb672d4 R08: 0000000000000000 R09: 0000000000000000 [ 646.257178] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 646.264511] R13: 64695f70756f7267 R14: 2f30656c69662f2e R15: 00007fa76fb9a4a8 [ 646.271798] INFO: task syz-executor938:8085 blocked for more than 140 seconds. [ 646.279199] Not tainted 4.19.211-syzkaller #0 [ 646.284270] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 646.292276] syz-executor938 D28488 8085 8080 0x00000004 [ 646.297900] Call Trace: [ 646.300471] __schedule+0x887/0x2040 [ 646.304400] ? io_schedule_timeout+0x140/0x140 [ 646.308978] ? prepare_to_wait_exclusive+0x2d0/0x2d0 [ 646.314135] schedule+0x8d/0x1b0 [ 646.317498] request_wait_answer+0x3dc/0x750 [ 646.321888] ? flush_bg_queue+0x390/0x390 [ 646.326103] ? wait_woken+0x250/0x250 [ 646.329905] __fuse_request_send+0x123/0x1c0 [ 646.334366] fuse_simple_request+0x2e6/0x820 [ 646.338781] fuse_lookup_name+0x24c/0x5c0 [ 646.342987] ? fuse_lock_inode+0xaf/0xe0 [ 646.347041] ? fuse_readdir+0x12f0/0x12f0 [ 646.351185] fuse_lookup+0xdf/0x410 [ 646.354874] ? fuse_lookup_name+0x5c0/0x5c0 [ 646.359198] ? d_alloc+0x1b7/0x230 [ 646.362937] ? do_raw_spin_unlock+0x171/0x230 [ 646.367434] ? _raw_spin_unlock+0x29/0x40 [ 646.371570] ? d_alloc+0x1bc/0x230 [ 646.375170] __lookup_hash+0x117/0x180 [ 646.379114] filename_create+0x186/0x490 [ 646.383241] ? kern_path_mountpoint+0x40/0x40 [ 646.387754] ? strncpy_from_user+0x2a2/0x350 [ 646.392229] ? getname_flags+0x25b/0x590 [ 646.396286] do_mkdirat+0xa0/0x2d0 [ 646.399814] ? __ia32_sys_mknod+0x120/0x120 [ 646.404227] ? trace_hardirqs_off_caller+0x6e/0x210 [ 646.409248] ? do_syscall_64+0x21/0x620 [ 646.413329] do_syscall_64+0xf9/0x620 [ 646.417220] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 646.422463] RIP: 0033:0x7fa76fb18b79 [ 646.426173] Code: Bad RIP value. [ 646.429518] RSP: 002b:00007fa76faa12f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 646.437276] RAX: ffffffffffffffda RBX: 00007fa76fb9a4b0 RCX: 00007fa76fb18b79 [ 646.444621] RDX: 0000000000000000 RSI: 0000000020004380 RDI: 00000000ffffff9c [ 646.452065] RBP: 00007fa76fb672d4 R08: 0000000000000000 R09: 0000000000000000 [ 646.459377] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 646.466709] R13: 64695f70756f7267 R14: 2f30656c69662f2e R15: 00007fa76fb9a4b8 [ 646.474036] [ 646.474036] Showing all locks held in the system: [ 646.480359] 1 lock held by khungtaskd/1571: [ 646.484850] #0: 0000000021e1c10e (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 [ 646.493529] 1 lock held by in:imklog/7804: [ 646.497781] #0: 0000000074d9429a (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 [ 646.505911] 2 locks held by syz-executor938/8082: [ 646.510767] #0: 00000000ee9434ce (&fc->killsb){.+.+}, at: fuse_dev_do_write+0x24c7/0x2bc0 [ 646.519369] #1: 000000005e29af3a (&type->i_mutex_dir_key#8){+.+.}, at: fuse_reverse_inval_entry+0xaa/0x660 [ 646.529348] 3 locks held by syz-executor938/8085: [ 646.534249] #0: 0000000099df943e (sb_writers#12){.+.+}, at: mnt_want_write+0x3a/0xb0 [ 646.542321] #1: 000000005e29af3a (&type->i_mutex_dir_key#7/1){+.+.}, at: filename_create+0x15a/0x490 [ 646.551713] #2: 000000004006c1e8 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 [ 646.559597] [ 646.561218] ============================================= [ 646.561218] [ 646.568302] NMI backtrace for cpu 1 [ 646.571923] CPU: 1 PID: 1571 Comm: khungtaskd Not tainted 4.19.211-syzkaller #0 [ 646.579358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 646.588698] Call Trace: [ 646.591279] dump_stack+0x1fc/0x2ef [ 646.594891] nmi_cpu_backtrace.cold+0x63/0xa2 [ 646.599370] ? lapic_can_unplug_cpu+0x80/0x80 [ 646.603844] nmi_trigger_cpumask_backtrace+0x1a6/0x1f0 [ 646.609103] watchdog+0x991/0xe60 [ 646.612540] ? reset_hung_task_detector+0x30/0x30 [ 646.617362] kthread+0x33f/0x460 [ 646.620708] ? kthread_park+0x180/0x180 [ 646.624663] ret_from_fork+0x24/0x30 [ 646.628465] Sending NMI from CPU 1 to CPUs 0: [ 646.633466] NMI backtrace for cpu 0 [ 646.633473] CPU: 0 PID: 4694 Comm: systemd-journal Not tainted 4.19.211-syzkaller #0 [ 646.633479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 646.633483] RIP: 0010:__bpf_prog_run32+0x0/0xd0 [ 646.633494] Code: 00 00 00 48 8b 8c 24 18 01 00 00 65 48 2b 0c 25 28 00 00 00 75 0c 48 81 c4 20 01 00 00 5b 5d 41 5c c3 e8 03 03 cb ff 0f 1f 00 <48> b8 00 00 00 00 00 fc ff df 41 54 49 89 fc 55 48 89 f5 53 48 81 [ 646.633498] RSP: 0018:ffff8880a0f57bb8 EFLAGS: 00000246 [ 646.633505] RAX: 1ffff9200035a406 RBX: ffff8880a10c76c0 RCX: ffffffff8162b98c [ 646.633510] RDX: 0000000000000000 RSI: ffffc90001ad2038 RDI: ffff8880a0f57e70 [ 646.633515] RBP: ffffc90001ad2000 R08: 0000000000000000 R09: 000000007fff0000 [ 646.633520] R10: 0000000000000004 R11: 0000000000000000 R12: dffffc0000000000 [ 646.633525] R13: 000000007fff0000 R14: 000000007fff0000 R15: 000000007fff0000 [ 646.633530] FS: 00007fbf760d48c0(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 [ 646.633535] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 646.633540] CR2: 00007fbf734a9000 CR3: 00000000a140c000 CR4: 00000000003406f0 [ 646.633545] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 646.633550] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 646.633552] Call Trace: [ 646.633556] seccomp_run_filters+0x124/0x590 [ 646.633560] ? __put_seccomp_filter+0xa0/0xa0 [ 646.633564] ? __add_preferred_console.constprop.0+0x1a0/0x1a0 [ 646.633567] __seccomp_filter+0x93/0xca0 [ 646.633571] ? seccomp_send_sigsys+0x1c0/0x1c0 [ 646.633575] ? __se_sys_copy_file_range+0x410/0x410 [ 646.633579] ? fsnotify_first_mark+0x200/0x200 [ 646.633582] ? fsnotify+0x84e/0xe10 [ 646.633585] ? mark_held_locks+0xf0/0xf0 [ 646.633589] ? fsnotify_first_mark+0x200/0x200 [ 646.633593] ? security_file_permission+0x1c0/0x220 [ 646.633596] __secure_computing+0xfc/0x360 [ 646.633600] syscall_trace_enter+0x563/0xd60 [ 646.633604] ? syscall_slow_exit_work+0x630/0x630 [ 646.633608] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 646.633612] ? trace_hardirqs_off_caller+0x6e/0x210 [ 646.633615] ? do_syscall_64+0x21/0x620 [ 646.633618] do_syscall_64+0x486/0x620 [ 646.633622] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 646.633626] RIP: 0033:0x7fbf7536cf17 [ 646.633636] Code: ff ff ff 48 8b 4d a0 0f b7 51 fe 48 8b 4d a8 66 89 54 08 fe e9 1a ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00 [ 646.633640] RSP: 002b:00007ffdf62ab8d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000027 [ 646.633649] RAX: ffffffffffffffda RBX: 0000562e06bf51e0 RCX: 00007fbf7536cf17 [ 646.633654] RDX: 00007ffdf62ab998 RSI: 0000000000000001 RDI: 0000562e06bf51e0 [ 646.633658] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 646.633663] R10: 0000000000000069 R11: 0000000000000202 R12: 00007ffdf62ab998 [ 646.633668] R13: 0000000000001256 R14: 00007ffdf62ae780 R15: 00007ffdf62abd90 [ 646.634025] Kernel panic - not syncing: hung_task: blocked tasks [ 646.917353] CPU: 1 PID: 1571 Comm: khungtaskd Not tainted 4.19.211-syzkaller #0 [ 646.924785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 646.934377] Call Trace: [ 646.936948] dump_stack+0x1fc/0x2ef [ 646.940558] panic+0x26a/0x50e [ 646.943732] ? __warn_printk+0xf3/0xf3 [ 646.947601] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 646.952684] ? cpumask_next+0x3c/0x40 [ 646.956469] ? printk_safe_flush+0xd6/0x120 [ 646.960772] ? watchdog+0x991/0xe60 [ 646.964378] ? nmi_trigger_cpumask_backtrace+0x15e/0x1f0 [ 646.969821] watchdog+0x9a2/0xe60 [ 646.973255] ? reset_hung_task_detector+0x30/0x30 [ 646.978093] kthread+0x33f/0x460 [ 646.981438] ? kthread_park+0x180/0x180 [ 646.985392] ret_from_fork+0x24/0x30 [ 646.989442] Kernel Offset: disabled [ 646.993058] Rebooting in 86400 seconds..